-
Notifications
You must be signed in to change notification settings - Fork 8
/
service.http.html
5026 lines (4958 loc) · 635 KB
/
service.http.html
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645
646
647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
666
667
668
669
670
671
672
673
674
675
676
677
678
679
680
681
682
683
684
685
686
687
688
689
690
691
692
693
694
695
696
697
698
699
700
701
702
703
704
705
706
707
708
709
710
711
712
713
714
715
716
717
718
719
720
721
722
723
724
725
726
727
728
729
730
731
732
733
734
735
736
737
738
739
740
741
742
743
744
745
746
747
748
749
750
751
752
753
754
755
756
757
758
759
760
761
762
763
764
765
766
767
768
769
770
771
772
773
774
775
776
777
778
779
780
781
782
783
784
785
786
787
788
789
790
791
792
793
794
795
796
797
798
799
800
801
802
803
804
805
806
807
808
809
810
811
812
813
814
815
816
817
818
819
820
821
822
823
824
825
826
827
828
829
830
831
832
833
834
835
836
837
838
839
840
841
842
843
844
845
846
847
848
849
850
851
852
853
854
855
856
857
858
859
860
861
862
863
864
865
866
867
868
869
870
871
872
873
874
875
876
877
878
879
880
881
882
883
884
885
886
887
888
889
890
891
892
893
894
895
896
897
898
899
900
901
902
903
904
905
906
907
908
909
910
911
912
913
914
915
916
917
918
919
920
921
922
923
924
925
926
927
928
929
930
931
932
933
934
935
936
937
938
939
940
941
942
943
944
945
946
947
948
949
950
951
952
953
954
955
956
957
958
959
960
961
962
963
964
965
966
967
968
969
970
971
972
973
974
975
976
977
978
979
980
981
982
983
984
985
986
987
988
989
990
991
992
993
994
995
996
997
998
999
1000
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<!DOCTYPE html
PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="X-UA-Compatible" content="IE=edge" />
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>102 Http Service Specification - OSGi Compendium 7</title>
<meta name="generator" content="DocBook XSL Stylesheets V1.78.1" />
<link rel="home" href="toc.html" title="OSGi Compendium" />
<link rel="up" href="toc.html" title="OSGi Compendium" />
<link rel="prev" href="service.log.html" title="101 Log Service Specification" />
<link rel="next" href="service.device.html" title="103 Device Access Specification" />
<meta name="Section-title" content="102 Http Service Specification" />
<meta name="viewport" content="width=device-width, initial-scale=1" />
<link rel="shortcut icon" href="images/favicon.png" type="image/x-icon" />
<link rel="stylesheet" type="text/css" href="css/custom.css" />
<link rel="stylesheet" type="text/css" href="css/github.css" />
<link rel="stylesheet" type="text/css" href="//fonts.googleapis.com/css?family=Ubuntu:regular,bold&subset=Latin" /><script type="text/javascript" src="js/highlight.pack.js"></script><script type="text/javascript" src="js/main.js"></script></head>
<body>
<div id="fullbody">
<div id="header">
<div class="menu-top-container"></div>
<div id="shadow-block"><a class="logo" href="index.html"><img src="images/logo.svg" alt="OSGi Alliance Documentation" /><h1>OSGi Compendium Release 7</h1></a></div>
</div>
<div id="mobile-menu-icon">⋮</div>
<div id="column-two">
<div id="content">
<div id="scrollable">
<div class="navheader">
<table width="100%" summary="Navigation header">
<tr>
<td width="20%" align="left"><a accesskey="p" href="service.log.html">Prev</a>
</td>
<th width="60%" align="center"> </th>
<td width="20%" align="right"> <a accesskey="n" href="service.device.html">Next</a></td>
</tr>
</table>
<hr />
</div>
<div class="chapter">
<div xmlns="" class="titlepage">
<div>
<div>
<h1 xmlns="http://www.w3.org/1999/xhtml" class="title"><a xmlns="" class="anchor" id="service.http"></a><span xmlns="" class="number">102</span> Http Service Specification
</h1>
</div>
<div>
<p xmlns="http://www.w3.org/1999/xhtml" class="releaseinfo"><a xmlns="" class="xref" href="service.http.html#org.osgi.service.http" title="102.10 org.osgi.service.http">Version 1.2</a></p>
</div>
</div>
</div>
<div class="section">
<div xmlns="" class="titlepage">
<div>
<div>
<h2 xmlns="http://www.w3.org/1999/xhtml" class="title" style="clear: both"><a xmlns="" class="anchor" id="d0e6460"></a><span xmlns="" class="number">102.1</span> Introduction
</h2>
</div>
</div>
</div>
<p>An OSGi framework normally provides users with access to services on
the Internet and other networks. This access allows users to remotely
retrieve information from, and send control to, services in an OSGi
framework using a standard web browser.
</p>
<p>Bundle developers typically need to develop communication and user
interface solutions for standard technologies such as HTTP, HTML, XML, and
servlets.
</p>
<p>The Http Service supports two standard techniques for this
purpose:
</p>
<div class="itemizedlist">
<ul class="itemizedlist" style="list-style-type: disc; ">
<li class="listitem">
<p><span class="emphasis"><em>Registering servlets</em></span> - A servlet is a Java
object which implements the Java Servlet API. Registering a servlet in
the Framework gives it control over some part of the Http Service URI
name-space.
</p>
</li>
<li class="listitem">
<p><span class="emphasis"><em>Registering resources</em></span> - Registering a
resource allows HTML files, image files, and other static resources to
be made visible in the Http Service URI name-space by the requesting
bundle.
</p>
</li>
</ul>
</div>
<p>Implementations of the Http Service can be based on:</p>
<div class="itemizedlist">
<ul class="itemizedlist" style="list-style-type: disc; ">
<li class="listitem">
<p><a xmlns="" class="xref" href="service.http.html#i1231452" title="HTTP 1.0 Specification RFC-1945">[1] <em>HTTP 1.0 Specification RFC-1945</em></a></p>
</li>
<li class="listitem">
<p><a xmlns="" class="xref" href="service.http.html#i1215926" title="HTTP 1.1 Specification RFC-2616">[2] <em>HTTP 1.1 Specification RFC-2616</em></a></p>
</li>
</ul>
</div>
<p>Alternatively, implementations of this service can support other
protocols if these protocols can conform to the semantics of the
<code class="code">javax.servlet</code> API. This additional support is necessary
because the Http Service is closely related to <a xmlns="" class="xref" href="service.http.html#i1217577" title="Java Servlet Technology">[3] <em>Java Servlet Technology</em></a>.
