Apache Felix Framework Security

The Felix Framework Security subproject is an implementation of the security part of the OSGi R4.2 core specification.

Installing¶

Support for the OSGi R4.2 security specifications including PermissionAdmin and ConditionalPermissionAdmin is provided by the framework.security extension bundle. The bundle provides both, the packages as well as the services when it is installed.

All that needs to be done is to install the org.apache.felix.framework.security bundle into the framework.

Using security¶

Besides installing the security bundle three properties should be specified:

• org.osgi.framework.security="osgi"
• java.security.policy=all.policy
• org.osgi.framework.trust.repositories=<list of keystores>

The first installs a security manager on framework init (which in combination with the installed security bundle enables security).

The second points to a security policy file (all.policy) that gives all permission like so:

grant {
 permission java.security.AllPermission;
};

The third allows to specify a File.pathSeparator separated list of JKS keystores without a password. The certificates found inside the keystores are the trusted root certificates of the framework (setting this property is optional).

$ java -Djava.security.policy=all.policy -Dorg.osgi.framework.security="osgi" -jar bin/felix.jar

Welcome to Felix
================

-> install file:org.apache.felix.framework.security.jar
-> inspect s c 0
System Bundle (0) provides services:
------------------------------------
objectClass = org.osgi.service.startlevel.StartLevel
service.id = 1
----
objectClass = org.osgi.service.packageadmin.PackageAdmin
service.id = 2
----
objectClass = org.osgi.service.permissionadmin.PermissionAdmin
service.id = 3
----
objectClass = org.osgi.service.condpermadmin.ConditionalPermissionAdmin
service.id = 4