headers
Gunnar Wagenknecht | 3 Aug 11:19
Favicon
Gravatar

Re: Override/Extend Eclipse Class Loading

Ranganathan, Arun schrieb:
> Now, I need to integrate this CL with my Project. The issue is that all
> libraries, external jars etc are file oriented. In some posts I read
> that OSGI ClassLoading is different to URLClassLoading that I have done.
> Moreover I am not very conversant with OSGI.

Are you looking at the OSGi runtime or do you intend to provide
assistance at development time? For the latter you should look at
extending the Eclipse IDE by providing your own classpath container to
the JDT. This allows to define a library type which fetches the
classpath content from the database to a local temp directory and
attaches those to the project. This would be used by your projects at
development time.

-Gunnar

--

-- 
Gunnar Wagenknecht
gunnar@...
http://wagenknecht.org/
Permalink | Reply | 835 comments |
headers
Thomas Watson | 3 Aug 22:32
Picon
Favicon

Equinox tagged for Helios M1 build.

The map file has been updated for the following Bug changes:
+ Bug 280450. [DS] Should print errors to System.err if no log service is available (FIXED)
+ Bug 282142. [DS] Unclear warning in DS when a service component provides inexisting/unimplemented interface (FIXED)
+ Bug 282339. [DS] Huge log file if org.eclipse.equinox.log.jar is not started when trying to start a DS with a reference to an inexisting interface (FIXED)

The following projects have changed:
org.eclipse.equinox.ds
org.eclipse.equinox.supplement
org.eclipse.osgi

Tom

Permalink | Reply | 0 comments |
headers
Pierre Carlson | 4 Aug 01:32
Picon
Favicon

AUTO: Pierre Carlson/Austin/IBM is out of the office (returning 08/18/2009)

I am out of the office until 08/18/2009.

I am out of the office and will be unable to answer email. In my absense please contact Jim Robbins/Austin/IBM for XPD Client items, Ravi Ranjan8/India/IBM for XPD Toolkit items, or Steven King/Austin/IBM for other items.


Note: This is an automated response to your message "[equinox-dev] Equinox tagged for Helios M1 build." sent on 8/3/09 14:32:52.

This is the only notification you will receive while this person is away.

Permalink | Reply | 0 comments |
headers
Jeff McAffer | 4 Aug 19:32
Favicon
Gravatar

Fwd: [eclipse-pmc] Project proposal on application security

FYI, there is a security related thread starting on eclipse-pmc

Begin forwarded message:

Eclipse PMC,

My name is Arshan and I'd like Eclipse to enable developers to write more secure code. I'm working with the OWASP foundation and have elicited funds to accomplish the introduction of security into key points in the technology stack with security analysis of application server frameworks, vendor outreach programs, and more. I'm writing to ask you, however, about introducing security into your IDE (which happens to be my favorite IDE).

The IDE is a very effective place for security to go since it will necessarily catch problems earlier in the lifecycle than would
security checks in other places. There a host of issues the JDT can easily detect while developers are writing code, including:

    * Injection attacks (cross-site scripting, command injection, SQL injection, XPath/XML injection, etc.)
    * Information leakage
    * Cryptographic weakness
    * ...and many more!

While a 3rd party plugin could technically perform these checks, having them in the IDE would greatly legitimize security in developers' eyes, since most view security problems as theoretical or bothersome. And the momentum is growing; it's not just the banks that are taking application security seriously anymore - the world is starting recognize that applications are part of your security perimeter. In fact, we recently spoke at JavaOne about some specific security flaws the J2EE world is continually producing.
 
Other IDEs are getting into the game as well. Visual Studio invested in CAT.NET, a tool used to help MS developers find security problems and IBM recently bought Ounce, a static analysis tool for finding security flaws. I do penetration testing, code review and security research for a living. The problems are out there in staggering numbers, and its only getting worse. Frankly, developers will keep re-introducing problems as long as the IDE lets them.
 
