[
https://issues.apache.org/jira/browse/KARAF-2455?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Jean-Baptiste Onofré reassigned KARAF-2455:
-------------------------------------------
Assignee: Jean-Baptiste Onofré
> Role-based security for OSGi Services
> -------------------------------------
>
> Key: KARAF-2455
> URL: https://issues.apache.org/jira/browse/KARAF-2455
> Project: Karaf
> Issue Type: New Feature
> Components: karaf-osgi
> Reporter: David Bosschaert
> Assignee: Jean-Baptiste Onofré
>
> Add a mechanism to Karaf by which OSGi services can be secured.
> It should check the (JAAS-provided) roles of the user associated with the
> current thread with the roles required to invoke the OSGi service.
> The service-roles should be configurable and should not require modification
> of the service code, although there might be a mechanism by which services
> provide information about the default roles required for invocation
> themselves (e.g. as an annotation).
> The current user's roles are obtained using standard JSE code that obtains
> the current Subject from the AccessControlContext as in:
> {code} AccessControlContext acc = AccessController.getContext();
> Subject subject = Subject.getSubject(acc);
> At this point you can get all the Principals from the subject, e.g. all the
> roles:
> Set<RolePrincipal> roles = subject.getPrincipals(RolePrincipal.class);
> {code}
> If the user doesn't have the required roles, the service invocation should
> not proceed and throw a SecurityException instead.
> For full discussion see:
> http://mail-archives.apache.org/mod_mbox/karaf-dev/201308.mbox/%3CCAMit8SpUqwPsMQE4S9DHsPrO7Y9D3RkV6goEZy6WK-jc78o%2Bow%40mail.gmail.com%3E
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