Http Service implementations must support at least version 2.1 of the Java
Servlet API.
</p>
<div class="section">
<div xmlns="" class="titlepage">
<div>
<div>
<h3 xmlns="http://www.w3.org/1999/xhtml" class="title"><a xmlns="" class="anchor" id="d0e6496"></a><span xmlns="" class="number">102.1.1</span> Entities
</h3>
</div>
</div>
</div>
<p>This specification defines the following interfaces which a bundle
developer can implement collectively as an Http Service or use
individually:
</p>
<div class="itemizedlist">
<ul class="itemizedlist" style="list-style-type: disc; ">
<li class="listitem">
<p><span class="emphasis"><em><a xmlns="" class="xref" href="service.http.html#org.osgi.service.http.HttpContext" title="102.10.2 public interface HttpContext">HttpContext</a></em></span> - Allows bundles to provide
information for a servlet or resource registration.
</p>
</li>
<li class="listitem">
<p><span class="emphasis"><em><a xmlns="" class="xref" href="service.http.html#org.osgi.service.http.HttpService" title="102.10.3 public interface HttpService">HttpService</a></em></span> - Allows other bundles in the
Framework to dynamically register and unregister resources and
servlets into the Http Service URI name-space.
</p>
</li>
<li class="listitem">
<p><span class="emphasis"><em><a xmlns="" class="xref" href="service.http.html#org.osgi.service.http.NamespaceException" title="102.10.4 public class NamespaceException extends Exception">NamespaceException</a></em></span> - Is thrown to indicate an error
with the caller's request to register a servlet or resource into the
Http Service URI name-space.
</p>
</li>
</ul>
</div>
<div class="figure"><a xmlns="" class="anchor" id="d0e6517"></a><p class="title"><strong>Figure <span xmlns="" class="number">102</span>.1 Http Service Overview Diagram</strong></p>
<div class="figure-contents">
<div class="mediaobject" align="center"><img src="images/102-httpservice-classes.png" align="middle" width="585" height="298" alt="Http Service Overview Diagram" /></div>
</div>
</div><br class="figure-break" /></div>
</div>
<div class="section">
<div xmlns="" class="titlepage">
<div>
<div>
<h2 xmlns="http://www.w3.org/1999/xhtml" class="title" style="clear: both"><a xmlns="" class="anchor" id="i1223311"></a><span xmlns="" class="number">102.2</span> Registering Servlets
</h2>
</div>
</div>
</div>
<p><code class="code">javax.servlet.Servlet</code> objects can be registered with
the Http Service by using the <code class="code">HttpService</code> interface. For this
purpose, the <code class="code">HttpService</code> interface defines the method <a xmlns="" class="xref" href="service.http.html#org.osgi.service.http.HttpService.registerServlet-String-javax.servlet.Servlet-Dictionary-HttpContext-" title="102.10.3.3 public void registerServlet(String alias, Servlet servlet, Dictionary<?, ?> initparams, HttpContext context) throws ServletException, NamespaceException">registerServlet(String,javax.servlet.Servlet,Dictionary,HttpContext)</a>.
</p>
<p>For example, if the Http Service implementation is listening to port
80 on the machine <code class="code">www.acme.com</code> and the <code class="code">Servlet</code>
object is registered with the name <code class="code">"/servlet"</code>, then the
<code class="code">Servlet</code> object's <code class="code">service</code> method is called when
the following URL is used from a web browser:
</p><pre xmlns="" class="programlisting"><code>http://www.acme.com/servlet?name=bugs</code></pre><p>All <code class="code">Servlet</code> objects and resource registrations share
the same name-space. If an attempt is made to register a resource or
<code class="code">Servlet</code> object under the same name as a currently registered
resource or <code class="code">Servlet</code> object, a <code class="code">NamespaceException</code>
is thrown. See <a xmlns="" class="xref" href="service.http.html#i1208280" title="102.4 Mapping HTTP Requests to Servlet and Resource Registrations">Mapping HTTP Requests to Servlet and Resource Registrations</a> for more information about the
handling of the Http Service name-space.
</p>
<p>Each <code class="code">Servlet</code> registration must be accompanied with an
<code class="code">HttpContext</code> object. This object provides the handling of
resources, media typing, and a method to handle authentication of remote
requests. See <a xmlns="" class="xref" href="service.http.html#service.http.authentication" title="102.7 Authentication">Authentication</a>.
</p>
<p>For convenience, a default <code class="code">HttpContext</code> object is
provided by the Http Service and can be obtained with <a xmlns="" class="xref" href="service.http.html#org.osgi.service.http.HttpService.createDefaultHttpContext--" title="102.10.3.1 public HttpContext createDefaultHttpContext()">createDefaultHttpContext()</a>. Passing a <code class="code">null</code> parameter to the
registration method achieves the same effect.
</p>
<p><code class="code">Servlet</code> objects require a <code class="code">ServletContext</code>
object. This object provides a number of functions to access the Http
Service Java Servlet environment. It is created by the implementation of
the Http Service for each unique <code class="code">HttpContext</code> object with
which a <code class="code">Servlet</code> object is registered. Thus,
<code class="code">Servlet</code> objects registered with the same
<code class="code">HttpContext</code> object must also share the same
<code class="code">ServletContext</code> object.
</p>
<p><code class="code">Servlet</code> objects are initialized by the Http Service
when they are registered and bound to that specific Http Service. The
initialization is done by calling the <code class="code">Servlet</code> object's
<code class="code">Servlet.init(ServletConfig)</code> method. The
<code class="code">ServletConfig</code> parameter provides access to the initialization
parameters specified when the <code class="code">Servlet</code> object was
registered.
</p>
<p>Therefore, the same <code class="code">Servlet</code> instance must not be reused
for registration with another Http Service, nor can it be registered under
multiple names. Unique instances are required for each
registration.
