Hi Christian, It sounds like what you want is the Authentication Service [1] from the En Route project (and probably also the Authorization service [2]). These are feeding into the OSGi standardisation process as part of some RFPs [3] and [4].
I have already created a viable JAAS-based version of the Authenticator, and a group/role mapping Authorization implementation. Lessons from these will also feed into the standardisation process. Regards, Tim [1] https://github.com/osgi/osgi.enroute.bundles/tree/master/osgi.enroute.authenticator.simple.provider <https://github.com/osgi/osgi.enroute.bundles/tree/master/osgi.enroute.authenticator.simple.provider> [2] https://github.com/osgi/osgi.enroute.bundles/tree/master/osgi.enroute.authorization.simple.provider <https://github.com/osgi/osgi.enroute.bundles/tree/master/osgi.enroute.authorization.simple.provider> [3] https://github.com/osgi/design/blob/master/rfps/rfp-0164-Authentication.pdf <https://github.com/osgi/design/blob/master/rfps/rfp-0164-Authentication.pdf> [4] https://github.com/osgi/design/blob/master/rfps/rfp-0165-Authorization.pdf <https://github.com/osgi/design/blob/master/rfps/rfp-0165-Authorization.pdf> > On 13 Mar 2015, at 08:41, Felix Meschberger <fmesc...@adobe.com> wrote: > > Hi Christian, > > UserAdmin specification (in Compendium and Enterprise) comes to mind. > > When it comes to JAAS authentication inside OSGi, namely LoginModule stuff, > the Felix project has some work there [1] and [2]. > > Hope this helps > > Regards > Felix > > [1] http://svn.apache.org/repos/asf/felix/trunk/jaas > [2] http://felix.apache.org/documentation/subprojects/apache-felix-jaas.html > >> Am 13.03.2015 um 09:20 schrieb Christian Schneider <ch...@die-schneider.net>: >> >> I really like the concept of using JAAS to do authorization inside user >> bundles. >> >> The idea is to let someone do the Authentication part outside the business >> code. The result of this is a JAAS login context on the thread. >> >> Then inside you can use the code below to get the principals: >> Subject subject = Subject.getSubject(AccessController.getContext()); >> Set<Principal> principals = subject.getPrincipals(); >> >> Up to this point this is straight forward. The problem then is that JAAS >> does not specify a common way to find out if a Principal contains is a user >> name or a group name. >> Is there any standard way to get only the roles from the principals or to do >> an authorization decision? >> Any OSGi spec that helps with this perhaps? >> >> Best regards >> >> Christian >> >> -- >> Christian Schneider >> http://www.liquid-reality.de >> >> Open Source Architect >> http://www.talend.com >> >> _______________________________________________ >> OSGi Developer Mail List >> osgi-dev@mail.osgi.org >> https://mail.osgi.org/mailman/listinfo/osgi-dev > > _______________________________________________ > OSGi Developer Mail List > osgi-dev@mail.osgi.org > https://mail.osgi.org/mailman/listinfo/osgi-dev
_______________________________________________ OSGi Developer Mail List osgi-dev@mail.osgi.org https://mail.osgi.org/mailman/listinfo/osgi-dev
