Designing and Implementing Composite Applications : Getting Started with the webMethods Application Platform API : Using the Application Platform API : Adding Single Sign-On Authentication to Application Platform Projects : OSGi Service Layer Security
OSGi Service Layer Security
 
Declarative Security
Dynamic Runtime Security
The following tables describe the class and annotations that are provided by the Application Platform API for implementing security at the OSGi service layer. When you implement OSGi service layer security, you can add one of the following types of SSO to your application:
*Declarative security, in which the users that are allowed to have access to the application are determined statically.
*Dynamic runtime security, in which the users that are allowed to have access to the application are determined dynamically.
Class and Description
com.softwareag.applatform.security.SecurityContext
A class that provides a set of methods that are backed by the internal authorization service. Before the target method is invoked, an instance of this class is injected in any field of the same type that is defined in the @Service and @Secure annotated class.
You can query the role and subject information for the currently logged user by using the following methods in the SecurityContext class:
Method Name
Return Value
Method Parameters
Description
isUserInRole
Boolean
String. The role name.
Checks if the current user has the given role.
isUserInRoles
Boolean
String or string list. An array of role names.
Checks if the current user has all the given roles.
currentSubject

javax.security.
auth.Subject
Returns the JAAS subject representation of the current user.
getBackingSubject

org.apache.
shiro.subject.
Subject
Obtains the backing security instance of the user.
isAuthenticated
Boolean
Checks if the current user is authenticated.
Annotation and Description
com.softwareag.applatform.security.Secure
A marker annotation that indicates that the Application Platform service is secured and requires an authenticated subject when its methods are invoked. This annotation is used together with the @Service annotation at the type or class level.
com.softwareag.applatform.security.AclAllowed
A marker annotation that takes a single Access Control List (ACL) value as a parameter. Use this annotation to define ACLs for Integration Server.Use this annotation at the class or method level, as follows:
*When added at class level, it applies to all methods.
*When added at method level, it applies only to that method and overrides any class-level value.
*The value of the @AclAllowed annotation corresponds to the Integration Server ACL to which the current user belongs. The ACL value must be already present in Integration Server when the log-in request is sent to the secured service.
Securing the OSGi Service Layer
Publishing POJOs as OSGi Services
Copyright © 2016 Software AG, Darmstadt, Germany.
Product LogoContact Support   |   Community   |   Feedback