Network Deployment (Distributed operating systems), v8.0 > Secure applications and their environment
Secure OSGi Applications
Secure OSGi applications is very similar to securing enterprise applications. For most security frameworks, no additional steps are required. For Java 2 security, there is some optional extra configuration that is specific to OSGi Applications.
About this task
For most security frameworks that are supported by WAS, configuring security for OSGi applications requires no additional steps to those that are required for enterprise applications. For example: If you enable security, and you add a secure asset, specify a target server that is in the global security domain. This requirement is the same whether the asset is an enterprise application or an OSGi application.
For application security with OSGi applications, you can modify the security role to user or group mapping when you add the asset to the business-level application.
For Java 2 security in enterprise applications, you set permissions at the application level. For OSGi applications, you can also set Java 2 security permissions at the bundle level. To support this finer-grained security, there are extra configuration steps that you can complete when you create an OSGi application, when you migrate an enterprise application to an OSGi application, and when you add an enterprise bundle archive (EBA) asset to a business-level application.
Procedure
- Use application security with OSGi applications.
Application security controls which users may access which parts of the application. See Application security.
- Modify the security role to user or group mapping.
We can modify this mapping when you add the asset to the business-level application as a composition unit. See Add an EBA asset to a composition unit , Add an EBA asset to a composition unit using wsadmin, and Security role to user or group mapping [Settings].
- Use application security with web application bundles (WABs).
You secure WABs in the same way that you secure web applications in Java EE. Application security enforces any security constraints that are defined in the web.xml file for a WAB. When a web client tries to access a protected resource, the client is prompted for authentication.
- Use Java 2 security with OSGi applications.
Java 2 security controls access to protected system resources from the application.
- Learn about using Java 2 security with OSGi applications.
Use Java 2 security in OSGi applications is very similar to using Java 2 security in enterprise applications. For more information about Java 2 security in enterprise applications, see Java 2 security. For an overview of the main differences when you use Java 2 security in an OSGi application, see Java 2 security and OSGi Applications. This topic describes the following differences:
- The format and locations of the permissions.perm files in an OSGi application.
- The relationship between application-level permissions.perm files in OSGi applications and was.policy files in enterprise applications.
- The default permissions that apply to every OSGi application, in addition to any that are provided through a permissions.perm file.
- Configure Java 2 security for your OSGi application.
- Create permissions.perm files. See Java 2 security and OSGi Applications.
- Check the security permissions. The security permissions are displayed when you import the OSGi application as an asset. See Deploy an OSGi application as a business-level application.
- Migrate Java 2 security settings as part of migrating an enterprise application to an OSGi application.
When you convert an application from Java EE to OSGi, any existing was.policy file is converted into a permissions.perm file to be used with the OSGi permissions framework, and all permissions are promoted to the application level. If you need finer granularity, you can modify the file after conversion. See Java 2 security and OSGi Applications, and Convert an enterprise application to an OSGi application.
Related concepts:
About OSGi Applications
Java 2 security and OSGi Applications
Java 2 security
Application securityRelated tasks:
Deploy an OSGi application as a business-level application
Add an EBA asset to a composition unit
Add an EBA asset to a composition unit using wsadmin
Convert an enterprise application to an OSGi applicationRelated reference:
OSGi Applications: Troubleshooting tipsRelated information:
Security role to user or group mapping [Settings]
Task topic Feedback
Copyright IBM Corporation 2009, 2011. All Rights Reserved.
This information center is powered by Eclipse technology.