Apache
Home » Documentation » Apache Felix Subproject Documentation » Apache Felix User Admin

Apache Felix User Admin - Getting Started

Authentication

To test whether an initiator of an action is known to the UserAdmin service, it should be authenticated. To authenticate a user, you typically do something like:

{code:java} private UserAdmin m_userAdmin; // ... User user = m_userAdmin.getUser("username", getUserName()); if (user == null || !user.hasCredential("password", getPassword())) { throw new InvalidUsernameOrPasswordException(); }

h2. Authorization

Only authorized users should be able to initiate privileged actions. Whether a user is authorized to do so depends on its membership in groups. The UserAdmin service aids in this by providing an  facade that helps you to determine whether or not users are authorized to initiate certain actions.

Note that the UserAdmin only provides answer to the question whether a user is allowed to initiate a certain action, it does not actually shield it from doing this, like, for example, the SecurityManager in Java. This means that the common pattern used to authorize users with UserAdmin looks something like:

{code:java}
private UserAdmin m_userAdmin;
// ...
User user = m_userAdmin.getUser("username", getUserName());
// assume user is already authenticated...
Authorization auth = m_userAdmin.getAuthorization(user);
if (!auth.hasRole("admin")) {
  throw new InsufficientRightsException();
}
Rev. 1700393 by cziegeler on Tue, 1 Sep 2015 06:04:06 +0000
Apache Felix, Felix, Apache, the Apache feather logo, and the Apache Felix project logo are trademarks of The Apache Software Foundation. All other marks mentioned may be trademarks or registered trademarks of their respective owners.