[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [List Home]
[p2-dev] P2 security management


I am creating a modular application based on OSGi and I would like to use   P2 for provisioning. 

My application will have users who can install modules(deployed as IUs for simplicity) with P2 and I want to restritct the visibility of the modules for the users who have no privilege to install them. 

For example, if user U1 has no privilege to install the module M1, then he wouldn't see it in the "available modules" list(retreived from the metadata repository by P2) and can't download it even if he acquired the URL of the IU and the location of the bundle in the artifact repository.

Is there any way to do this or I have to do it manually? 

In the latter case, my main problem is that I don't know how to tell to P2 to attach the user's session id to the http request (without building a custom P2 that supports this feature).

Thanks in advance!