Hi Rodrigo, You can find a simple example in Pax Wicket, which is an OSGi-based extension to the Wicket framework
http://wiki.ops4j.org/confluence/display/ops4j/Pax+Wicket (in progress doc http://www.ops4j.org/projects/pax/wicket) the org.ops4j.pax.wicket.util.UserAdminAuthenticator maps roles configured in useradmin to Wicket roles: public Roles authenticate( String username, String password ) { UserAdmin userAdmin = m_serviceTracker.getUserAdmin(); if( userAdmin == null ) { throw new SecurityException( "UserAdmin service not available." ); } User user = userAdmin.getUser( m_applicationName + ".userid", username ); if( user == null ) { LOGGER.warn( "No user with the username of '" + username + "'" ); return null; } if( !user.hasCredential( m_applicationName + ".password", password ) ) { LOGGER.warn( "Wrong password issued by " + username ); return null; } Authorization authorization = userAdmin.getAuthorization( user ); if( authorization == null ) { // anonymous user == no roles. return new Roles(); } String[] uaRoles = authorization.getRoles(); Roles wicketRoles = new Roles(); wicketRoles.addAll( Arrays.asList( uaRoles ) ); return wicketRoles; } basically, you should 1) get the user 2) check credentials 3) check the authorization roles (also, try not to store plaintext passwords as credentials - use the encrypted form instead) HTH On 13/09/2007, Rodrigo Madera <[EMAIL PROTECTED]> wrote: > > Can you provide an example (very simple one) on UserAdmin? > > I have the specifications (and probably every other PDF and PPS Google > knows > of), and my doubt is in terms of checking the authorization. What kind of > boilerplate code is normally done? > > Again, my intention is to do things the OSGi way. So pure JAAS is out of > the > question (I read on the definition papers that they decided this because > JAAS requires SE 1.3). > > Thanks for any input, > Rodrigo > > > On 9/12/07, Christian van Spaandonk <[EMAIL PROTECTED]> > wrote: > > > > Rodrigo Madera wrote: > > > Hello community, > > > > > > I see that OSGi has some lack of documentation out there when it comes > > to > > > best practices and examples (or I'm not knowing where to look). > > > > > > Would any of you have a good book recommendation on practical OSGi? > > > > > > Also, what is the recommended way of doing authentication and > > authorization? > > > > > > Thanks for any input, > > > Rodrigo > > > > > > > > In addition to the resources mentioned in other replies there is also a > > presentation on OSGi best practices given by BJ Hargrave and Peter > > Kriens at the OSGi Community Event in Munich and also at Java One. You > > can find it at: > > > > http://www2.osgi.org/wiki/uploads/Conference/OSGiBestPractices.pdf > > http://developers.sun.com/learning/javaoneonline/2007/pdf/TS-1419.pdf > > > > friendly, > > Christian > > > > --------------------------------------------------------------------- > > To unsubscribe, e-mail: [EMAIL PROTECTED] > > For additional commands, e-mail: [EMAIL PROTECTED] > > > > > > > -- > If Jack Bauer had been a Spartan, the movie would have been called "1". > -- Cheers, Stuart