karaf-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "David Bosschaert (JIRA)" <j...@apache.org>
Subject [jira] [Created] (KARAF-2455) Role-based security for OSGi Services
Date Mon, 26 Aug 2013 09:12:51 GMT
David Bosschaert created KARAF-2455:

             Summary: Role-based security for OSGi Services
                 Key: KARAF-2455
                 URL: https://issues.apache.org/jira/browse/KARAF-2455
             Project: Karaf
          Issue Type: New Feature
          Components: karaf-osgi
            Reporter: David Bosschaert

Add a mechanism to Karaf by which OSGi services can be secured.
It should check the (JAAS-provided) roles of the user associated with the current thread with
the roles required to invoke the OSGi service. 
The service-roles should be configurable and should not required modification of the service
code, although there might be a mechanism by which services provide information about the
default roles required for invocation themselves (e.g. as an annotation). 

The current user's roles are obtained using standard JSE code that obtains the current Subject
from the AccessControlContext as in:
{code}  AccessControlContext acc = AccessController.getContext();
  Subject subject = Subject.getSubject(acc);
At this point you can get all the Principals from the subject, e.g. all the
  Set<RolePrincipal> roles = subject.getPrincipals(RolePrincipal.class);

If the user doesn't have the required roles, the service invocation should not proceed and
throw a SecurityException instead.

For full discussion see: http://mail-archives.apache.org/mod_mbox/karaf-dev/201308.mbox/%3CCAMit8SpUqwPsMQE4S9DHsPrO7Y9D3RkV6goEZy6WK-jc78o%2Bow%40mail.gmail.com%3E

This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira

View raw message