Converting Java 2 security settings in an enterprise application to OSGi
When converting an EAR file to an enterprise bundle archive (EBA) file, we can have any Java 2 security settings converted automatically to OSGi, and then manually refine them to obtain the required OSGi security configuration.
In an enterprise application, the was.policy file defines Java 2 security permissions. In the was.policy file, you declare fine-grained security settings using grant codeBase statements to grant permissions to application components.
In an OSGi application, permissions that define application-level security are specified in a permissions.perm file in the META-INF directory of the OSGi application. However, we can, in addition to the application-level permissions.perm file, create a permissions.perm file in the OSGI-INF directory of each bundle, to define finer-grained bundle-level access control.
When wer Java 2 security settings in the was.policy are converted automatically, a permissions.perm file is created for you in the META-INF directory of the OSGi application. However, the automatic conversion process ignores grant codeBase statements, so that all the permissions in the was.policy file are copied to the permissions.perm file as application-level permissions. Therefore, we should, after conversion, review the permission settings in the permissions.perm file and move permissions to bundle-specific permissions.perm files as necessary.
To convert our Java 2 security settings to OSGi:
- Ensure we have completed the following conversion tasks, depending on the components of our EAR file:
- Change the file extension from .EAR to .EBA.
- Convert any web application archive (WAR) files to OSGi web application bundles.
- Convert any enterprise bean (EJB) JAR files to OSGi EJB bundles.
- Convert any utility JAR files to OSGi bundles.
- Convert any persistence archive files to OSGi bundles.
- Import the EBA file as an asset. The Java 2 security settings are converted automatically during the import operation.
- Export the EBA file to a location of our choice.
- Open the permissions.perm file in the META-INF directory of the EBA file.
- Review the permission settings in the permissions.perm file.
- For those bundles that require bundle-specific permissions, create a permissions.perm file in the OSGI-INF directory of the bundle, and move the appropriate permissions to the newly-created file.
- Update the previously imported EBA file with the modified EBA file.
Related:
Java 2 security and OSGi Applications Java 2 security Import assets Export assets Update assets Converting a web application archive file to an OSGi web application bundle Converting an EJB JAR file to an OSGi EJB bundle Converting a utility JAR file to an OSGi bundle Converting a persistence archive file to an OSGi bundle
File name: was1525.html
prettyPrint();