Appendix B. Security Integration

Since 1.2.0, Spring DM integrates with Java 2 security. Namely Spring DM uses privileged blocks for executing security sensitive operations using its own permissions.

Being a framework, Spring DM needs to introspect bundles to determine their content and configuration. In general, it is recommended to grant to Spring DM bundles. For those that would like to restrict the properties, below you can find a list of permissions that are needed for Spring DM to work properly. However, we strongly recommend to test whether the permissions are needed or not for your environment since the minimum number depends heavily on what parts of the framework are used.

Table B.1. Spring DM Permission Table

PermissionTargetActionUsage, <<ALL FILES>> recommendedread/writeRequired by the logging system and web extender for installing the wars and JSP taglibs
java.lang.RuntimePermission*accessDeclaredMembersUsed in some cases for reflection (such as accessing the BundleContext from a given Bundle (on R4.0 platforms).
java.lang.reflect.ReflectPermission*suppressAccessChecksUsed for accessing (through reflection) non-public methods or fields internally.
java.util.PropertyPermission*read,writeIn use by the testing framework mainy. Useful for reading the environment, including OSGi properties.
org.osgi.framework.AdminPermission*class, execute, listener, metadata, resolve, resourceUsed by the extender to listen read the content of started bundles.
org.osgi.framework.BundlePermission*HOSTUseful when attaching a custom configuration (as fragment) to the extender/web extender.
org.osgi.framework.PackagePermission*EXPORT, IMPORTBasic permission used for importing and exporting the Spring DM bundles content.
org.osgi.framework.ServicePermission*get,registerUsed for publishing and lookup of Spring DM internal services (such as the Spring namespace handlers/resolvers).

As a general recommendation, for security sensible environments, to determine the minimum number of permissions start with a basic set of bundles and no permissions. This way, on each run, one can find out what permissions are needed and by whom and tweak the system accordingly.