| <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> |
| <html> |
| <!-- |
| |
| Licensed to the Apache Software Foundation (ASF) under one or more |
| contributor license agreements. See the NOTICE file distributed with |
| this work for additional information regarding copyright ownership. |
| The ASF licenses this file to You under the Apache License, Version 2.0 |
| (the "License"); you may not use this file except in compliance with |
| the License. You may obtain a copy of the License at |
| |
| https://www.apache.org/licenses/LICENSE-2.0 |
| |
| Unless required by applicable law or agreed to in writing, software |
| distributed under the License is distributed on an "AS IS" BASIS, |
| WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
| See the License for the specific language governing permissions and |
| limitations under the License. |
| --> |
| <head> |
| <title>Apache Felix - Apache Felix User Admin - Getting Started</title> |
| <link rel="icon" href="/res/favicon.ico"> |
| <link rel="stylesheet" href="/res/site.css" type="text/css" media="all"> |
| <link rel="stylesheet" href="/res/codehilite.css" type="text/css" media="all"> |
| <meta http-equiv="Content-Type" content="text/html;charset=UTF-8"> |
| </head> |
| <body> |
| <div class="title"> |
| <div class="logo"> |
| <a href="https://felix.apache.org/"> |
| <img border="0" alt="Apache Felix" src="/res/logo.png"> |
| </a> |
| </div> |
| <div class="header"> |
| <a href="https://www.apache.org/"> |
| <img border="0" alt="Apache" src="/res/apache.png"> |
| </a> |
| </div> |
| </div> |
| |
| <div class="menu"> |
| <style type="text/css"> |
| /* The following code is added by mdx_elementid.py |
| It was originally lifted from http://subversion.apache.org/style/site.css */ |
| /* |
| * Hide class="elementid-permalink", except when an enclosing heading |
| * has the :hover property. |
| */ |
| .headerlink, .elementid-permalink { |
| visibility: hidden; |
| } |
| h2:hover > .headerlink, h3:hover > .headerlink, h1:hover > .headerlink, h6:hover > .headerlink, h4:hover > .headerlink, h5:hover > .headerlink, dt:hover > .elementid-permalink { visibility: visible }</style> |
| <p><a href="/news.html">News</a> <br /> |
| <a href="/license.html">License</a> <br /> |
| <a href="/downloads.cgi">Downloads</a> <br /> |
| <a href="/documentation.html">Documentation</a> <br /> |
| <a href="/documentation/community/project-info.html">Project Info</a> <br /> |
| <a href="/documentation/community/contributing.html">Contributing</a> <br /> |
| <a href="/sitemap.html">Site Map</a> <br /> |
| <a href="https://www.apache.org/">ASF</a> <br /> |
| <a href="https://www.apache.org/security/">Security</a> <br /> |
| <a href="https://www.apache.org/foundation/sponsorship.html">Sponsorship</a> <br /> |
| <a href="https://www.apache.org/foundation/thanks.html">Sponsors</a> </p> |
| <iframe |
| src="https://www.apache.org/ads/button.html" |
| style="border-width:0; float: left" |
| frameborder="0" |
| scrolling="no" |
| width="135" |
| height="135"> |
| </iframe> |
| </div> |
| |
| <div class="main"> |
| <div class="breadcrump" style="font-size: 80%;"> |
| <a href="/">Home</a> » <a href="/documentation.html">Documentation</a> » <a href="/documentation/subprojects/apache-felix-user-admin.html">Apache Felix User Admin</a> |
| </div> |
| |
| <h1>Apache Felix User Admin - Getting Started</h1> |
| <style type="text/css"> |
| /* The following code is added by mdx_elementid.py |
| It was originally lifted from http://subversion.apache.org/style/site.css */ |
| /* |
| * Hide class="elementid-permalink", except when an enclosing heading |
| * has the :hover property. |
| */ |
| .headerlink, .elementid-permalink { |
| visibility: hidden; |
| } |
| h2:hover > .headerlink, h3:hover > .headerlink, h1:hover > .headerlink, h6:hover > .headerlink, h4:hover > .headerlink, h5:hover > .headerlink, dt:hover > .elementid-permalink { visibility: visible }</style> |
| <h2 id="authentication">Authentication<a class="headerlink" href="#authentication" title="Permanent link">¶</a></h2> |
| <p>To test whether an initiator of an action is known to the UserAdmin service, it should be authenticated. To authenticate a user, you typically do something like:</p> |
| <p>{code:java} |
| private UserAdmin m_userAdmin; |
| // ... |
| User user = m_userAdmin.getUser("username", getUserName()); |
| if (user == null || !user.hasCredential("password", getPassword())) { |
| throw new InvalidUsernameOrPasswordException(); |
| }</p> |
| <div class="codehilite"><pre><span class="n">h2</span><span class="p">.</span> <span class="n">Authorization</span> |
| |
