karaf-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Jean-Baptiste Onofré (JIRA) <j...@apache.org>
Subject [jira] [Updated] (KARAF-2455) Role-based security for OSGi Services
Date Wed, 09 Oct 2013 11:20:43 GMT

     [ https://issues.apache.org/jira/browse/KARAF-2455?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]

Jean-Baptiste Onofré updated KARAF-2455:
----------------------------------------

    Fix Version/s: 3.0.0

> Role-based security for OSGi Services
> -------------------------------------
>
>                 Key: KARAF-2455
>                 URL: https://issues.apache.org/jira/browse/KARAF-2455
>             Project: Karaf
>          Issue Type: New Feature
>          Components: karaf-osgi
>            Reporter: David Bosschaert
>            Assignee: Jean-Baptiste Onofré
>             Fix For: 3.0.0
>
>
> Add a mechanism to Karaf by which OSGi services can be secured.
> It should check the (JAAS-provided) roles of the user associated with the current thread
with the roles required to invoke the OSGi service. 
> The service-roles should be configurable and should not require modification of the service
code, although there might be a mechanism by which services provide information about the
default roles required for invocation themselves (e.g. as an annotation). 
> The current user's roles are obtained using standard JSE code that obtains the current
Subject from the AccessControlContext as in:
> {code}  AccessControlContext acc = AccessController.getContext();
>   Subject subject = Subject.getSubject(acc);
> At this point you can get all the Principals from the subject, e.g. all the
> roles:
>   Set<RolePrincipal> roles = subject.getPrincipals(RolePrincipal.class);
> {code}
> If the user doesn't have the required roles, the service invocation should not proceed
and throw a SecurityException instead.
> For full discussion see: http://mail-archives.apache.org/mod_mbox/karaf-dev/201308.mbox/%3CCAMit8SpUqwPsMQE4S9DHsPrO7Y9D3RkV6goEZy6WK-jc78o%2Bow%40mail.gmail.com%3E



--
This message was sent by Atlassian JIRA
(v6.1#6144)

Mime
View raw message