Thursday, January 31, 2008

OSGi happy family: UserAdmin

Bundles, wiring, life-cycle and services architecture are not the only part of OSGi specification. Although they're "Core", standard covers also a number of services that we most likely gonna need - like HTTP, position (GPS!), preferences or user management.

User Admin Service comes into action whenever our application is run by multiple users with different privileges. It brings notion of Roles, Users and Groups, who have their properties and credentials. User can perform actions on behalf of selected role if he's one of that role's basic members and has all memberships required by that role. Authorization code looks like this:

User user = (User) UserAdmin.getUser("jacek");
Authorization auth = userAdmin.getAuthorization(user);
if (auth.hasRole("CVS_USERS")) {
// ...

Naturally users can come and go at any time, thus we're given actually two services: one for querying users (UserAdmin) and another to track any changes (UserAdminListener).
Generic specification allows for wide range of implementations behind UserAdmin. Equinox's one lays on Preferences (yet another OSGi service).
However UserAdmin is functionally very similar to JAAS, JAAS depends on JDK1.3 which is still to high barier for OSGi.


sud said...

Would you be able to provide source code for the UserAdmin service?

Eugene Kuleshov said...

It would be really neat to support multiple identities for the same user. Then this facility could be used to link entries in VCS history with user emails or IM accounts. Eclipse Higgins project supposed to do something like that but it is probably too complicated for this job.

Jacek Pospychala said...

UserAdmin service is available in Eclipse CVS
as org.eclipse.equinox.useradmin

For other OSGi implementations should be avail as well.

Giacomo said...

Im really interested to UserAdmin service can you give me some pointer to an examples on how to use it ?
like the view that you posted in the article ?



Jacek Pospychala said...

ping me at jacek dot pospychala at gmail dot com and I'll send you the sources.

Jacek Pospychala said...

fyi, example plugin was attached to bug

abhishek said...

Thanks for the post! Do you think UserAdmin service can be used for authorization in a RAP application, in which menu items need to be enabled/disabled based on the logged-in user's role?

Any other pointers to achieve authorization at this level in a RAP application?

Best Regards,