* Copyright (c) OSGi Alliance (2000, 2013). All Rights Reserved.
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
Servlets and resources may be registered with an
HttpContext object is specified, a default
object is used. Servlets that are registered using the same
HttpContext object will share the same
This interface is implemented by users of the
HttpServletRequestattribute specifying the
Authorizationobject obtained from the
org.osgi.service.useradmin.UserAdminservice. The value of the attribute can be retrieved by
HttpServletRequest.getAttribute(HttpContext.AUTHORIZATION). This attribute name is
The Http Service calls this method prior to servicing the specified request. This method controls whether the request is processed in the normal manner or an error is returned.
If the request requires authentication and the Authorization header in
the request is missing or not acceptable, then this method should set the
WWW-Authenticate header in the response object, set the status in the
response object to Unauthorized(401) and return
false. See also
RFC 2617: HTTP Authentication: Basic and Digest Access Authentication
(available at http://www.ietf.org/rfc/rfc2617.txt).
If the request requires a secure connection and the
method in the request does not return 'https' or some other acceptable
secure protocol, then this method should set the status in the response
object to Forbidden(403) and return
When this method returns
false, the Http Service will send the
response back to the client, thereby completing the request. When this
true, the Http Service will proceed with servicing
If the specified request has been authenticated, this method must set the
AUTHENTICATION_TYPE request attribute to the type of
authentication used, and the
REMOTE_USER request attribute to
the remote user (request attributes are set using the
setAttribute method on the request). If this method does not
perform any authentication, it must not set these attributes.
If the authenticated user is also authorized to access certain resources,
this method must set the
AUTHORIZATION request attribute to the
Authorization object obtained from the
The servlet responsible for servicing the specified request determines
the authentication type and remote user by calling the
getRemoteUser methods, respectively, on
requestthe HTTP request
responsethe HTTP response
trueif the request should be serviced,
falseif the request should not be serviced and Http Service will send the response back to the client.
public boolean handleSecurity(HttpServletRequest request, HttpServletResponse response) throws IOException;
Called by the Http Service to map a resource name to a URL. For servlet
registrations, Http Service will call this method to support the
getResourceAsStream. For resource registrations, Http Service
will call this method to locate the named resource. The context can
control from where resources come. For example, the resource can be
mapped to a file in the bundle's persistent storage area via
bundleContext.getDataFile(name).toURL() or to a resource in the
context's bundle via
namethe name of the requested resource
nullif the resource does not exist.
getMimeType. For resource registrations, the Http Service will call this method to determine the MIME type for the Content-Type header in the response.
namedetermine the MIME type for this name.
nullto indicate that the Http Service should determine the MIME type itself.