You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@karaf.apache.org by "Jean-Baptiste Onofré (JIRA)" <ji...@apache.org> on 2013/10/22 05:17:43 UTC
[jira] [Resolved] (KARAF-2455) Role-based security for OSGi
Services
[ https://issues.apache.org/jira/browse/KARAF-2455?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Jean-Baptiste Onofré resolved KARAF-2455.
-----------------------------------------
Resolution: Fixed
> Role-based security for OSGi Services
> -------------------------------------
>
> Key: KARAF-2455
> URL: https://issues.apache.org/jira/browse/KARAF-2455
> Project: Karaf
> Issue Type: New Feature
> Components: karaf-osgi
> Reporter: David Bosschaert
> Assignee: Jean-Baptiste Onofré
> Fix For: 3.0.0
>
>
> Add a mechanism to Karaf by which OSGi services can be secured.
> It should check the (JAAS-provided) roles of the user associated with the current thread with the roles required to invoke the OSGi service.
> The service-roles should be configurable and should not require modification of the service code, although there might be a mechanism by which services provide information about the default roles required for invocation themselves (e.g. as an annotation).
> The current user's roles are obtained using standard JSE code that obtains the current Subject from the AccessControlContext as in:
> {code} AccessControlContext acc = AccessController.getContext();
> Subject subject = Subject.getSubject(acc);
> At this point you can get all the Principals from the subject, e.g. all the
> roles:
> Set<RolePrincipal> roles = subject.getPrincipals(RolePrincipal.class);
> {code}
> If the user doesn't have the required roles, the service invocation should not proceed and throw a SecurityException instead.
> For full discussion see: http://mail-archives.apache.org/mod_mbox/karaf-dev/201308.mbox/%3CCAMit8SpUqwPsMQE4S9DHsPrO7Y9D3RkV6goEZy6WK-jc78o%2Bow%40mail.gmail.com%3E
--
This message was sent by Atlassian JIRA
(v6.1#6144)