[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [List Home]
Re: [equinox-dev] principal based permissions in osgi

It is very easy to implement a PrincipalCondition that handles JAAS. 
Basically, in the isSatisfied() method, you would simply use 
Subject.getSubject() to check whether the subject matches the subject that 
corresponds to the Principle.

For the ConditionInfo, the type would be PrincipleCondition and the argument 
would be the Principle in String form.

In theory you could implement it in such a way that it would work with or 
without JAAS by checking if the Subject class is present and if not, look for 
the Principle in a thread local variable.

If you don't want to ship PrincipalCondition with the core framework, you 
could deploy it as an extension bundle.

ben

On Thursday 15 September 2005 12:00 pm, Pascal Rapicault wrote:
> Hi,
>
> Lately I've been looking at JAAS and its capability to dynamically
> associate permissions based on principals (usually declared in a policy
> file) and from that to use Subject.doAsPriviledged.
> Given that OSGi has its own way of expressing permissions, I would like to
> understand how principal based permissions can be declared.
>
> Thank you,
>
> PaScaL