I'm proposing we create an Eclipse sub-project or extend a piece of the existing Eclipse base to allow users to enable security guidance with customizable levels of interaction. As budget allows we are prepared to take on the necessary expenses for implementing these features, but the commitment to developing more secure code can only come from your organization.

We are very flexible on the logistical details and are mostly eager to start a conversation around application security and Eclipse.

Thanks for your time,

Arshan Dabirsiaghi
Director of R&D
Aspect Security
http://www.aspectsecurity.com
O: (301) 604-4882
C: (443) 791-5355

Project Lead
Intrinsic Security Working Group
Open Web Application Security Project (OWASP)
http://owasp.org

_______________________________________________
eclipse-pmc mailing list
eclipse-pmc-j9T/66MeVpFAfugRpC6u6w@public.gmane.org
https://dev.eclipse.org/mailman/listinfo/eclipse-pmc

Permalink | Reply | 0 comments |
headers
Thomas Watson | 4 Aug 21:17
Picon
Favicon

tagged equinox tests to remove performance regression comment for Helios M1

I tagged the equinox tests to remove the performance regression comment for the next M1 build. Projects tagged:

org.eclipse.osgi.tests

Tom

Permalink | Reply | 0 comments |
headers
John Arthorne | 5 Aug 22:40
Picon

Galileo SR1 end game approaching


According to the Galileo SR1 schedule [1], the first Galileo SR1 (3.5.1) release candidate is next week. This means our maintenance stream build this Friday (August 7) will be our RC1 contribution. This is really a warm-up build to ensure the release train process is working, but we need to make sure we have a working build input. Make sure you tag and release your maintenance stream fixes for this Friday's buid. Also there are over 90 bugs still open with a 3.5.1 target milestone, so we need to start reducing that number quickly as the endgame progresses.

[1] http://wiki.eclipse.org/Galileo#SR1
[2] http://tinyurl.com/eclipse351bugs
--
Permalink | Reply | 0 comments |
headers
Ranganathan, Arun | 6 Aug 13:31
Favicon

RE: Re: Override/Extend Eclipse Class Loading

Hi Gunnar,

I am looking at the design time assistance. I am pursuing the addition
of an 'External FileSystem' to the project class path at design time to
achieve my goal. There is not much documentation on this, but I am
making headway.

Cheers
arun

-----Original Message-----
From: equinox-dev-bounces@...
[mailto:equinox-dev-bounces@...] On Behalf Of Gunnar Wagenknecht
Sent: 03 August 2009 10:19
To: equinox-dev@...
Subject: [equinox-dev] Re: Override/Extend Eclipse Class Loading

Ranganathan, Arun schrieb:
> Now, I need to integrate this CL with my Project. The issue is that
all
> libraries, external jars etc are file oriented. In some posts I read
> that OSGI ClassLoading is different to URLClassLoading that I have
done.
> Moreover I am not very conversant with OSGI.

Are you looking at the OSGi runtime or do you intend to provide
assistance at development time? For the latter you should look at
extending the Eclipse IDE by providing your own classpath container to
the JDT. This allows to define a library type which fetches the
classpath content from the database to a local temp directory and
attaches those to the project. This would be used by your projects at
development time.

-Gunnar

-- 
Gunnar Wagenknecht
gunnar@...
http://wagenknecht.org/

_______________________________________________
equinox-dev mailing list
equinox-dev@...
https://dev.eclipse.org/mailman/listinfo/equinox-dev

No virus found in this incoming message.
Checked by AVG - www.avg.com 
Version: 8.5.392 / Virus Database: 270.13.43/2281 - Release Date:
08/04/09 05:57:00

