OSGi Service Layer Security

The following tables describe the class and annotation that are provided by the Application Platform API for implementing security at the OSGi service layer. When you implement OSGi service layer security, you can add one of the following types of SSO to your application:

Declarative security, in which the users that are allowed to have access to the application are determined statically.

Dynamic runtime security, in which the users that are allowed to have access to the application are determined dynamically.

Class and Description

com.softwareag.applatform.security.SecurityContext

A class that provides a set of methods that are backed by the internal authorization service. Before the target method is invoked, an instance of this class is injected in any field of the same type that is defined in the @Service and @Secure annotated class.

You can query the role and subject information for the currently logged user by using the following methods in the SecurityContext class:

Method Name	Return Value	Method Parameters	Description
isUserInRole	Boolean	String. The role name.	Checks if the current user has the given role.
isUserInRoles	Boolean	String or string list. An array of role names.	Checks if the current user has all the given roles.
currentSubject	javax.security. auth.Subject		Returns the JAAS subject representation of the current user.
getBackingSubject	org.apache. shiro.subject. Subject		Obtains the backing security instance of the user.
isAuthenticated	Boolean		Checks if the current user is authenticated.

Annotation and Description

com.softwareag.applatform.security.Secure

A marker annotation that indicates that the Application Platform service is secured and requires an authenticated subject when its methods are invoked. This annotation is used together with the @Service annotation at the type or class level.