</p>
<p>The following example code demonstrates the use of the
<code class="code">registerServlet</code> method:
</p><a xmlns="" class="anchor" id="i1223332"></a><pre xmlns="" class="programlisting"><code>Hashtable initparams = new Hashtable();
initparams.put( "name", "value" );
Servlet myServlet = new HttpServlet() {
String name = "<not set>";
public void init( ServletConfig config ) {
this.name = (String)
config.getInitParameter( "name" );
}
public void doGet(
HttpServletRequest req,
HttpServletResponse rsp
) throws IOException {
rsp.setContentType( "text/plain" );
req.getWriter().println( this.name );
}
};
getHttpService().registerServlet(
"/servletAlias",
myServlet,
initparams,
null // use default context
);
// myServlet has been registered
// and its init method has been called. Remote
// requests are now handled and forwarded to
// the servlet.
...
getHttpService().unregister("/servletAlias");
// myServlet has been unregistered and its
// destroy method has been called
</code></pre><p>This example registers the servlet, <code class="code">myServlet</code>, at
alias: <code class="code">/servletAlias</code>. Future requests for
<code class="code">http://www.acme.com/servletAlias</code> maps to the servlet,
<code class="code">myServlet</code>, whose <code class="code">service</code> method is called to
process the request. (The <code class="code">service</code> method is called in the
<code class="code">HttpServlet</code> base class and dispatched to a
<code class="code">doGet</code>, <code class="code">doPut</code>, <code class="code">doPost</code>,
<code class="code">doOptions</code>, <code class="code">doTrace</code>, or <code class="code">doDelete</code>
call depending on the HTTP request method used.)
</p>
</div>
<div class="section">
<div xmlns="" class="titlepage">
<div>
<div>
<h2 xmlns="http://www.w3.org/1999/xhtml" class="title" style="clear: both"><a xmlns="" class="anchor" id="d0e6684"></a><span xmlns="" class="number">102.3</span> Registering Resources
</h2>
</div>
</div>
</div>
<p>A resource is a file containing images, static HTML pages, sounds,
movies, applets, etc. Resources do not require any handling from the
bundle. They are transferred directly from their source - usually the JAR
file that contains the code for the bundle - to the requester using
HTTP.
</p>
<p>Resources could be handled by Servlet objects as explained in <a xmlns="" class="xref" href="service.http.html#i1223311" title="102.2 Registering Servlets">Registering Servlets</a>. Transferring a resource over HTTP, however, would
require very similar <code class="code">Servlet</code> objects for each bundle. To
prevent this redundancy, resources can be registered directly with the
Http Service via the <a xmlns="" class="xref" href="service.http.html#org.osgi.service.http.HttpService" title="102.10.3 public interface HttpService">HttpService</a> interface. This <code class="code">HttpService</code> interface
defines the
<code class="code">registerResources(String,String,HttpContext)</code> method for
registering a resource into the Http Service URI name-space.
</p>
<p>The first parameter is the external alias under which the resource
is registered with the Http Service. The second parameter is an internal
prefix to map this resource to the bundle's name-space. When a request is
received, the <code class="code">HttpService</code> object must remove the external
alias from the URI, replace it with the internal prefix, and call the
<code class="code">getResource(String)</code> method with this new name on the
associated <code class="code">HttpContext</code> object. The <code class="code">HttpContext</code>
object is further used to get the MIME type of the resource and to
authenticate the request.
</p>
<p>Resources are returned as a <code class="code">java.net.URL</code> object. The
Http Service must read from this <code class="code">URL</code> object and transfer the
content to the initiator of the HTTP request.
</p>
<p>This return type was chosen because it matches the return type of
the <code class="code">java.lang.Class.getResource(String resource)</code> method. This
method can retrieve resources directly from the same place as the one from
which the class was loaded - often a package directory in the JAR file of
the bundle. This method makes it very convenient to retrieve resources
from the bundle that are contained in the package.
</p>
<p>The following example code demonstrates the use of the
<code class="code">register Resources</code> method:
</p><pre xmlns="" class="programlisting"><code>package com.acme;
...
HttpContext context = new HttpContext() {
public boolean handleSecurity(
HttpServletRequest request,
HttpServletResponse response
) throws IOException {
return true;
}
public URL getResource(String name) {
return getClass().getResource(name);
}
public String getMimeType(String name) {
return null;
}
};
getHttpService().registerResources (
"/files",
"www",
context
);
...
getHttpService().unregister("/files");
</code></pre><p>This example registers the alias /files on the Http Service.
Requests for resources below this name-space are transferred to the
<code class="code">HttpContext</code> object with an internal name of
<code class="code">www/<name></code>. This example uses the <code class="code">Class.get
Resource(String)</code> method. Because the internal name does not start
with a "/", it must map to a resource in the "<code class="code">com/acme/www</code>"
directory of the JAR file. If the internal name did start with a "/", the
package name would not have to be prefixed and the JAR file would be
searched from the root. Consult the
<code class="code">java.lang.Class.getResource(String)</code> method for more
information.
</p>
<p>In the example, a request for
<code class="code">http://www.acme.com/files/myfile.html</code> must map to the name
"<code class="code">com/acme/www/myfile.html"</code> which is in the bundle's JAR
file.
</p>
<p>More sophisticated implementations of the
<code class="code">getResource(String</code>) method could filter the input name,
restricting the resources that may be returned or map the input name onto
the file system (if the security implications of this action are
acceptable).
</p>
<p>Alternatively, the resource registration could have used a default
<code class="code">HttpContext</code> object, as demonstrated in the following call to
<code class="code">registerResources</code>:
</p><pre xmlns="" class="programlisting"><code>getHttpService().registerResources(
"/files",
"/com/acme/www",
null
);</code></pre><p>In this case, the Http Service implementation would call the <a xmlns="" class="xref" href="service.http.html#org.osgi.service.http.HttpService.createDefaultHttpContext--" title="102.10.3.1 public HttpContext createDefaultHttpContext()">createDefaultHttpContext()</a> method and use its return value as the
<code class="code">HttpContext</code> argument for the <code class="code">registerResources</code>
method. The default implementation must map the resource request to the
bundle's resource, using <code class="code">Bundle.getResource(String)</code>. In the
case of the previous example, however, the internal name must now specify
the full path to the directory containing the resource files in the JAR
file. No automatic prefixing of the package name is done.
