On 02/16/2011 04:00 PM, Richard S. Hall wrote:
> On 2/16/11 3:22, PostMasteR wrote:
>> On 02/16/2011 12:59 AM, Richard S. Hall wrote:
>>> On 2/15/11 5:19 PM, PostMasteR wrote:
>>>> Hi *,
>>>>
>>>> I just installed the latest Felix WebConsole to have a look inside the
>>>> OSGi stuff and what is possible to eventually make up additional tools
>>>> that might help during development of OSGi bundles.
>>>>
>>>> So, I noticed that some services are not (yet) available and I would
>>>> like to have some pointers to available implementations (if there are
>>>> any):
>>>>
>>>> * Permission Admin
>>>> * Conditional Permission Admin
>>>> * Wire Admin
>>>> * Log Service
>>> Since GlassFish just runs on top of an OSGi framework, you should just
>>> be able to install implementations of the services you want to use. The
>>> permission-related ones might be a little trickier, but technically they
>>> should work I believe.
>>>
>>> -> richard
>>>
>>>> Thanx for any hints,
>>>>
>>>> PMR
>> Thanx for the answer. As I am also looking forward to implement access
>> restrictions into our services and bundles I already looked at Felix to
>> see if there is any implementation available, but apparently I didn't
>> see any.
>>
>> Do you recommend some?
>
> You are referring to (Conditional) Permission Admin? If so, you need the
> Framework Security Provider bundle from Apache Felix.
>
Thanx for the hint, I just found it and it seems to be what I'm looking for.
>> In addition, is there a concept that allows me to limit access to a
>> service based on classes/packages/bundles it gets invoked from? I
>> already saw some example using the install location of a bundle, but
>> that's inappropriate if you use different installation techniques.
>
> You can prevent a bundle from using a service based on its location or
> bundle JAR signer by default. It is also possible for you to create your
> own conditions for which you can grant or deny permissions.
I just took another look inside the spec and found the ServicePermission
(Core R4.2 - 5.10.1) very useful, but I didn't see any mention of the
reverse direction that I would like to use.
The basic use case I have here is simply that I have some application
modules which itself are split up into several bundles, e.g.:
User module:
* API
* EJB impl
* JPA impl
* Client model
* WebService
1.) only the EJB Impl is allowed to consume the service exported by the
JPA impl bundle
2.) The JPA impl is not allowed to consume any of our application level
services (of course, it is the lowest level)
3.) The WebService is only allowed to consume the service exported by
the EJB impl bundle by using the interfaces from the API bundle and the
client model implementation classes from the "Client model" bundle
That are the basics that I would like to start with. I hope that such a
setup doesn't sound too strange. :)
>
> -> richard
>
>> Thanx
>>
>