modules/ROOT/pages/subprojects/apache-felix-framework-security.adoc - felix-antora-site - Git at Google

 = Apache Felix Framework Security

 The Felix Framework Security subproject is an implementation of the security part of the OSGi R4.2 core specification.

 == Installing

 Support for the OSGi R4.2 security specifications including `PermissionAdmin` and `ConditionalPermissionAdmin` is provided by the framework.security extension bundle.
 The bundle provides both, the packages as well as the services when it is installed.

 All that needs to be done is to install the `org.apache.felix.framework.security` bundle into the framework.

 == Using security

 Besides installing the security bundle three properties should be specified:

 * `org.osgi.framework.security="osgi"`
 * `java.security.policy=all.policy`
 * `org.osgi.framework.trust.repositories=<list of keystores>`

 The first installs a security manager on framework init (which in combination with the installed security bundle enables security).

 The second points to a security policy file (`all.policy`) that gives all permission like so:

  grant {
   permission java.security.AllPermission;
  };

 The third allows to specify a `File.pathSeparator` separated list of JKS keystores without a password.
 The certificates found inside the keystores are the trusted root certificates of the framework (setting this property is optional).

 [source,console]
 ------
 $ java -Djava.security.policy=all.policy -Dorg.osgi.framework.security="osgi" -jar bin/felix.jar

 Welcome to Felix
 ================

 -> install file:org.apache.felix.framework.security.jar
 -> inspect s c 0
 System Bundle (0) provides services:
 ------------------------------------
 objectClass = org.osgi.service.startlevel.StartLevel
 service.id = 1
 ----
 objectClass = org.osgi.service.packageadmin.PackageAdmin
 service.id = 2
 ----
 objectClass = org.osgi.service.permissionadmin.PermissionAdmin
 service.id = 3
 ----
 objectClass = org.osgi.service.condpermadmin.ConditionalPermissionAdmin
 service.id = 4
 ------
	= Apache Felix Framework Security

	The Felix Framework Security subproject is an implementation of the security part of the OSGi R4.2 core specification.

	== Installing

	Support for the OSGi R4.2 security specifications including `PermissionAdmin` and `ConditionalPermissionAdmin` is provided by the framework.security extension bundle.
	The bundle provides both, the packages as well as the services when it is installed.

	All that needs to be done is to install the `org.apache.felix.framework.security` bundle into the framework.

	== Using security

	Besides installing the security bundle three properties should be specified:

	* `org.osgi.framework.security="osgi"`
	* `java.security.policy=all.policy`
	* `org.osgi.framework.trust.repositories=<list of keystores>`

	The first installs a security manager on framework init (which in combination with the installed security bundle enables security).

	The second points to a security policy file (`all.policy`) that gives all permission like so:

	grant {
	permission java.security.AllPermission;
	};

	The third allows to specify a `File.pathSeparator` separated list of JKS keystores without a password.
	The certificates found inside the keystores are the trusted root certificates of the framework (setting this property is optional).

	[source,console]
	------
	$ java -Djava.security.policy=all.policy -Dorg.osgi.framework.security="osgi" -jar bin/felix.jar

	Welcome to Felix
	================

	-> install file:org.apache.felix.framework.security.jar
	-> inspect s c 0
	System Bundle (0) provides services:
	------------------------------------
	objectClass = org.osgi.service.startlevel.StartLevel
	service.id = 1
	----
	objectClass = org.osgi.service.packageadmin.PackageAdmin
	service.id = 2
	----
	objectClass = org.osgi.service.permissionadmin.PermissionAdmin
	service.id = 3
	----
	objectClass = org.osgi.service.condpermadmin.ConditionalPermissionAdmin
	service.id = 4
	------