10.4. User Administration

In Chapter 9 we discussed how to grant permissions to bundles based on where they come from, but not on whose behalf they run. For example, before giving out an employee's payroll information, you must ensure the user is indeed the employee herself. Knowing where the request is originated—even from a trusted location—is insufficient.

To establish the identify of a user, or to authenticate a user, is the prerequisite for making authorization decisions, for only after you have ascertained the identity of the user can you determine to what he is entitled. Authentication is achieved by verifying something a user has (fingerprint) or knows (password).

The Java 2 runtime environment has been supporting authorization based on the source of the code and who has signed it since the Java 2 SDK 1.2. In subsequent releases of the Java SDK, user-based authentication and authorization, known as the Java™ Authentication and Authorization Service (JAAS), was introduced (http://java.sun.com/products/jaas). Although the code source-based access control mechanism in the Java 2 Platform has been adopted by the OSGi specification 1.0, JAAS is considered too “heavy” for service gateway applications. As a result, a user administration service is being worked out. It will rely on existing mechanisms (such as HttpService's handleSecurity implementation) to authenticate users, maintain a database of users, and assist in making authorization decisions.