Some Eclipse Foundation services are deprecated, or will be soon. Please ensure you've read this important communication.

Bug 344276

Summary: As user I want to start virgo with security manager
Product: [RT] Virgo Reporter: Verginia Noeva <noeva.verginia>
Component: runtimeAssignee: Borislav Kapukaranov <b.kapukaranov>
Status: ASSIGNED --- QA Contact:
Severity: enhancement    
Priority: P3 CC: b.kapukaranov, conrad.nagy, glyn.normington, milesg78
Version: unspecified   
Target Milestone: ---   
Hardware: All   
OS: All   
Whiteboard:
Bug Depends on:    
Bug Blocks: 388823, 412012    
Attachments:
Description Flags
Patch of the changes made. none

Description Verginia Noeva CLA 2011-04-29 09:37:17 EDT 
Build Identifier: 

When I am using startup.bat/sh I want to have an option to run virgo with security manager.

Reproducible: Always
Comment 1 Verginia Noeva CLA 2011-06-13 10:51:20 EDT 
Created attachment 197892 [details]
Patch of the changes made.
Comment 2 Borislav Kapukaranov CLA 2012-10-30 08:35:24 EDT 
Having this is a useful feature and in the RT world users would appreciate it.

However we're not quite there yet. The patch proposed here is obsolete at this point. To run with a security manager we need to use the Equinox's security mechanisms, not the standard Java ones.

There are two core services that handle the permissions in the framework (ConditionalPermissionAdmin and PermissionAdmin). They are both registered at startup and take care of setting defaultly ALLPermission to all bundles in the unsecured case.
When the Equinox security manager is enabled they default to the same permission set but it can be configured dynamically with a user or server-provider implemented security agent.

The configuration happens by configuring on either location or signature criteria. I found the signature one much easier to configured but it has the downfall that you need to have signed platform bundles upfront to be able to recognise them from the user bundles. The location based configuration should be easier to use in that regard but it is hard to get the locations right.

In a nutshell this requires quite some effort understanding what's the right tweak, then wrapping it into the Virgo scripts and creating a Virgo default security agent. And a good documentation on how to extend and customize those.