| <span class="n">Only</span> <span class="n">authorized</span> <span class="n">users</span> <span class="n">should</span> <span class="n">be</span> <span class="n">able</span> <span class="n">to</span> <span class="n">initiate</span> <span class="n">privileged</span> <span class="n">actions</span><span class="p">.</span> <span class="n">Whether</span> <span class="n">a</span> <span class="n">user</span> <span class="n">is</span> <span class="n">authorized</span> <span class="n">to</span> <span class="n">do</span> <span class="n">so</span> <span class="n">depends</span> <span class="n">on</span> <span class="n">its</span> <span class="n">membership</span> <span class="n">in</span> <span class="n">groups</span><span class="p">.</span> <span class="n">The</span> <span class="n">UserAdmin</span> <span class="n">service</span> <span class="n">aids</span> <span class="n">in</span> <span class="n">this</span> <span class="n">by</span> <span class="n">providing</span> <span class="n">an</span> <span class="n">facade</span> <span class="n">that</span> <span class="n">helps</span> <span class="n">you</span> <span class="n">to</span> <span class="n">determine</span> <span class="n">whether</span> <span class="n">or</span> <span class="n">not</span> <span class="n">users</span> <span class="n">are</span> <span class="n">authorized</span> <span class="n">to</span> <span class="n">initiate</span> <span class="n">certain</span> <span class="n">actions</span><span class="p">.</span> |
| |
| <span class="n">Note</span> <span class="n">that</span> <span class="n">the</span> <span class="n">UserAdmin</span> <span class="n">only</span> <span class="n">provides</span> <span class="n">answer</span> <span class="n">to</span> <span class="n">the</span> <span class="n">question</span> <span class="n">whether</span> <span class="n">a</span> <span class="n">user</span> <span class="n">is</span> <span class="n">allowed</span> <span class="n">to</span> <span class="n">initiate</span> <span class="n">a</span> <span class="n">certain</span> <span class="n">action</span><span class="p">,</span> <span class="n">it</span> <span class="n">does</span> <span class="n">not</span> <span class="n">actually</span> <span class="n">shield</span> <span class="n">it</span> <span class="n">from</span> <span class="n">doing</span> <span class="n">this</span><span class="p">,</span> <span class="n">like</span><span class="p">,</span> <span class="k">for</span> <span class="n">example</span><span class="p">,</span> <span class="n">the</span> <span class="n">SecurityManager</span> <span class="n">in</span> <span class="n">Java</span><span class="p">.</span> <span class="n">This</span> <span class="n">means</span> <span class="n">that</span> <span class="n">the</span> <span class="n">common</span> <span class="n">pattern</span> <span class="n">used</span> <span class="n">to</span> <span class="n">authorize</span> <span class="n">users</span> <span class="n">with</span> <span class="n">UserAdmin</span> <span class="n">looks</span> <span class="n">something</span> <span class="n">like</span><span class="p">:</span> |
| |
| <span class="p">{</span><span class="n">code</span><span class="p">:</span><span class="n">java</span><span class="p">}</span> |
| <span class="n">private</span> <span class="n">UserAdmin</span> <span class="n">m_userAdmin</span><span class="p">;</span> |
| <span class="o">//</span> <span class="p">...</span> |
| <span class="n">User</span> <span class="n">user</span> <span class="p">=</span> <span class="n">m_userAdmin</span><span class="p">.</span><span class="n">getUser</span><span class="p">(</span>"<span class="n">username</span>"<span class="p">,</span> <span class="n">getUserName</span><span class="p">());</span> |
| <span class="o">//</span> <span class="n">assume</span> <span class="n">user</span> <span class="n">is</span> <span class="n">already</span> <span class="n">authenticated</span><span class="p">...</span> |
| <span class="n">Authorization</span> <span class="n">auth</span> <span class="p">=</span> <span class="n">m_userAdmin</span><span class="p">.</span><span class="n">getAuthorization</span><span class="p">(</span><span class="n">user</span><span class="p">);</span> |
| <span class="k">if</span> <span class="p">(</span>!<span class="n">auth</span><span class="p">.</span><span class="n">hasRole</span><span class="p">(</span>"<span class="n">admin</span>"<span class="p">))</span> <span class="p">{</span> |
| <span class="n">throw</span> <span class="n">new</span> <span class="n">InsufficientRightsException</span><span class="p">();</span> |
| <span class="p">}</span> |
| </pre></div> |
| <div class="timestamp" style="margin-top: 30px; font-size: 80%; text-align: right;"> |
| Rev. 1700393 by cziegeler on Tue, 1 Sep 2015 06:04:06 +0000 |
| </div> |
| <div class="trademarkFooter"> |
| Apache Felix, Felix, Apache, the Apache feather logo, and the Apache Felix project |
| logo are trademarks of The Apache Software Foundation. All other marks mentioned |
| may be trademarks or registered trademarks of their respective owners. |
| </div> |
| </div> |
| </body> |
| </html> |