Securing OSGi applications
Securing OSGi applications is very similar to securing enterprise applications. For most security frameworks, no additional steps are required. For Java™ 2 security, there is some optional extra configuration that is specific to OSGi Applications.
About this task
For most security frameworks that are supported by WebSphere® Application Server, configuring security for OSGi applications requires no additional steps to those that are required for enterprise applications. For example: If you enable security, and you add a secure asset, you must specify a target server that is in the global security domain. This requirement is the same whether the asset is an enterprise application or an OSGi application.
For application security with OSGi applications, you can modify the security role to user or group mapping when you add the asset to the business-level application.
For Java 2 security in enterprise applications, you set permissions at the application level. For OSGi applications, you can also set Java 2 security permissions at the bundle level. To support this finer-grained security, there are extra configuration steps that you can complete when you create an OSGi application, when you migrate an enterprise application to an OSGi application, and when you add an enterprise bundle archive (EBA) asset to a business-level application.