Converting Java 2 security settings in an enterprise application to OSGi
When converting an enterprise archive (EAR) file to an enterprise bundle archive (EBA) file, you can have any Java™ 2 security settings converted automatically to OSGi, and then manually refine them to obtain the required OSGi security configuration.
In an enterprise application, the was.policy file defines Java 2 security permissions. In the
was.policy file, you declare fine-grained security settings by using
grant codeBase
statements to grant permissions to application components.
In an OSGi application, permissions that define application-level security are specified in a permissions.perm file in the META-INF directory of the OSGi application. However, you can, in addition to the application-level permissions.perm file, create a permissions.perm file in the OSGI-INF directory of each bundle, to define finer-grained bundle-level access control.
When your Java 2 security settings in the
was.policy are converted automatically, a permissions.perm
file is created for you in the META-INF directory of the OSGi application.
However, the automatic conversion process ignores grant codeBase
statements, so
that all the permissions in the was.policy file are copied to the
permissions.perm file as application-level permissions. Therefore, you should,
after conversion, review the permission settings in the permissions.perm file
and move permissions to bundle-specific permissions.perm files as
necessary.