OSGi Service Layer Security

Application Platform 10.3 | Application Platform API | Adding Single Sign-On Authentication to Application Platform Projects | OSGi Service Layer Security

Declarative Security

Dynamic Runtime Security

The Application Platform API provides a class for implementing security at the OSGi service layer. When you implement OSGi service layer security, you can add one of the following types of SSO to your application:

Declarative security, in which the users that are allowed to have access to the application are determined statically.

Dynamic runtime security, in which the users that are allowed to have access to the application are determined dynamically.

The following table describes the class and annotations that are provided by Application Platform for implementing security at the OSGi service layer.

Class and Description

com.softwareag.applatform.security.SecurityContext

A class that provides a set of methods that are backed by the internal authorization service. Before the target method is invoked, an instance of this class is injected in any field of the same type that is defined in the @Service and @Secure annotated class.

You can query the role and subject information for the currently logged user by using the available methods in the SecurityContext class. The following table describes the public API methods in the SecurityContext class and specifies the return type and method parameters for each method type.

Method Name	Return Value	Method Parameters	Description
isUserInRole	Boolean	String. The role name.	Checks if the current user has the given role.
isUserInRoles	Boolean	String or string list. An array of role names.	Checks if the current user has all the given roles.
currentSubject	javax.security. auth.Subject		Returns the JAAS subject representation of the current user.
getBackingSubject	org.apache. shiro.subject. Subject		Obtains the backing security instance of the user.
isAuthenticated	Boolean		Checks if the current user is authenticated.

The following table lists and describes the annotations you can use to implement OSGi service layer security using the Application Platform API.

Annotation and Description

com.softwareag.applatform.security.Secure

A marker annotation that indicates that the Application Platform service is secured and requires an authenticated subject when its methods are invoked. This annotation is used together with the @Service annotation at the type or class level.

com.softwareag.applatform.security.AclAllowed

A marker annotation that takes a single Access Control List (ACL) value as a parameter. Use this annotation to define ACLs for Integration Server.Use this annotation at the class or method level, as follows:

When added at class level, it applies to all methods.

When added at method level, it applies only to that method and overrides any class-level value.

The value of the @AclAllowed annotation corresponds to the Integration Server ACL to which the current user belongs. The ACL value must be already present in Integration Server when the log-in request is sent to the secured service.