Converting Java 2 security settings in an enterprise application to OSGi

When converting an enterprise archive (EAR) file to an enterprise bundle archive (EBA) file, you can have any Java™ 2 security settings converted automatically to OSGi, and then manually refine them to obtain the required OSGi security configuration.

In an enterprise application, the was.policy file defines Java 2 security permissions. In the was.policy file, you declare fine-grained security settings by using grant codeBase statements to grant permissions to application components.

In an OSGi application, permissions that define application-level security are specified in a permissions.perm file in the META-INF directory of the OSGi application. However, you can, in addition to the application-level permissions.perm file, create a permissions.perm file in the OSGI-INF directory of each bundle, to define finer-grained bundle-level access control.

When your Java 2 security settings in the was.policy are converted automatically, a permissions.perm file is created for you in the META-INF directory of the OSGi application. However, the automatic conversion process ignores grant codeBase statements, so that all the permissions in the was.policy file are copied to the permissions.perm file as application-level permissions. Therefore, you should, after conversion, review the permission settings in the permissions.perm file and move permissions to bundle-specific permissions.perm files as necessary.

To convert your Java 2 security settings to OSGi, complete the following steps:

Ensure you have completed the following conversion tasks, depending on the components of your EAR file:
- Change the file extension from .EAR to .EBA.
- Convert any web application archive (WAR) files to OSGi web application bundles.
- Convert any enterprise bean (EJB) Java archive (JAR) files to OSGi EJB bundles.
- Convert any utility JAR files to OSGi bundles.
- Convert any persistence archive files to OSGi bundles.
Import the EBA file as an asset. The Java 2 security settings are converted automatically during the import operation.
Export the EBA file to a location of your choice.
Open the permissions.perm file in the META-INF directory of the EBA file.
Review the permission settings in the permissions.perm file.
For those bundles that require bundle-specific permissions, create a permissions.perm file in the OSGI-INF directory of the bundle, and move the appropriate permissions to the newly-created file.
Update the previously imported EBA file with the modified EBA file.