Security Aware Coding

Apache Stanbol uses standard Java Security for authorization. The permission can be set on a per user and per role basis using the user managers HTTP Api or UI. For the documentation of the HTTP API see the README oth the usermanager. The UI is available as a tab on the Webconsole. If stanbol is used within an application server the menchanisms provided by this application servers must be used to assign required permissions to users as well as to the code-base. Stanbol launchers have no code-based permission limitations the code of all bundles is executed with full priviledges.

Writing security aware code

As for any Java libraries Stanbol modules should make sure they require a reasonable set of permissions. This includes doing checks for permssions with the AccessController as well as executing code as prviledged where the code shall not "inherit" the permission requirements of the invoked methods.

For example:

// checking for a permission to access the RemoteFooBar service
AccessController.checkPermission(new RemoteFooBarPermission());

//access the required files and do the required networking as priviledged
AccessController.doPrivileged(new PrivilegedAction() {
public Object run() {
            // privileged code goes here, so that the user doesn't require
            // file access and networkig permissions to access RemoteFooBar
            // (but only RemoteFooBarPermission)
            return null; // nothing to return