</p>
<p>The <code class="code">getMimeType(String)</code> implementation of the default
<code class="code">HttpContext</code> object should rely on the default mapping
provided by the Http Service by returning <code class="code">null</code>. Its
<code class="code">handleSecurity(HttpServletRequest,HttpServletResponse)</code> may
implement an authentication mechanism that is
implementation-dependent.
</p>
</div>
<div class="section">
<div xmlns="" class="titlepage">
<div>
<div>
<h2 xmlns="http://www.w3.org/1999/xhtml" class="title" style="clear: both"><a xmlns="" class="anchor" id="i1208280"></a><span xmlns="" class="number">102.4</span> Mapping HTTP Requests to Servlet and Resource Registrations
</h2>
</div>
</div>
</div>
<p>When an HTTP request comes in from a client, the Http Service checks
to see if the requested URI matches any registered aliases. A URI matches
only if the path part of the URI is exactly the same string. Matching is
case sensitive.
</p>
<p>If it does match, a matching registration takes place, which is
processed as follows:
</p>
<div class="orderedlist">
<ol class="orderedlist" type="1">
<li class="listitem">
<p>If the registration corresponds to a servlet, the authorization
is verified by calling the <code class="code">handleSecurity</code> method of the
associated <code class="code">HttpContext</code> object. See <a xmlns="" class="xref" href="service.http.html#service.http.authentication" title="102.7 Authentication">Authentication</a>. If the request is authorized,
the servlet must be called by its <code class="code">service</code> method to
complete the HTTP request.
</p>
</li>
<li class="listitem">
<p>If the registration corresponds to a resource, the authorization
is verified by calling the <code class="code">handleSecurity</code> method of the
associated <code class="code">HttpContext</code> object. See <a xmlns="" class="xref" href="service.http.html#service.http.authentication" title="102.7 Authentication">Authentication</a>. If the request is authorized,
a target resource name is constructed from the requested URI by
substituting the alias from the registration with the internal name
from the registration if the alias is not "/". If the alias is "/",
then the target resource name is constructed by prefixing the
requested URI with the internal name. An internal name of "/" is
considered to have the value of the empty string ("") during this
process.
</p>
</li>
<li class="listitem">
<p>The target resource name must be passed to the
<code class="code">getResource</code> method of the associated
<code class="code">HttpContext</code> object.
</p>
</li>
<li class="listitem">
<p>If the returned <code class="code">URL</code> object is not
<code class="code">null</code>, the Http Service must return the contents of the
<code class="code">URL</code> to the client completing the HTTP request. The
translated target name, as opposed to the original requested URI, must
also be used as the argument to
<code class="code">HttpContext.getMimeType</code>.
</p>
</li>
<li class="listitem">
<p>If the returned <code class="code">URL</code> object is <code class="code">null</code>,
the Http Service continues as if there was no match.
</p>
</li>
<li class="listitem">
<p>If there is no match, the Http Service must attempt to match
sub-strings of the requested URI to registered aliases. The
sub-strings of the requested URI are selected by removing the last
<code class="code">"/"</code> and everything to the right of the last "/".
</p>
</li>
</ol>
</div>
<p>The Http Service must repeat this process until either a match is
found or the sub-string is an empty string. If the sub-string is empty and
the alias <code class="code">"/"</code> is registered, the request is considered to
match the alias <code class="code">"/"</code>. Otherwise, the Http Service must return
<code class="code">HttpServletResponse.SC_NOT_FOUND(404)</code> to the client.
</p>
<p>For example, an HTTP request comes in with a request URI of
<code class="code">"/fudd/bugs/foo.txt"</code>, and the only registered alias is
<code class="code">"/fudd"</code>. A search for <code class="code">"/fudd/bugs/foo.txt"</code> will
not match an alias. Therefore, the Http Service will search for the alias
"<code class="code">/fudd/bugs"</code> and the alias "<code class="code">/fudd"</code>. The latter
search will result in a match and the matched alias registration must be
used.
</p>
<p>Registrations for identical aliases are not allowed. If a bundle
registers the alias "<code class="code">/fudd"</code>, and another bundle tries to
register the exactly the same alias, the second caller must receive a
<code class="code">NamespaceException</code> and its resource or servlet must
<span class="emphasis"><em>not</em></span> be registered. It could, however, register a
similar alias - for example, "<code class="code">/fudd/bugs"</code>, as long as no
other registration for this alias already exists.
</p>
<p>The following table shows some examples of the usage of the
name-space.
