Apache

Authentication

To test whether an initiator of an action is known to the UserAdmin service, it should be authenticated. To authenticate a user, you typically do something like:

private UserAdmin m_userAdmin;
// ...
User user = m_userAdmin.getUser("username", getUserName());
if (user == null || !user.hasCredential("password", getPassword())) {
  throw new InvalidUsernameOrPasswordException();
}

Authorization

Only authorized users should be able to initiate privileged actions. Whether a user is authorized to do so depends on its membership in groups. The UserAdmin service aids in this by providing an Authorization facade that helps you to determine whether or not users are authorized to initiate certain actions.

Note that the UserAdmin only provides answer to the question whether a user is allowed to initiate a certain action, it does not actually shield it from doing this, like, for example, the SecurityManager in Java. This means that the common pattern used to authorize users with UserAdmin looks something like:

private UserAdmin m_userAdmin;
// ...
User user = m_userAdmin.getUser("username", getUserName());
// assume user is already authenticated...
Authorization auth = m_userAdmin.getAuthorization(user);
if (!auth.hasRole("admin")) {
  throw new InsufficientRightsException();
}
Last modified by jawi on Fri Dec 07 09:53:59 EST 2012
Apache Felix, Felix, Apache, the Apache feather logo, and the Apache Felix project logo are trademarks of The Apache Software Foundation. All other marks mentioned may be trademarks or registered trademarks of their respective owners.