import java.security.AllPermission;
import java.util.PropertyPermission;
-import javax.management.MBeanPermission;
-import javax.management.MBeanServerPermission;
-import javax.management.MBeanTrustPermission;
import javax.security.auth.AuthPermission;
import org.osgi.framework.AdminPermission;
import org.osgi.service.condpermadmin.ConditionalPermissionAdmin;
import org.osgi.service.condpermadmin.ConditionalPermissionInfo;
import org.osgi.service.condpermadmin.ConditionalPermissionUpdate;
+import org.osgi.service.permissionadmin.PermissionAdmin;
import org.osgi.service.permissionadmin.PermissionInfo;
-import bitronix.tm.BitronixTransactionManager;
-
+/** Security profile based on OSGi {@link PermissionAdmin}. */
public interface SecurityProfile {
BundleContext bc = FrameworkUtil.getBundle(SecurityProfile.class).getBundleContext();
// ConditionalPermissionInfo.ALLOW));
// Bitronix
- update.getConditionalPermissionInfos().add(permissionAdmin.newConditionalPermissionInfo(null,
- new ConditionInfo[] { new ConditionInfo(BundleLocationCondition.class.getName(),
- new String[] { locate(BitronixTransactionManager.class) }) },
- new PermissionInfo[] { new PermissionInfo(PropertyPermission.class.getName(), "bitronix.tm.*", "read"),
- new PermissionInfo(RuntimePermission.class.getName(), "getClassLoader", null),
- new PermissionInfo(MBeanServerPermission.class.getName(), "createMBeanServer", null),
- new PermissionInfo(MBeanPermission.class.getName(), "bitronix.tm.*", "registerMBean"),
- new PermissionInfo(MBeanTrustPermission.class.getName(), "register", null) },
- ConditionalPermissionInfo.ALLOW));
+// update.getConditionalPermissionInfos().add(permissionAdmin.newConditionalPermissionInfo(null,
+// new ConditionInfo[] { new ConditionInfo(BundleLocationCondition.class.getName(),
+// new String[] { locate(BitronixTransactionManager.class) }) },
+// new PermissionInfo[] { new PermissionInfo(PropertyPermission.class.getName(), "bitronix.tm.*", "read"),
+// new PermissionInfo(RuntimePermission.class.getName(), "getClassLoader", null),
+// new PermissionInfo(MBeanServerPermission.class.getName(), "createMBeanServer", null),
+// new PermissionInfo(MBeanPermission.class.getName(), "bitronix.tm.*", "registerMBean"),
+// new PermissionInfo(MBeanTrustPermission.class.getName(), "register", null) },
+// ConditionalPermissionInfo.ALLOW));
// DS
Bundle dsBundle = findBundle("org.eclipse.equinox.ds");
ConditionalPermissionInfo.ALLOW));
// Jetty
- Bundle jettyUtilBundle = findBundle("org.eclipse.equinox.http.jetty");
+ // Bundle jettyUtilBundle = findBundle("org.eclipse.equinox.http.jetty");
update.getConditionalPermissionInfos().add(permissionAdmin.newConditionalPermissionInfo(null,
new ConditionInfo[] { new ConditionInfo(BundleLocationCondition.class.getName(),
new String[] { "*/org.eclipse.jetty.*" }) },
ConditionalPermissionInfo.ALLOW));
// Blueprint
- Bundle blueprintBundle = findBundle("org.eclipse.gemini.blueprint.core");
- update.getConditionalPermissionInfos()
- .add(permissionAdmin.newConditionalPermissionInfo(null,
- new ConditionInfo[] { new ConditionInfo(BundleLocationCondition.class.getName(),
- new String[] { blueprintBundle.getLocation() }) },
- new PermissionInfo[] { new PermissionInfo(RuntimePermission.class.getName(), "*", null),
- new PermissionInfo(AdminPermission.class.getName(), "*", "*"), },
- ConditionalPermissionInfo.ALLOW));
- Bundle blueprintExtenderBundle = findBundle("org.eclipse.gemini.blueprint.extender");
- update.getConditionalPermissionInfos()
- .add(permissionAdmin
- .newConditionalPermissionInfo(null,
- new ConditionInfo[] { new ConditionInfo(BundleLocationCondition.class.getName(),
- new String[] { blueprintExtenderBundle.getLocation() }) },
- new PermissionInfo[] { new PermissionInfo(RuntimePermission.class.getName(), "*", null),
- new PermissionInfo(PropertyPermission.class.getName(), "org.eclipse.gemini.*",
- "read"),
- new PermissionInfo(AdminPermission.class.getName(), "*", "*"),
- new PermissionInfo(ServicePermission.class.getName(), "*", "register"), },
- ConditionalPermissionInfo.ALLOW));
- Bundle springCoreBundle = findBundle("org.springframework.core");
- update.getConditionalPermissionInfos()
- .add(permissionAdmin.newConditionalPermissionInfo(null,
- new ConditionInfo[] { new ConditionInfo(BundleLocationCondition.class.getName(),