</p>
<div class="table"><a xmlns="" class="anchor" id="d0e6921"></a><p class="title"><strong>Table <span xmlns="" class="number">102</span>.1 Examples of Name-space Mapping</strong></p>
<div class="table-contents">
<table summary="Examples of Name-space Mapping" style="border-collapse: collapse;border-top: 0.5pt solid ; border-bottom: 0.5pt solid ; border-left: 0.5pt solid ; border-right: 0.5pt solid ; ">
<colgroup>
<col />
<col />
<col />
<col />
</colgroup>
<thead>
<tr>
<th style="border-right: 0.5pt solid ; border-bottom: 0.5pt solid ; ">Alias</th>
<th style="border-right: 0.5pt solid ; border-bottom: 0.5pt solid ; ">Internal Name</th>
<th style="border-right: 0.5pt solid ; border-bottom: 0.5pt solid ; ">URI</th>
<th style="border-bottom: 0.5pt solid ; ">getResource Parameter</th>
</tr>
</thead>
<tbody>
<tr>
<td style="border-right: 0.5pt solid ; border-bottom: 0.5pt solid ; "><code class="code">/</code></td>
<td style="border-right: 0.5pt solid ; border-bottom: 0.5pt solid ; "><code class="code">(empty string)</code></td>
<td style="border-right: 0.5pt solid ; border-bottom: 0.5pt solid ; "><code class="code">/fudd/bugs</code></td>
<td style="border-bottom: 0.5pt solid ; "><code class="code">/fudd/bugs</code></td>
</tr>
<tr>
<td style="border-right: 0.5pt solid ; border-bottom: 0.5pt solid ; "><code class="code">/</code></td>
<td style="border-right: 0.5pt solid ; border-bottom: 0.5pt solid ; "><code class="code">/</code></td>
<td style="border-right: 0.5pt solid ; border-bottom: 0.5pt solid ; "><code class="code">/fudd/bugs</code></td>
<td style="border-bottom: 0.5pt solid ; "><code class="code">/fudd/bugs</code></td>
</tr>
<tr>
<td style="border-right: 0.5pt solid ; border-bottom: 0.5pt solid ; "><code class="code">/</code></td>
<td style="border-right: 0.5pt solid ; border-bottom: 0.5pt solid ; "><code class="code">/tmp</code></td>
<td style="border-right: 0.5pt solid ; border-bottom: 0.5pt solid ; "><code class="code">/fudd/bugs</code></td>
<td style="border-bottom: 0.5pt solid ; "><code class="code">/tmp/fudd/bugs</code></td>
</tr>
<tr>
<td style="border-right: 0.5pt solid ; border-bottom: 0.5pt solid ; "><code class="code">/fudd</code></td>
<td style="border-right: 0.5pt solid ; border-bottom: 0.5pt solid ; "><code class="code">(empty string)</code></td>
<td style="border-right: 0.5pt solid ; border-bottom: 0.5pt solid ; "><code class="code">/fudd/bugs</code></td>
<td style="border-bottom: 0.5pt solid ; "><code class="code">/bugs</code></td>
</tr>
<tr>
<td style="border-right: 0.5pt solid ; border-bottom: 0.5pt solid ; "><code class="code">/fudd</code></td>
<td style="border-right: 0.5pt solid ; border-bottom: 0.5pt solid ; "><code class="code">/</code></td>
<td style="border-right: 0.5pt solid ; border-bottom: 0.5pt solid ; "><code class="code">/fudd/bugs</code></td>
<td style="border-bottom: 0.5pt solid ; "><code class="code">/bugs</code></td>
</tr>
<tr>
<td style="border-right: 0.5pt solid ; border-bottom: 0.5pt solid ; "><code class="code">/fudd</code></td>
<td style="border-right: 0.5pt solid ; border-bottom: 0.5pt solid ; "><code class="code">/tmp</code></td>
<td style="border-right: 0.5pt solid ; border-bottom: 0.5pt solid ; "><code class="code">/fudd/bugs</code></td>
<td style="border-bottom: 0.5pt solid ; "><code class="code">/tmp/bugs</code></td>
</tr>
<tr>
<td style="border-right: 0.5pt solid ; border-bottom: 0.5pt solid ; "><code class="code">/fudd</code></td>
<td style="border-right: 0.5pt solid ; border-bottom: 0.5pt solid ; "><code class="code">tmp</code></td>
<td style="border-right: 0.5pt solid ; border-bottom: 0.5pt solid ; "><code class="code">/fudd/bugs/x.gif</code></td>
<td style="border-bottom: 0.5pt solid ; "><code class="code">tmp/bugs/x.gif</code></td>
</tr>
<tr>
<td style="border-right: 0.5pt solid ; "><code class="code">/fudd/bugs/x.gif</code></td>
<td style="border-right: 0.5pt solid ; "><code class="code">tmp/y.gif</code></td>
<td style="border-right: 0.5pt solid ; "><code class="code">/fudd/bugs/x.gif</code></td>
<td style=""><code class="code">tmp/y.gif</code></td>
</tr>
</tbody>
</table>
</div>
</div><br class="table-break" /></div>
<div class="section">
<div xmlns="" class="titlepage">
<div>
<div>
<h2 xmlns="http://www.w3.org/1999/xhtml" class="title" style="clear: both"><a xmlns="" class="anchor" id="d0e7040"></a><span xmlns="" class="number">102.5</span> The Default Http Context Object
</h2>
</div>
</div>
</div>
<p>The <code class="code">HttpContext</code> object in the first example
demonstrates simple implementations of the <a xmlns="" class="xref" href="service.http.html#org.osgi.service.http.HttpContext" title="102.10.2 public interface HttpContext">HttpContext</a>
interface methods. Alternatively, the example could have used a default
<code class="code">HttpContext</code> object, as demonstrated in the following call to
<code class="code">registerServlet</code>:
</p><pre xmlns="" class="programlisting"><code>getHttpService().registerServlet(
"/servletAlias",
myServlet,
initparams,
null
); </code></pre><p>In this case, the Http Service implementation must call
<code class="code">createDefault HttpContext</code> and use the return value as the
<code class="code">HttpContext</code> argument.
</p>
<p>If the default <code class="code">HttpContext</code> object, and thus the
<code class="code">ServletContext</code> object, is to be shared by multiple servlet
registrations, the previous servlet registration example code needs to be
changed to use the same default <code class="code">HttpContext</code> object. This
change is demonstrated in the next example:
</p><pre xmlns="" class="programlisting"><code>HttpContext defaultContext =
getHttpService().createDefaultHttpContext();
getHttpService().registerServlet(
"/servletAlias",
myServlet,
initparams,
defaultContext
);
// defaultContext can be reused
// for further servlet registrations</code></pre></div>
<div class="section">
<div xmlns="" class="titlepage">
<div>
<div>
<h2 xmlns="http://www.w3.org/1999/xhtml" class="title" style="clear: both"><a xmlns="" class="anchor" id="i1243471"></a><span xmlns="" class="number">102.6</span> Multipurpose Internet Mail Extension (MIME) Types
</h2>
</div>
</div>
</div>
<p>MIME defines an extensive set of headers and procedures to encode
binary messages in US-ASCII mails. For an overview of all the related
RFCs, consult <a xmlns="" class="xref" href="service.http.html#i1219807" title="MIME Multipurpose Internet Mail Extension">[4] <em>MIME Multipurpose Internet Mail Extension</em></a>.
</p>
<p>An important aspect of this extension is the type (file format)
mechanism of the binary messages. The type is defined by a string
containing a general category (text, application, image, audio and video,
multipart, and message) followed by a "/" and a specific media type, as in
the example, <code class="code">"text/html"</code> for HTML formatted text files. A
MIME type string can be followed by additional specifiers by separating
<code class="code">key=value</code> pairs with a semicolon (<code class="code">';' \u003B</code>).
