Due to a ransomware attack, the wiki was reverted to a July 2022 version. . We apologize for the lack of a more recent valid backup.
Work-in-progress.
- Enable OSGi/Java System Security
Step 1: KARAF-3400 temporary fix for Karaf version 3.0.3
Some versions of Apache Karaf do not support OSGi/Java security feature (KARAF-3400: https://issues.apache.org/jira/browse/KARAF-3400)
It looks like the cause of this issue is Felix Config Admin version 1.8.
Hence, install Felix Config Admin version 1.6.
$> wget http://archive.apache.org/dist/felix/org.apache.felix.configadmin-1.6.0.jar
$> mv org.apache.felix.configadmin-1.6.0.jar $KARAF_HOME/system/org/apache/felix/org.apache.felix.configadmin/1.6.0
modify karaf configuration to load Felix Config Admin version 1.6.
$KARAF_HOME/etc/startup.properties
mvn\:org.apache.felix/org.apache.felix.configadmin/1.6.0 = 10
Step 2: Install ONOS version of Felix Framework Security
In order to enable some key features of Security-Mode ONOS, we’ve slightly modified the source code of Felix Framework Security.
Fetch the code via Git and install it.
$ git clone https://gerrit.onosproject.org/onos-felix
$ cd onos-felix/framework.security
$ git checkout onos
$ mvn clean install
Step 3: Configure Karaf to enable OSGi/Java Security
Edit karaf/etc/system.properties
Uncomment the following two lines as shown
#
# By default, only Karaf shell commands are secured, but additional services can be
#
# To enable OSGi security, uncomment the properties below,
# install the framework-security feature and restart.
#
java.security.policy=${karaf.etc}/all.policy
org.osgi.framework.security=osgi
org.osgi.framework.trust.repositories=${karaf.etc}/trustStore.ks
- Enable Security-Mode ONOS
Edit ~/Applications/apache-karaf-3.0.3/etc/org.apache.karaf.features.cfg
featuresBoot = onos-security,…
- Policy File
Security-Mode ONOS leverages application subsystem(link) existing app.xml to specify security policy for each ONOS application.
- Permission Negotiation
- Future Work