I have an application consisting of several OSGi bundles. I would like to enforce that some of them only provide other bundles access to their services if a valid token (e. g. a license key) has been presented.
Here s why I would want to restrict access to those bundles:
- Security: They don t have their own access policies because these depend on what application is using the bundle. This means they have to trust in the client bundle to have verified the permissions of the application or user they are representing. I would like to keep control over what access control schemes I trust.
- Reliability: I allow and encourage the development of third-party modules to add functionality to my system. To be able to guarantee some reliability, I want to control at which level those extensions interact with my system. Also, I want to make sure that my own bundles are only used in combinations that have been tested.
- Licensing: There might be functionality in some modules that can only be used with the proper license, or, I might want to ensure that customers can t swap bundles between different installations.
I have read some about the ServicePermission class and related from the OSGi framework, but it appears to me that these let the site administrator control the access policy, as opposed to the bundle manufacturer, which is what I want.