These specifiers can be used, for example, to define character sets as
follows:
</p><pre xmlns="" class="programlisting"><code>text/plain ; charset=iso-8859-1</code></pre><p>The Internet Assigned Number Authority (IANA) maintains a set of
defined MIME media types. This list can be found at <a xmlns="" class="xref" href="service.http.html#i1220020" title="Assigned MIME Media Types">[5] <em>Assigned MIME Media Types</em></a>. MIME media types are extendable, and when any part
of the type starts with the prefix <code class="code">"x-"</code>, it is assumed to be
vendor-specific and can be used for testing. New types can be registered
as described in <a xmlns="" class="xref" href="service.http.html#i1220024" title="Registration Procedures for new MIME media types">[6] <em>Registration Procedures for new MIME media types</em></a>.
</p>
<p>HTTP bases its media typing on the MIME RFCs. The "Content-Type"
header should contain a MIME media type so that the browser can recognize
the type and format the content correctly.
</p>
<p>The source of the data must define the MIME media type for each
transfer. Most operating systems do not support types for files, but use
conventions based on file names, such as the last part of the file name
after the last ".". This extension is then mapped to a media type.
</p>
<p>Implementations of the Http Service should have a reasonable default
of mapping common extensions to media types based on file
extensions.
</p>
<div class="table"><a xmlns="" class="anchor" id="d0e7114"></a><p class="title"><strong>Table <span xmlns="" class="number">102</span>.2 Sample Extension to MIME Media Mapping</strong></p>
<div class="table-contents">
<table summary="Sample Extension to MIME Media Mapping" style="border-collapse: collapse;border-top: 0.5pt solid ; border-bottom: 0.5pt solid ; border-left: 0.5pt solid ; border-right: 0.5pt solid ; ">
<colgroup>
<col />
<col />
<col />
</colgroup>
<thead>
<tr>
<th style="border-right: 0.5pt solid ; border-bottom: 0.5pt solid ; ">Extension</th>
<th style="border-right: 0.5pt solid ; border-bottom: 0.5pt solid ; ">MIME media type</th>
<th style="border-bottom: 0.5pt solid ; ">Description</th>
</tr>
</thead>
<tbody>
<tr>
<td style="border-right: 0.5pt solid ; border-bottom: 0.5pt solid ; ">
<p><code class="code">.jpg .jpeg</code></p>
</td>
<td style="border-right: 0.5pt solid ; border-bottom: 0.5pt solid ; ">
<p><code class="code">image/jpeg</code></p>
</td>
<td style="border-bottom: 0.5pt solid ; ">
<p>JPEG Files</p>
</td>
</tr>
<tr>
<td style="border-right: 0.5pt solid ; border-bottom: 0.5pt solid ; ">
<p><code class="code">.gif</code></p>
</td>
<td style="border-right: 0.5pt solid ; border-bottom: 0.5pt solid ; ">
<p><code class="code">image/gif</code></p>
</td>
<td style="border-bottom: 0.5pt solid ; ">
<p>GIF Files</p>
</td>
</tr>
<tr>
<td style="border-right: 0.5pt solid ; border-bottom: 0.5pt solid ; ">
<p><code class="code">.css</code></p>
</td>
<td style="border-right: 0.5pt solid ; border-bottom: 0.5pt solid ; ">
<p><code class="code">text/css</code></p>
</td>
<td style="border-bottom: 0.5pt solid ; ">
<p>Cascading Style Sheet Files</p>
</td>
</tr>
<tr>
<td style="border-right: 0.5pt solid ; border-bottom: 0.5pt solid ; ">
<p><code class="code">.txt</code></p>
</td>
<td style="border-right: 0.5pt solid ; border-bottom: 0.5pt solid ; ">
<p><code class="code">text/plain</code></p>
</td>
<td style="border-bottom: 0.5pt solid ; ">
<p>Text Files</p>
</td>
</tr>
<tr>
<td style="border-right: 0.5pt solid ; border-bottom: 0.5pt solid ; ">
<p><code class="code">.wml</code></p>
</td>
<td style="border-right: 0.5pt solid ; border-bottom: 0.5pt solid ; ">
<p><code class="code">text/vnd.wap.wml</code></p>
</td>
<td style="border-bottom: 0.5pt solid ; ">
<p>Wireless Access Protocol (WAP) Mark
Language
</p>
</td>
</tr>
<tr>
<td style="border-right: 0.5pt solid ; border-bottom: 0.5pt solid ; ">
<p><code class="code">.htm .html</code></p>
</td>
<td style="border-right: 0.5pt solid ; border-bottom: 0.5pt solid ; ">
<p><code class="code">text/html</code></p>
</td>
<td style="border-bottom: 0.5pt solid ; ">
<p>Hyper Text Markup Language</p>
</td>
</tr>
<tr>
<td style="border-right: 0.5pt solid ; ">
<p><code class="code">.wbmp</code></p>
</td>
<td style="border-right: 0.5pt solid ; ">
<p><code class="code">image/vnd.wap.wbmp</code></p>
</td>
<td style="">
<p>Bitmaps for WAP</p>
</td>
</tr>
</tbody>
</table>
</div>
</div><br class="table-break" /><p>Only the bundle developer, however, knows exactly which files have
what media type. The <code class="code">HttpContext</code> interface can therefore be
used to map this knowledge to the media type. The <code class="code">HttpContext</code>
class has the following method for this:
<code class="code">getMimeType(String)</code>.
</p>
<p>The implementation of this method should inspect the file name and
use its internal knowledge to map this name to a MIME media type.
</p>
<p>Simple implementations can extract the extension and look up this
extension in a table.
</p>
<p>Returning <code class="code">null</code> from this method allows the Http Service
implementation to use its default mapping mechanism.
</p>
</div>
<div class="section">
<div xmlns="" class="titlepage">
<div>
<div>
<h2 xmlns="http://www.w3.org/1999/xhtml" class="title" style="clear: both"><a xmlns="" class="anchor" id="service.http.authentication"></a><span xmlns="" class="number">102.7</span> Authentication
</h2>
</div>
</div>
</div>
<p>The Http Service has separated the authentication and authorization
of a request from the execution of the request. This separation allows
bundles to use available <code class="code">Servlet</code> sub-classes while still
providing bundle specific authentication and authorization of the
requests.
