Examples of org.osgi.service.useradmin.Authorization

org.osgi.service.useradmin.Authorization
The {@code Authorization} interface encapsulates an authorization context onwhich bundles can base authorization decisions, where appropriate.
Bundles associate the privilege to access restricted resources or operations with roles. Before granting access to a restricted resource or operation, a bundle will check if the {@code Authorization} object passed to it possessthe required role, by calling its {@code hasRole} method.
Authorization contexts are instantiated by calling the {@link UserAdmin#getAuthorization(User)} method.
Trusting Authorization objects
There are no restrictions regarding the creation of {@code Authorization}objects. Hence, a service must only accept {@code Authorization} objects frombundles that has been authorized to use the service using code based (or Java 2) permissions.
In some cases it is useful to use {@code ServicePermission} to do the codebased access control. A service basing user access control on {@code Authorization} objects passed to it, will then require that a callingbundle has the {@code ServicePermission} to get the service in question. Thisis the most convenient way. The OSGi environment will do the code based permission check when the calling bundle attempts to get the service from the service registry.
Example: A servlet using a service on a user's behalf. The bundle with the servlet must be given the {@code ServicePermission} to get the Http Service.
However, in some cases the code based permission checks need to be more fine-grained. A service might allow all bundles to get it, but require certain code based permissions for some of its methods.
Example: A servlet using a service on a user's behalf, where some service functionality is open to anyone, and some is restricted by code based permissions. When a restricted method is called (e.g., one handing over an {@code Authorization} object), the service explicitly checks that the callingbundle has permission to make the call. @noimplement @author $Id: 4786641d1725f18fb3bc160059d7f8b28e46bbab $

                             + " logged in, but was logged out since "
                             + " no console service is available.");
                    sessionEnd(null);
                } else {
                    log.info("User " + telnetLogin.getUser() + " logged in");
                    Authorization authorization
                        = telnetLogin.getAuthorization();
                    s = consoleService.runSession("telnet session", reader,
                                                  printWriter);
                    Dictionary props = s.getProperties();

View Full Code Here

                                InputStream is = client.getInputStream();
                                InputStreamReader isr = new InputStreamReader(
                                        is);
                                BufferedReader in = new BufferedReader(isr);


                                Authorization authorization = null;
                                if (login.booleanValue()) {
                                    LoginResult loginResult = doLogin(client);
                                    if (loginResult.loginOK) {
                                        authorization = loginResult.authorization;
                                    } else {

View Full Code Here

            in.read();
            in.read();
            in.read(); // Read answer.
            out.println();


            Authorization authorization = null;
            boolean loginOK = false;
            ServiceReference sr = bc
                    .getServiceReference(PasswdAuthenticator.class.getName());
            if (sr == null) {
                if (requireUM.booleanValue()) {
                    log(LogService.LOG_WARNING,
                            "Failed to get PasswdAuthenticator reference. UM required but not present.");
                } else {
                    loginOK = (DEFAULT_USER_NAME.equals(userName) && DEFAULT_PASSWORD
                            .equals(password));
                }
            } else {
                PasswdAuthenticator pa = (PasswdAuthenticator) bc
                        .getService(sr);
                if (pa != null) {
                    PasswdSession ps = pa.createSession();
                    ps.setUsername(userName);
                    ps.setPassword(password);
                    ContextualAuthorization ca = null;
                    try {
                        ca = ps.getAuthorization();
                    } catch (IllegalStateException ex) {
                        log(LogService.LOG_WARNING,
                                "UserAdmin service not available.");
                    }
                    if (ca != null) {
                        if (requiredGroup != null && !ca.hasRole(requiredGroup)) {
                            loginOK = false;
                            log(
                                    LogService.LOG_INFO,
                                    userName
                                            + " tried to login, but did not have required role "
                                            + requiredGroup);
                        } else if (forbiddenGroup != null
                                && ca.hasRole(forbiddenGroup)) {
                            loginOK = false;
                            log(
                                    LogService.LOG_INFO,
                                    userName
                                            + " tried to login, but had forbidden role "
                                            + forbiddenGroup);
                        } else {
                            authorization = ca;
                            loginOK = true;
                            out.println("Logged in.");
                        }
                    }
                } else {
                    log(LogService.LOG_WARNING,
                            "Failed to get PasswdAuthenticator service.");
                }
                bc.ungetService(sr);
            }


            // Check if login successful:
            if (!loginOK) {
                out.println("Login failed!");
                client.close();
                log(LogService.LOG_INFO, "Login failed for " + userName);
                return new LoginResult();
            }


            // Set context:
            if (authorization instanceof ContextualAuthorization) {
                String authMethod = "passwd"; // TBD
                String inputPath = "tcp"; // TBD
                ((ContextualAuthorization) authorization).setIPAMContext(
                        inputPath, authMethod);
                Dictionary context = ((ContextualAuthorization) authorization)
                        .getContext();
                log(LogService.LOG_INFO, "User " + authorization.getName()
                        + " logged in, authentication context is " + context
                        + ".");
            } else if (authorization == null) {
                log(LogService.LOG_INFO, "Default user " + DEFAULT_USER_NAME
                        + " logged in.");
            } else {
                log(LogService.LOG_INFO, "User " + authorization.getName()
                        + " logged in.");
            }
            return new LoginResult(authorization);
        }

View Full Code Here

        Group group = (Group) m_userAdmin.createRole("group", Role.GROUP);
        group.addRequiredMember(reqGroup);
        group.addMember(user1);
        group.addMember(user2);


        Authorization auth = m_userAdmin.getAuthorization(user1);
        assertTrue(auth.hasRole("group"));
        
        auth = m_userAdmin.getAuthorization(user2);
        assertTrue(auth.hasRole("group"));
        
        auth = m_userAdmin.getAuthorization(user3);
        assertFalse(auth.hasRole("group"));
    }

View Full Code Here


    /**
     * Tests that obtaining the authorization for a non-existing user yields null.
     */
    public void testGetAuthorizationForAnonymousUserOk() {
        Authorization auth = m_userAdmin.getAuthorization(null);
        
        assertNotNull(auth);


        assertNull(auth.getRoles());
        assertNull(auth.getName());
    }

View Full Code Here

    /**
     * Tests that obtaining the authorization for a non-existing user yields null.
     */
    public void testGetAuthorizationForNonExistingUserOk() {
        User nonExistingUser = RoleFactory.createUser("non-existing-user");
        Authorization auth = m_userAdmin.getAuthorization(nonExistingUser);


        assertNotNull(auth);


        assertNull(auth.getRoles());
        assertNotNull(auth.getName());
    }

View Full Code Here

        Role user = m_userAdmin.createRole("user", Role.USER);


        Group group = (Group) m_userAdmin.createRole("group", Role.GROUP);
        group.addMember(user);


        Authorization auth = m_userAdmin.getAuthorization(null);
        assertTrue(auth.hasRole(Role.USER_ANYONE));
        assertFalse(auth.hasRole("group"));
    }

View Full Code Here

        
        Group group = (Group) m_userAdmin.createRole("group", Role.GROUP);
        group.addRequiredMember(reqGroup);
        group.addMember(m_userAdmin.getRole(Role.USER_ANYONE));


        Authorization auth = m_userAdmin.getAuthorization(user1);
        assertTrue(auth.hasRole("group"));


        auth = m_userAdmin.getAuthorization(user2);
        assertTrue(auth.hasRole("group"));


        auth = m_userAdmin.getAuthorization(user3);
        assertFalse(auth.hasRole("group"));


        auth = m_userAdmin.getAuthorization(user4);
        assertFalse(auth.hasRole("group"));
    }

View Full Code Here

        reqGroup.addMember(user3);
        
        Group group = (Group) m_userAdmin.createRole("group", Role.GROUP);
        group.addRequiredMember(reqGroup);


        Authorization auth = m_userAdmin.getAuthorization(user1);
        assertFalse(auth.hasRole("group"));


        auth = m_userAdmin.getAuthorization(user2);
        assertFalse(auth.hasRole("group"));
        
        auth = m_userAdmin.getAuthorization(user3);
        assertFalse(auth.hasRole("group"));
    }

View Full Code Here

        Group group1 = (Group) m_userAdmin.createRole("group1", Role.GROUP);


        assertTrue(group1.addRequiredMember(user1));
        assertTrue(group1.addMember(userAnyone));
        
        Authorization auth = m_userAdmin.getAuthorization(user1);
        assertNotNull(auth);
        
        assertTrue(auth.hasRole("group1"));
        
        String[] roles = auth.getRoles();
        assertNotNull(roles);
        
        for (int i = 0; i < roles.length; i++) {
            assertFalse(Role.USER_ANYONE.equals(roles[i]));
        }

View Full Code Here

0 1 2 3

TOP

Related Classes of org.osgi.service.useradmin.Authorization

org.apache.ace.useradmin.ui.editor.impl.UserEditorImpl

org.apache.ace.webui.vaadin.VaadinClient

org.apache.aries.jmx.useradmin.UserAdmin

org.apache.aries.jmx.useradmin.UserAdminTest

org.apache.felix.http.base.internal.handler.ServletHandlerRequest

org.apache.felix.useradmin.impl.UserAdminImplTest

org.knopflerfish.bundle.consoletcp.ConsoleTcp$AcceptThread

org.knopflerfish.bundle.consoletelnet.TelnetSession

org.knowhowlab.osgi.jmx.beans.service.useradmin.UserAdmin

All source code are property of their respective owners. Java is a trademark of Sun Microsystems, Inc and owned by ORACLE Inc. Contact coftware#gmail.com.