- new String[] { springCoreBundle.getLocation() }) },
- new PermissionInfo[] { new PermissionInfo(RuntimePermission.class.getName(), "*", null),
- new PermissionInfo(AdminPermission.class.getName(), "*", "*"), },
- ConditionalPermissionInfo.ALLOW));
- Bundle blueprintIoBundle = findBundle("org.eclipse.gemini.blueprint.io");
- update.getConditionalPermissionInfos()
- .add(permissionAdmin.newConditionalPermissionInfo(null,
- new ConditionInfo[] { new ConditionInfo(BundleLocationCondition.class.getName(),
- new String[] { blueprintIoBundle.getLocation() }) },
- new PermissionInfo[] { new PermissionInfo(RuntimePermission.class.getName(), "*", null),
- new PermissionInfo(AdminPermission.class.getName(), "*", "*"), },
- ConditionalPermissionInfo.ALLOW));
+// Bundle blueprintBundle = findBundle("org.eclipse.gemini.blueprint.core");
+// update.getConditionalPermissionInfos()
+// .add(permissionAdmin.newConditionalPermissionInfo(null,
+// new ConditionInfo[] { new ConditionInfo(BundleLocationCondition.class.getName(),
+// new String[] { blueprintBundle.getLocation() }) },
+// new PermissionInfo[] { new PermissionInfo(RuntimePermission.class.getName(), "*", null),
+// new PermissionInfo(AdminPermission.class.getName(), "*", "*"), },
+// ConditionalPermissionInfo.ALLOW));
+// Bundle blueprintExtenderBundle = findBundle("org.eclipse.gemini.blueprint.extender");
+// update.getConditionalPermissionInfos()
+// .add(permissionAdmin
+// .newConditionalPermissionInfo(null,
+// new ConditionInfo[] { new ConditionInfo(BundleLocationCondition.class.getName(),
+// new String[] { blueprintExtenderBundle.getLocation() }) },
+// new PermissionInfo[] { new PermissionInfo(RuntimePermission.class.getName(), "*", null),
+// new PermissionInfo(PropertyPermission.class.getName(), "org.eclipse.gemini.*",
+// "read"),
+// new PermissionInfo(AdminPermission.class.getName(), "*", "*"),
+// new PermissionInfo(ServicePermission.class.getName(), "*", "register"), },
+// ConditionalPermissionInfo.ALLOW));
+// Bundle springCoreBundle = findBundle("org.springframework.core");
+// update.getConditionalPermissionInfos()
+// .add(permissionAdmin.newConditionalPermissionInfo(null,
+// new ConditionInfo[] { new ConditionInfo(BundleLocationCondition.class.getName(),
+// new String[] { springCoreBundle.getLocation() }) },
+// new PermissionInfo[] { new PermissionInfo(RuntimePermission.class.getName(), "*", null),
+// new PermissionInfo(AdminPermission.class.getName(), "*", "*"), },
+// ConditionalPermissionInfo.ALLOW));
+// Bundle blueprintIoBundle = findBundle("org.eclipse.gemini.blueprint.io");
+// update.getConditionalPermissionInfos()
+// .add(permissionAdmin.newConditionalPermissionInfo(null,
+// new ConditionInfo[] { new ConditionInfo(BundleLocationCondition.class.getName(),
+// new String[] { blueprintIoBundle.getLocation() }) },
+// new PermissionInfo[] { new PermissionInfo(RuntimePermission.class.getName(), "*", null),
+// new PermissionInfo(AdminPermission.class.getName(), "*", "*"), },
+// ConditionalPermissionInfo.ALLOW));
// Equinox
Bundle registryBundle = findBundle("org.eclipse.equinox.registry");
new PermissionInfo(AdminPermission.class.getName(), "*", "*") },
ConditionalPermissionInfo.ALLOW));
Bundle luceneBundle = findBundle("org.apache.lucene");
- update.getConditionalPermissionInfos()
- .add(permissionAdmin.newConditionalPermissionInfo(null,
- new ConditionInfo[] { new ConditionInfo(BundleLocationCondition.class.getName(),
- new String[] { luceneBundle.getLocation() }) },
- new PermissionInfo[] {
- new PermissionInfo(FilePermission.class.getName(), "<<ALL FILES>>",
- "read,write,delete"),
- new PermissionInfo(PropertyPermission.class.getName(), "*", "read"),
- new PermissionInfo(AdminPermission.class.getName(), "*", "*") },
- ConditionalPermissionInfo.ALLOW));
+ update.getConditionalPermissionInfos().add(permissionAdmin.newConditionalPermissionInfo(null,
+ new ConditionInfo[] { new ConditionInfo(BundleLocationCondition.class.getName(),
+ new String[] { luceneBundle.getLocation() }) },
+ new PermissionInfo[] {
+ new PermissionInfo(FilePermission.class.getName(), "<<ALL FILES>>", "read,write,delete"),
+ new PermissionInfo(PropertyPermission.class.getName(), "*", "read"),
+ new PermissionInfo(AdminPermission.class.getName(), "*", "*") },
+ ConditionalPermissionInfo.ALLOW));
// COMMIT
update.commit();