</p>
<p>Prior to servicing each incoming request, the Http Service calls the
<a xmlns="" class="xref" href="service.http.html#org.osgi.service.http.HttpContext.handleSecurity-javax.servlet.http.HttpServletRequest-javax.servlet.http.HttpServletResponse-" title="102.10.2.6 public boolean handleSecurity(HttpServletRequest request, HttpServletResponse response) throws IOException">handleSecurity(javax.servlet.http.HttpServletRequest,javax.servlet.http.HttpServletResponse)</a> method on the <code class="code">HttpContext</code> object that
is associated with the request URI. This method controls whether the
request is processed in the normal manner or an authentication error is
returned.
</p>
<p>If an implementation wants to authenticate the request, it can use
the authentication mechanisms of HTTP. See <a xmlns="" class="xref" href="service.http.html#i1220308" title="RFC 2617: HTTP Authentication: Basic and Digest Access Authentication">[7] <em>RFC 2617: HTTP Authentication: Basic and Digest Access Authentication</em></a>.
These mechanisms normally interpret the headers and decide if the user
identity is available, and if it is, whether that user has authenticated
itself correctly.
</p>
<p>There are many different ways of authenticating users, and the
<code class="code">handleSecurity</code> method on the <code class="code">HttpContext</code> object
can use whatever method it requires. If the method returns
<code class="code">true</code>, the request must continue to be processed using the
potentially modified <code class="code">HttpServletRequest</code> and
<code class="code">HttpServletResponse</code> objects. If the method returns
<code class="code">false</code>, the request must <span class="emphasis"><em>not</em></span> be
processed.
</p>
<p>A common standard for HTTP is the basic authentication scheme that
is not secure when used with HTTP. Basic authentication passes the
password in base 64 encoded strings that are trivial to decode into clear
text. Secure transport protocols like HTTPS use SSL to hide this
information. With these protocols basic authentication is secure.
</p>
<p>Using basic authentication requires the following steps:</p>
<div class="orderedlist">
<ol class="orderedlist" type="1">
<li class="listitem">
<p>If no <code class="code">Authorization</code> header is set in the request,
the method should set the <code class="code">WWW-Authenticate</code> header in the
response. This header indicates the desired authentication mechanism
and the realm. For example, <code class="code">WWW-Authenticate: Basic
realm="ACME"</code>.
</p>
<p>The header should be set with the response object that is given
as a parameter to the <code class="code">handleSecurity</code> method. The
<code class="code">handleSecurity</code> method should set the status to
<code class="code">HttpServletResponse.SC_UNAUTHORIZED (401)</code> and return
<code class="code">false</code>.
</p>
</li>
<li class="listitem">
<p>Secure connections can be verified with the
<code class="code">ServletRequest.getScheme()</code> method. This method returns,
for example, "<code class="code">https</code>" for an SSL connection; the
<code class="code">handleSecurity</code> method can use this and other information
to decide if the connection's security level is acceptable. If not,
the <code class="code">handleSecurity</code> method should set the status to
<code class="code">HttpServletResponse.SC_FORBIDDEN</code> (403) and return
<code class="code">false</code>.
</p>
</li>
<li class="listitem">
<p>Next, the request must be authenticated. When basic
authentication is used, the <code class="code">Authorization</code> header is
available in the request and should be parsed to find the user and
password. See <a xmlns="" class="xref" href="service.http.html#i1220308" title="RFC 2617: HTTP Authentication: Basic and Digest Access Authentication">[7] <em>RFC 2617: HTTP Authentication: Basic and Digest Access Authentication</em></a> for more information.
</p>
<p>If the user cannot be authenticated, the status of the response
object should be set to <code class="code">HttpServletResponse.SC_UNAUTHORIZED
(401)</code> and return <code class="code">false</code>.
</p>
</li>
<li class="listitem">
<p>The authentication mechanism that is actually used and the
identity of the authenticated user can be of interest to the
<code class="code">Servlet</code> object. Therefore, the implementation of the
<code class="code">handleSecurity</code> method should set this information in the
request object using the <code class="code">ServletRequest.setAttribute</code>
method. This specification has defined a number of OSGi-specific
attribute names for this purpose:
</p>
<div class="itemizedlist">
<ul class="itemizedlist" style="list-style-type: disc; ">
<li class="listitem">
<p><a xmlns="" class="xref" href="service.http.html#org.osgi.service.http.HttpContext.AUTHENTICATION_TYPE" title="102.10.2.1 public static final String AUTHENTICATION_TYPE = "org.osgi.service.http.authentication.type"">AUTHENTICATION_TYPE</a> - Specifies the scheme used in
authentication. A Servlet may retrieve the value of this attribute
by calling the <code class="code">HttpServletRequest.getAuthType</code> method.
This attribute name is
<code class="code">org.osgi.service.http.authentication.type</code>.
</p>
</li>
<li class="listitem">
<p><a xmlns="" class="xref" href="service.http.html#org.osgi.service.http.HttpContext.REMOTE_USER" title="102.10.2.3 public static final String REMOTE_USER = "org.osgi.service.http.authentication.remote.user"">REMOTE_USER</a> - Specifies the name of the authenticated
user. A Servlet may retrieve the value of this attribute by
calling the <code class="code">HttpServletRequest.getRemoteUser</code> method.
This attribute name is
<code class="code">org.osgi.service.http.authentication.remote.user</code>.
</p>
</li>
<li class="listitem">
<p><a xmlns="" class="xref" href="service.http.html#org.osgi.service.http.HttpContext.AUTHORIZATION" title="102.10.2.2 public static final String AUTHORIZATION = "org.osgi.service.useradmin.authorization"">AUTHORIZATION</a> - If a User Admin service is available in
the environment, then the <code class="code">handleSecurity</code> method
should set this attribute with the <code class="code">Authorization</code>
object obtained from the User Admin service. Such an object
encapsulates the authentication of its remote user. A Servlet may
retrieve the value of this attribute by calling
<code class="code">ServletRequest.getAttribute(HttpContext.AUTHORIZATION)</code>.
This header name is
<code class="code">org.osgi.service.useradmin.authorization</code>.
</p>
</li>
</ul>
</div>
</li>
<li class="listitem">
<p>Once the request is authenticated and any attributes are set,
the <code class="code">handleSecurity</code> method should return
<code class="code">true</code>. This return indicates to the Http Service that the
request is authorized and processing may continue. If the request is
for a Servlet, the Http Service must then call the
<code class="code">service</code> method on the <code class="code">Servlet</code> object.
</p>
</li>
</ol>
</div>
</div>
<div class="section">
<div xmlns="" class="titlepage">
<div>
<div>
<h2 xmlns="http://www.w3.org/1999/xhtml" class="title" style="clear: both"><a xmlns="" class="anchor" id="d0e7408"></a><span xmlns="" class="number">102.8</span> Security
</h2>
</div>
</div>
</div>
<p>This section only applies when executing in an OSGi environment
which is enforcing Java permissions.
</p>
<div class="section">
<div xmlns="" class="titlepage">
<div>
<div>
<h3 xmlns="http://www.w3.org/1999/xhtml" class="title"><a xmlns="" class="anchor" id="d0e7413"></a><span xmlns="" class="number">102.8.1</span> Accessing Resources with the Default Http Context
</h3>
</div>
</div>
</div>
<p>The Http Service must be granted
<code class="code">AdminPermission[*,RESOURCE]</code> so that bundles may use a
default <code class="code">HttpContext</code> object. This is necessary because the
implementation of the default <code class="code">HttpContext</code> object must call
<code class="code">Bundle.getResource</code> to access the resources of a bundle and
this method requires the caller to have
<code class="code">AdminPermission[bundle,RESOURCE]</code>.
</p>
<p>Any bundle may access resources in its own bundle by calling
<code class="code">Class.getResource</code>. This operation is privileged. The
resulting <code class="code">URL</code> object may then be passed to the Http Service
as the result of a <code class="code">HttpContext.getResource</code> call. No further
permission checks are performed when accessing bundle resource
<code class="code">URL</code> objects, so the Http Service does not need to be
granted any additional permissions.
</p>
</div>
<div class="section">
<div xmlns="" class="titlepage">
<div>
<div>
<h3 xmlns="http://www.w3.org/1999/xhtml" class="title"><a xmlns="" class="anchor" id="d0e7447"></a><span xmlns="" class="number">102.8.2</span> Accessing Other Types of Resources
</h3>
</div>
</div>
</div>
<p>In order to access resources that were not registered using the
default <code class="code">HttpContext</code> object, the Http Service must be
granted sufficient privileges to access these resources. For example, if
the <code class="code">getResource</code> method of the registered
<code class="code">HttpContext</code> object returns a file URL, the Http Service
requires the corresponding <code class="code">FilePermission</code> to read the file.
Similarly, if the <code class="code">getResource</code> method of the registered
<code class="code">HttpContext</code> object returns an HTTP URL, the Http Service
requires the corresponding <code class="code">SocketPermission</code> to connect to
the resource.
</p>
<p>Therefore, in most cases, the Http Service should be a privileged
service that is granted sufficient permission to serve any bundle's
resources, no matter where these resources are located. Therefore, the
Http Service must capture the <code class="code">AccessControlContext</code> object
of the bundle registering resources or a servlet, and then use the
captured <code class="code">AccessControlContext</code> object when accessing
resources returned by the registered <code class="code">HttpContext</code> object.
This situation prevents a bundle from registering resources that it does
not have permission to access.
</p>
<p>Therefore, the Http Service should follow a scheme like the
following example. When a resource or servlet is registered, it should
capture the context.
</p><pre xmlns="" class="programlisting"><code>AccessControlContext acc =
AccessController.getContext();</code></pre><p>When a URL returned by the <code class="code">getResource</code> method of the
associated <code class="code">HttpContext</code> object is called, the Http Service
must call the <code class="code">getResource</code> method in a
<code class="code">doPrivileged</code> construct using the
<code class="code">AccessControlContext</code> object of the registering
bundle:
</p><pre xmlns="" class="programlisting"><code>AccessController.doPrivileged(
new PrivilegedExceptionAction() {
public Object run() throws Exception {
...
}
}, acc);</code></pre><p>The Http Service must only use the captured
<code class="code">AccessControlContext</code> when accessing resource
<code class="code">URL</code> objects.
</p>
</div>
<div class="section">
<div xmlns="" class="titlepage">
<div>
<div>
<h3 xmlns="http://www.w3.org/1999/xhtml" class="title"><a xmlns="" class="anchor" id="d0e7515"></a><span xmlns="" class="number">102.8.3</span> Servlet and HttpContext objects
</h3>
</div>
</div>
</div>
<p>This specification does not require that the Http Service is
granted All Permission or wraps calls to the Servlet and Http Context
objects in a <code class="code">doPrivileged</code> block. Therefore, it is the
responsibility of the Servlet and Http Context implementations to use a
<code class="code">doPrivileged</code> block when performing privileged
operations.
</p>
</div>
</div>
<div class="section">
<div xmlns="" class="titlepage">
<div>
<div>
<h2 xmlns="http://www.w3.org/1999/xhtml" class="title" style="clear: both"><a xmlns="" class="anchor" id="d0e7526"></a><span xmlns="" class="number">102.9</span> Configuration Properties
</h2>
</div>
</div>
</div>
<p>If the Http Service does not have its port values configured through
some other means, the Http Service implementation should use the following
properties to determine the port values upon which to listen.
</p>
<p>The following OSGi environment properties are used to specify
default HTTP ports:
</p>
<div class="itemizedlist">
<ul class="itemizedlist" style="list-style-type: disc; ">
<li class="listitem">
<p><code class="code">org.osgi.service.http.port</code> - This property
specifies the port used for servlets and resources accessible via
HTTP. The default value for this property is 80.
</p>
</li>
<li class="listitem">
<p><code class="code">org.osgi.service.http.port.secure</code> - This property
specifies the port used for servlets and resources accessible via
HTTPS. The default value for this property is 443.
</p>
</li>