| <?xml version="1.0" encoding="UTF-8"?> |
| <!DOCTYPE preface PUBLIC "-//OASIS//DTD DocBook XML V4.4//EN" |
| "http://www.oasis-open.org/docbook/xml/4.4/docbookx.dtd"> |
| <appendix id="appendix-security"> |
| <title>Security Integration</title> |
| |
| <para>Since Spring DM 1.2.0, Gemini Blueprint integrates with Java 2 <link linkend="http://java.sun.com/j2se/1.4.2/docs/guide/security/spec/security-spec.doc.html">security</link>. |
| Namely Gemini Blueprint uses <link linkend="http://java.sun.com/j2se/1.4.2/docs/guide/security/doprivileged.html">privileged blocks</link> for executing security |
| sensitive operations using its own permissions. |
| </para> |
| |
| <para>Being a framework, Gemini Blueprint needs to introspect bundles to determine their content and configuration. In general, it is recommended to grant |
| <classname>java.security.AllPermission</classname> to Gemini Blueprint bundles. For those that would like to restrict the properties, below you can find a list |
| of permissions that are needed for Gemini Blueprint to work properly. However, we <emphasis>strongly</emphasis> recommend to test whether the permissions are needed or |
| not for your environment since the minimum number depends heavily on what parts of the framework are used. |
| </para> |
| |
| <table id="spring-dm-permission-table" pgwide="1"> |
| <title>Gemini Blueprint Permission Table</title> |
| |
| <tgroup cols="4"> |
| <colspec colname="c1" colwidth="1*"/> |
| <colspec colname="c2" colwidth="1*"/> |
| <colspec colname="c3" colwidth="1*"/> |
| <colspec colname="c4" colwidth="4*"/> |
| <spanspec spanname="values" namest="c2" nameend="c3" align="center"/> |
| <thead> |
| <row> |
| <entry>Permission</entry> |
| <entry>Target</entry> |
| <entry>Action</entry> |
| <entry>Usage</entry> |
| </row> |
| </thead> |
| |
| <tbody> |
| <row> |
| <entry><classname>java.io.FilePermission</classname></entry> |
| <entry><emphasis>depends</emphasis>, <![CDATA[<<ALL FILES>>]]> recommended</entry> |
| <entry>read/write</entry> |
| <entry>Required by the logging system and web extender for installing the wars and JSP taglibs</entry> |
| </row> |
| <row> |
| <entry><classname>java.lang.RuntimePermission</classname></entry> |
| <entry>*</entry> |
| <entry>accessDeclaredMembers</entry> |
| <entry>Used in some cases for reflection (such as accessing the <interfacename>BundleContext</interfacename> from a |
| given <interfacename>Bundle</interfacename> (on R4.0 platforms).</entry> |
| </row> |
| <row> |
| <entry><classname>java.lang.reflect.ReflectPermission</classname></entry> |
| <entry>*</entry> |
| <entry>suppressAccessChecks</entry> |
| <entry>Used for accessing (through reflection) non-public methods or fields internally.</entry> |
| </row> |
| <row> |
| <entry><classname>java.util.PropertyPermission</classname></entry> |
| <entry>*</entry> |
| <entry>read,write</entry> |
| <entry>In use by the testing framework mainy. Useful for reading the environment, including OSGi properties.</entry> |
| </row> |
| <row> |
| <entry><classname>org.osgi.framework.AdminPermission</classname></entry> |
| <entry>*</entry> |
| <entry>class, execute, listener, metadata, resolve, resource</entry> |
| <entry>Used by the extender to listen read the content of started bundles.</entry> |
| </row> |
| <row> |
| <entry><classname>org.osgi.framework.BundlePermission</classname></entry> |
| <entry>*</entry> |
| <entry>HOST</entry> |
| <entry>Useful when attaching a custom configuration (as fragment) to the extender/web extender.</entry> |
| </row> |
| <row> |
| <entry><classname>org.osgi.framework.PackagePermission</classname></entry> |
| <entry>*</entry> |
| <entry>EXPORT, IMPORT</entry> |
| <entry>Basic permission used for importing and exporting the Gemini Blueprint bundles content.</entry> |
| </row> |
| <row> |
| <entry><classname>org.osgi.framework.ServicePermission</classname></entry> |
| <entry>*</entry> |
| <entry>get,register</entry> |
| <entry>Used for publishing and lookup of Gemini Blueprint internal services (such as the Spring namespace handlers/resolvers).</entry> |
| </row> |
| </tbody> |
| </tgroup> |
| </table> |
| |
| <para>Note that as of Gemini Blueprint 1.0, the extender will use the target bundle permissions for all actions executed on its behalf. That is, loading of |
| classes, publishing the services, importing packages or the method invocations are executed using the bundle credentials just as if the user bundle |
| would </para> |
| |
| <para>As a general recommendation, for security sensible environments, to determine the minimum number of permissions start with a basic set of bundles |
| and no permissions. This way, on each run, one can find out what permissions are needed and by whom and tweak the system accordingly.</para> |
| </appendix> |