Uploaded image for project: 'Karaf'
  1. Karaf
  2. KARAF-3400

Enabling Java System Security and OSGi security leaves Karaf in unusable state

    XMLWordPrintableJSON

Details

    • Bug
    • Status: Resolved
    • Major
    • Resolution: Fixed
    • 3.0.2, 4.0.0.M1
    • 4.1.0, 4.0.8
    • karaf
    • None

    Description

      It seems to boil down to the new functionalities of OSGi, like Bundle Adapt fails with the default security configuration 

      java.security.AccessControlException: access denied ("org.osgi.framework.AdaptPermission" "org.osgi.framework.wiring.BundleRevision" "adapt")
	at java.security.AccessControlContext.checkPermission(AccessControlContext.java:372)
	at org.eclipse.osgi.internal.permadmin.EquinoxSecurityManager.internalCheckPermission(EquinoxSecurityManager.java:117)
	at org.eclipse.osgi.internal.permadmin.EquinoxSecurityManager$CheckPermissionAction.run(EquinoxSecurityManager.java:60)
	at java.security.AccessController.doPrivileged(Native Method)

      Just switch framework to equinox and enable the security params in etc/system.properties

      #
# By default, only Karaf shell commands are secured, but additional services can be
#
# To enable OSGi security, uncomment the properties below,
# install the framework-security feature and restart.
#
java.security.policy=${karaf.etc}/all.policy
org.osgi.framework.security=osgi
org.osgi.framework.trust.repositories=${karaf.etc}/trustStore.ks

      This also happens with Felix but needs the additional Felix.Security bundle to be installed.

      Attachments

        Issue Links

          depends upon

          Dependency upgrade - Upgrading a dependency to a newer version KARAF-4405 Upgrade to Felix Framework 5.6.1

          • Major - Major loss of function.
          • Resolved

          Dependency upgrade - Upgrading a dependency to a newer version KARAF-4812 Upgrade to Felix ConfigAdmin 1.8.12

          • Major - Major loss of function.
          • Resolved
          is blocked by

          Bug - A problem which impairs or prevents the functions of the product. FELIX-5148 Framework Security unusable

          • Major - Major loss of function.
          • Closed
          relates to

          Dependency upgrade - Upgrading a dependency to a newer version KARAF-4790 Upgrade to felix framework security 2.6.0

          • Major - Major loss of function.
          • Resolved
          requires

          Bug - A problem which impairs or prevents the functions of the product. FELIX-5384 EventDispatcher#createWhitelistFromHooks fails under security

          • Major - Major loss of function.
          • Resolved

          Bug - A problem which impairs or prevents the functions of the product. FELIX-5385 ConfigAdmin uses wrong security when calling ManagedServices

          • Major - Major loss of function.
          • Closed

          Activity

            People

              gnodet Guillaume Nodet
              achim_nierbeck Achim Nierbeck
              Votes:
              3 Vote for this issue
              Watchers:
              9 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: