views:

479

answers:

6

OSGi employs a service-oriented architecture: Bundles register service objects, that other bundles consume. Service publishing and binding is managed by the framework. This decouples service providers from service users completely (except for the need to agree on a service interface).

Is there a way to limit (by configuration) what services are visible to what bundles ?

For example, if I have an HttpService, all bundles that feel like doing so can install servlets into it. I would like to make the HttpService not visible to selective bundles.

For extra credits: In addition to just filtering service registrations, the ability to modify registration properties. So that even if a bundle registers a Servlet with alias=/admin, I can change that to alias=/somethingelse for consumption by Pax Web Extender Whiteboard.

+1  A: 

Is there a way to limit (by configuration) what services are visible to what bundles ?

There is no way to do that using service properties. You could define your own service property that specifies which bundles should consume the service you are exporting, but there is no way to prevent other bundles from consuming it as well.

For extra credits: In addition to just filtering service registrations, the ability to >modify registration properties. So that even if a bundle registers a Servlet with >alias=/admin, I can change that to alias=/somethingelse for consumption by Pax Web >Extender Whiteboard.

Well... that's a tough one. You could define your own Servlet interface "MyServlet" and export your Servlets using that interface. Then, another bundle could consume those MyServlets and re-export them as Servlets with modified service properties.

Other than that ... no idea.

arturh
Yes, if I can change the bundle that provides the service, or the bundle that consumes it, I can control what goes on. But I want to do this without touching those bundles. All the service binding is already managed transparently (to consumer and producer) by OSGi, I want some hooks into the process.
Thilo
Well ... as far as I know that is currently not possible with plain OSGi. As Steve Powel pointed out, you will have additional possibilities using the Spring dm Server.
arturh
+1  A: 

I haven't tried this, but seems like it may help you...

In the OSGi R4 Component Spec describes the "Configuration Admin Service" which, from a 5 minutes inspection, appears to be able to alter services dynamically.

Ultimately I think it will be up to you to control access to the services based on some agreed upon configuration values

basszero
Yes, Managed Services and the Service Component Runtime do allow for a great deal of runtime configuration. However, the service providers need to make use of SCR, it cannot be used with "plain" (non-declarative) services.
Thilo
+2  A: 

Is there a way to limit (by configuration) what services are visible to what bundles?

As you are aware, it is possible to filter on service properties, though this probably doesn't give the sort of control you are asking for: the services are still visible to other bundles deployed in the framework.

In SpringSource's dm Server (an open-source, modular, OSGi-based Java application server) an application can be Scoped when it is deployed. This allows you to deploy multiple applications (in separate scopes) that might include inconsistent versions of dependent bundles, while still allowing common bundles to be shared (by deploying them outside of a scope—in the so-called global scope).

If a scoped application/bundle registers an OSGi service it is only available to the bundles in the same scope. (The services are 'scoped' as well.)

This is not magic: the server wraps the OSGi services interfaces and uses service properties 'under the covers' to perform the filtering required on-the-fly.

I think this would give you the sort of separation you are looking for.

For information about dm Server (not to be confused with Spring DM) go to the SpringSource.org dmServer page.

Steve Powell
SpringSource; dm Server Development

Steve Powell
This application-scope feature (PAR files?) does look very useful. Can the PAR mechanism be used outside of dm Server? Is there something similar in the works in standard OSGi? On the Java Posse podcast there was talk about "nested frameworks", which seems to go in that direction.
Thilo
A: 

For extra credits: In addition to just filtering service registrations, the ability to modify registration properties. So that even if a bundle registers a Servlet with alias=/admin, I can change that to alias=/somethingelse for consumption by Pax Web Extender Whiteboard.

using iPOJO you can change properties of the exposed services pretty simple. It has bunch of other features, which could be interessting to someone using OSGi a lot.

+1  A: 

The upcoming R4.2 of the OSGi specification define a component called Find Hook that allows exactly to:
"inspect the returned set of service references and optionally shrink the set of returned services"

See
http://www.osgi.org/download/r4-v4.2-core-draft-20090310.pdf section 12.5

Please note that R4.2 is not final yet, still I believe the major OSGi implementations (Felix and Equinox) already have the code for this additional functionality in their trunk

Filippo Diotalevi
A: 

If you want to limit the visibility of services, your best bet is to enable OSGi security. It is designed to limit what services, packages and other things are visible to what bundles. You can for example only make a certain service available to a bundle that is signed by you (or use various other criteria).

The other option, already mentioned, it to use the 4.2 service hooks, which allow a sort of "do it yourself" security mechanism.

The second question, changing properties like the endpoint under which a service is registered, is something you can do via the ServiceRegistration that you get back when registering your service. Changes can be triggered by becoming a ManagedService and use ConfigurationAdmin to configure yourself.

Marcel Offermans