I sat in on Marcel Offermans’, Karl Pauls’ (both from luminis) tutorial titled “Building Secure OSGi Applications“. Marcel and Karl provided a good incremental discovery approach to the tutorial, starting with the pre-OSGi 4.0 way of managing permission and moving quickly into the state of the art. The take-away from this tutorial for me is that—if you need security in your OSGi application—ConditionalPermission
s and BundleSignerCondition
s are the starting point.
The basic idea is that you can specify a permission that says, “only grant permissions X, Y, and Z to any bundle that’s signed by so-and-so”. You can say, for example, that only your bundles (i.e. the ones signed by you) can write to the file system, or control who can import certain packages (I haven’t tried this last one, so I’m guessing that a relatively fine level of granularity is supported). There’s other kinds of conditions, including BundleLocationCondition
which lets you grant permissions (curiously enough) based on the location in the file system of the bundle. You can use this condition to match a bundle’s symbolic name, assuming that the standard of using the symbolic name as the bundle JAR’s name is followed. My intuition is that this isn’t as useful as conditions based on signers, but this may change as I spend more time looking at it.
At this point, it seems that permissions can only be specified programmatically. It seems to me that creating a bundle that lets you specify permissions declaratively shouldn’t be too much work. Marcel stated that he’s not aware of any open source projects currently looking at this.
The tutorial worked mostly from the command line (using Ant to build) which I found a little disturbing. Naturally, I got caught up in making it all work using the PDE and a launch configuration within Eclipse so that I could (easily) use the debugger (Marcel suggested that I just attach the debugger to the application invoked from the command-line). It was actually pretty easy to get this running using the PDE, but did require some reconfiguration of the provided example projects.
I’ll have to incorporate this into an example.