|Re: Securing OSGi Remote Services implemented using ECF [message #1406478 is a reply to message #1406443]
||Sun, 10 August 2014 05:54
| Scott Lewis
Registered: July 2009
Timothy Vogel wrote on Sat, 09 August 2014 23:08|
The OSGi Spec chapter 13.6 on remote services
I believe for R5 and R6 you must mean chapter 100 (Remote Services) and chapter 122 (Remote Service Admin) in the enterprise specification. I believe these were moved from chapter 13 in the OSGi 4.2 specification.
is a couple of paragraphs long basically stating that security is important but is up to the implementer. CXF DOSGi uses web services and has the full WS* protocols available to provide this security implementation.
How does ECF address securing services that are deployed from an OSGi server?
ECF has a provider architecture, which allows multiple distribution providers to exist and provides several open APIs (e.g. the org.eclipse.ecf.remoteservice api) to support the relatively easy creation of new providers. As per the OSGi specification, each provider is responsible for it's security.
For some providers (e.g. the ecf generic) ssl or some other transport-level mechanism can be used to secure the remote service consumer -> host connection. The ecf generic provider can also be configured to require credentials upon client connection.
There are existing distribution providers based upon JMS, MQTT, Restlet/JAXRS and xmlrpc, as well as specific APIs for creating rest (xml or json), and/ soap-based providers. For access to some of these other provider see
In addition to the ECF repositories at Eclipse:
There are also ECF distribution providers based upon http or https, that like CXF can provide security based upon web protocols, and of course custom providers can be constructed that use whatever is desired for security. We have even contemplated creating a provider from CXF, JAX itself, but have not had the resources to do so without contributions from those more knowledgeable about CXF internals.
Are there any working examples?
Yes, there are some. Here is an example created to show how to setup and use password-based authentication for the ecf generic provider
Here is a tutorial describing how to implement a custom http/servet-based provider here
If you have specific needs WRT security for an existing provider, or would like assistance creating a new provider, then please either open an enhancement request, bring upon on the ecf-dev mailing list
and/or contact one of the committers directly for professional support. We are open to providing contracted support and development efforts, focused on either configuring/customizing/modifying an existing provider, or creating a new provider (in open source or not).
Thanks for taking the time to read my question!
No problem. Thanks for using ECF.
Powered by FUDForum
. Page generated in 0.01955 seconds