What is equivalent to filtering Java web applications in the OSGi package?

Question

What is equivalent to filtering Java web applications in the OSGi package?

Our application consists of several OSGi packages that reveal their functionality through RESTful URIs. What is the best way to protect these URIs so that only registered and authorized users can access them? For a regular web application, I would use a web filter to control access to all of these URIs. Is there a way to protect access using only one security filter (or its equivalent) for all these URIs in OSGi? Or do I need to include a security filter in each of the OSGi packages? The container we use is Apache Karaf, if that matters.

+4

security osgi

John smith Feb 04 '13 at 16:36

source share

2 answers

Another extender extender supporting this is Pax-Web. But not only the board, also if it is used with std. OSGi http-service supports filters and JSP. Starting with version 2.0, it also supports servlet 3.0 announcements. The next version of Pax-Web will also support only annotated servlets in the bank without web.xml. For more information see http://team.ops4j.org/wiki/display/paxweb/Pax+Web

+2

Achim nierbeck Feb 05 '13 at 6:31

source share

Peter Kriens · Accepted Answer · 2013-02-04T17:18:18+0000

The Apache Felix Http Jetty service includes a filtering tool. The easiest way to use it is to install the Apache Felix Http Whiteboard package and then register the filter service ...

Unfortunately, this is not yet in the OSGi specification, but is likely to become part of the specification for the next round. I have been using this model specifically for your type of security for 6 months now, and it works like a charm.

What is equivalent to filtering Java web applications in the OSGi package?

More articles: