Uploaded image for project: 'Log4j 2'
  1. Log4j 2
  2. LOG4J2-348

Java2 Security for OSGi Bundles

    XMLWordPrintableJSON

    Details

      Description

      OSGi defines permissions for bundles. Bundles should have only those permissions that they need to function. This is very easy to implement. Just add a directory OSGI-INF in the jar and include the file permissions.perm.

      Here are some examples
      (org.osgi.framework.PackagePermission "package name" "import")
      (org.osgi.framework.PackagePermission "package name" "export")
      (org.osgi.framework.BundlePermission "groupID.artifactID of Host" "host");
      (org.osgi.framework.ServicePermission "class name" "get")
      (org.osgi.framework.ServicePermission "class name" "register")
      (org.osgi.framework.ConfigurationPermission * "configure")
      (org.osgi.framework.AdminPermission * "metadata")

      pom

      ...
      <build>
      <resources>
      <resource>
      <directory>OSGI-INF/</directory>
      <filtering>true</filtering>
      <includes>
      <include>permissions.perm</include>
      </includes>
      </resource>
      </resources>
      <plugins>
      <plugin>
      <groupId>org.apache.felix</groupId>
      <artifactId>maven-bundle-plugin</artifactId>
      ...
      <configuration>
      ...
      <instructions>
      ...
      <Include-Resource>

      {maven-resources}

      ,
      OSGI-INF/=OSGI-INF/
      </Include-Resource>
      ...
      </instructions>
      ...
      </configuration>
      ...
      </plugin>
      ...

        Attachments

          Activity

            People

            • Assignee:
              mattsicker Matt Sicker
              Reporter:
              rol Roland Weiglhofer
            • Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

              Dates

              • Created:
                Updated: