[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [equinox-dev] principal based permissions in osgi
- From: Benjamin Reed <breed@xxxxxxxxxxxxxxx>
- Date: Thu, 15 Sep 2005 13:14:17 -0700
- Delivered-to: firstname.lastname@example.org
- Organization: IBM Almaden Research Center
- User-agent: KMail/1.8.2
It is very easy to implement a PrincipalCondition that handles JAAS.
Basically, in the isSatisfied() method, you would simply use
Subject.getSubject() to check whether the subject matches the subject that
corresponds to the Principle.
For the ConditionInfo, the type would be PrincipleCondition and the argument
would be the Principle in String form.
In theory you could implement it in such a way that it would work with or
without JAAS by checking if the Subject class is present and if not, look for
the Principle in a thread local variable.
If you don't want to ship PrincipalCondition with the core framework, you
could deploy it as an extension bundle.
On Thursday 15 September 2005 12:00 pm, Pascal Rapicault wrote:
> Lately I've been looking at JAAS and its capability to dynamically
> associate permissions based on principals (usually declared in a policy
> file) and from that to use Subject.doAsPriviledged.
> Given that OSGi has its own way of expressing permissions, I would like to
> understand how principal based permissions can be declared.
> Thank you,