| = Apache Felix Framework Security |
| |
| The Felix Framework Security subproject is an implementation of the security part of the OSGi R4.2 core specification. |
| |
| == Installing |
| |
| Support for the OSGi R4.2 security specifications including `PermissionAdmin` and `ConditionalPermissionAdmin` is provided by the framework.security extension bundle. |
| The bundle provides both, the packages as well as the services when it is installed. |
| |
| All that needs to be done is to install the `org.apache.felix.framework.security` bundle into the framework. |
| |
| == Using security |
| |
| Besides installing the security bundle three properties should be specified: |
| |
| * `org.osgi.framework.security="osgi"` |
| * `java.security.policy=all.policy` |
| * `org.osgi.framework.trust.repositories=<list of keystores>` |
| |
| The first installs a security manager on framework init (which in combination with the installed security bundle enables security). |
| |
| The second points to a security policy file (`all.policy`) that gives all permission like so: |
| |
| grant { |
| permission java.security.AllPermission; |
| }; |
| |
| The third allows to specify a `File.pathSeparator` separated list of JKS keystores without a password. |
| The certificates found inside the keystores are the trusted root certificates of the framework (setting this property is optional). |
| |
| [source,console] |
| ------ |
| $ java -Djava.security.policy=all.policy -Dorg.osgi.framework.security="osgi" -jar bin/felix.jar |
| |
| Welcome to Felix |
| ================ |
| |
| -> install file:org.apache.felix.framework.security.jar |
| -> inspect s c 0 |
| System Bundle (0) provides services: |
| ------------------------------------ |
| objectClass = org.osgi.service.startlevel.StartLevel |
| service.id = 1 |
| ---- |
| objectClass = org.osgi.service.packageadmin.PackageAdmin |
| service.id = 2 |
| ---- |
| objectClass = org.osgi.service.permissionadmin.PermissionAdmin |
| service.id = 3 |
| ---- |
| objectClass = org.osgi.service.condpermadmin.ConditionalPermissionAdmin |
| service.id = 4 |
| ------ |