[
https://issues.apache.org/jira/browse/KARAF-2455?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15029661#comment-15029661
]
ASF GitHub Bot commented on KARAF-2455:
---------------------------------------
Github user bosschaert closed the pull request at:
https://github.com/apache/karaf/pull/22
> Role-based security for OSGi Services
> -------------------------------------
>
> Key: KARAF-2455
> URL: https://issues.apache.org/jira/browse/KARAF-2455
> Project: Karaf
> Issue Type: New Feature
> Components: karaf-osgi
> Reporter: David Bosschaert
> Assignee: Jean-Baptiste Onofré
> Fix For: 3.0.0
>
>
> Add a mechanism to Karaf by which OSGi services can be secured.
> It should check the (JAAS-provided) roles of the user associated with the
> current thread with the roles required to invoke the OSGi service.
> The service-roles should be configurable and should not require modification
> of the service code, although there might be a mechanism by which services
> provide information about the default roles required for invocation
> themselves (e.g. as an annotation).
> The current user's roles are obtained using standard JSE code that obtains
> the current Subject from the AccessControlContext as in:
> {code} AccessControlContext acc = AccessController.getContext();
> Subject subject = Subject.getSubject(acc);
> At this point you can get all the Principals from the subject, e.g. all the
> roles:
> Set<RolePrincipal> roles = subject.getPrincipals(RolePrincipal.class);
> {code}
> If the user doesn't have the required roles, the service invocation should
> not proceed and throw a SecurityException instead.
> For full discussion see:
> http://mail-archives.apache.org/mod_mbox/karaf-dev/201308.mbox/%3CCAMit8SpUqwPsMQE4S9DHsPrO7Y9D3RkV6goEZy6WK-jc78o%2Bow%40mail.gmail.com%3E
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
