Apache
Home » Documentation

Apache Felix Framework Security

The Felix Framework Security subproject is an implementation of the security part of the OSGi R4.2 core specification.

Installing

Support for the OSGi R4.2 security specifications including PermissionAdmin and ConditionalPermissionAdmin is provided by the framework.security extension bundle. The bundle provides both, the packages as well as the services when it is installed.

All that needs to be done is to install the org.apache.felix.framework.security bundle into the framework.

Using security

Besides installing the security bundle three properties should be specified:

The first installs a security manager on framework init (which in combination with the installed security bundle enables security).

The second points to a security policy file (all.policy) that gives all permission like so:

grant {
 permission java.security.AllPermission;
};

The third allows to specify a File.pathSeparator separated list of JKS keystores without a password. The certificates found inside the keystores are the trusted root certificates of the framework (setting this property is optional).

$ java -Djava.security.policy=all.policy -Dorg.osgi.framework.security="osgi" -jar bin/felix.jar

Welcome to Felix
================

-> install file:org.apache.felix.framework.security.jar
-> inspect s c 0
System Bundle (0) provides services:
------------------------------------
objectClass = org.osgi.service.startlevel.StartLevel
service.id = 1
----
objectClass = org.osgi.service.packageadmin.PackageAdmin
service.id = 2
----
objectClass = org.osgi.service.permissionadmin.PermissionAdmin
service.id = 3
----
objectClass = org.osgi.service.condpermadmin.ConditionalPermissionAdmin
service.id = 4
Rev. 1725495 by pauls on Tue, 19 Jan 2016 12:35:53 +0000
Apache Felix, Felix, Apache, the Apache feather logo, and the Apache Felix project logo are trademarks of The Apache Software Foundation. All other marks mentioned may be trademarks or registered trademarks of their respective owners.