"Misys" is the trade name for Misys plc (registered in England and Wales). Registration Number: 01360027.
Registered office: One Kingdom Street, London W2 6BL, United Kingdom. For a list of Misys group operating
companies please go to http://www.misys.com/corp/About_Us/misys_operating_companies.html. This
email and any attachments have been scanned for known viruses using multiple scanners. This email
message is intended for the named recipient only. It may be privileged and/or confidential. If you are not
the named recipient of this email please notify us immediately and do not copy it or use it for any purpose,
nor disclose its contents to any other person. This email does not constitute the commencement of legal
relations between you and Misys plc. Please refer to the executed contract between you and the relevant
member of the Misys group for the identity of the contracting party with which you are dealing.
Permalink | Reply | 0 comments |
headers
Thomas Watson | 6 Aug 23:56
Picon
Favicon

Equinox tagged for 3.5.1 RC1 build

The map file has been updated for the following Bug changes:
+ Bug 281075. Bundle-NativeCode can't work on Windows Server 2008/Windows 7 (FIXED)
+ Bug 285094. [DS] Tracing throws Null Pointer Exception (NPE) (FIXED)
+ Bug 285292. Trace fails to determine class/method/line number when using a tracing class (FIXED)
+ Bug 285464. [DS] dependency injection does not work when starting more than one instance of a service (FIXED)
+ Bug 285938. Upate org.osgi classes to latest v4.2 (FIXED)

The following projects have changed:
org.eclipse.equinox.ds
org.eclipse.osgi.tests
org.eclipse.osgi

Tom

Permalink | Reply | 0 comments |
headers
Thomas Watson | 11 Aug 00:31
Picon
Favicon

Equinox tagged for Helios integration build.

The map file has been updated for the following Bug changes:
+ Bug 258366. [registry] Extra memory used by the HashtableOfInt (FIXED)
+ Bug 260217. Installing a bundle by reference without having read permission to the file results in a confusing exception (FIXED)
+ Bug 277058. Nothing written to log if bundle could not be resolved due to missing dependencies (FIXED)
+ Bug 285094. [DS] Tracing throws Null Pointer Exception (NPE) (FIXED)
+ Bug 285464. [DS] dependency injection does not work when starting more than one instance of a service (FIXED)
+ Bug 285944. Update org.osgi classes to latest v4.2 (FIXED)

The following projects have changed:
org.eclipse.equinox.ds
org.eclipse.equinox.registry
org.eclipse.osgi

Tom

Permalink | Reply | 0 comments |
headers
Davanum Srinivas | 11 Aug 19:48
Picon
Gravatar

FilePermission with "<<ALL FILES>>" in permissions.perm

Folks,

In one of my bundles, when i try to grant permission for reading any files using

(java.io.FilePermission "<<ALL FILES>>" "read")

the Equinox security manager just throws an AccessControlException

java.security.AccessControlException: Access denied
(java.io.FilePermission /mnt/sda1/dims/test/test.jks read)
	at java.security.AccessControlContext.checkPermission(AccessControlContext.java:160)
	at org.eclipse.osgi.internal.permadmin.EquinoxSecurityManager.internalCheckPermission(EquinoxSecurityManager.java:117)
	at org.eclipse.osgi.internal.permadmin.EquinoxSecurityManager$CheckPermissionAction.run(EquinoxSecurityManager.java:60)
	at java.security.AccessController.doPrivileged(AccessController.java:202)
	at org.eclipse.osgi.internal.permadmin.EquinoxSecurityManager.checkPermission(EquinoxSecurityManager.java:88)
	at org.eclipse.osgi.internal.permadmin.EquinoxSecurityManager.checkPermission(EquinoxSecurityManager.java:187)
	at java.lang.SecurityManager.checkRead(SecurityManager.java:871)
	at java.io.File.exists(File.java:742)

if i specify the full path then it works fine.

(java.io.FilePermission "/mnt/sda1/dims/test/test.jks" "read")

Thoughts? Tips?

thanks in advance,
dims

--

-- 
Davanum Srinivas :: http://davanum.wordpress.com
Permalink | Reply | 2 comments |

Gmane