Interface SecurityPolicy
- All Known Implementing Classes:
DefaultSecurityPolicy
public interface SecurityPolicy
A SecurityPolicy defines the broad authorization constraints that must be
enforced by a BayeuxServer.
The usage of SecurityPolicy has been mostly replaced by the usage of the
more flexible Authorizer for creation of channels, subscription to channels
and publish to channels.
SecurityPolicy is still the central authorization component for handshakes.
A BayeuxServer may deny the handshake from clients that do not have
proper authentication credentials, or may deny clients to publish on reserved
channels and so on; all these activities are controlled by the SecurityPolicy
implementation installed on the BayeuxServer via
BayeuxServer.setSecurityPolicy(SecurityPolicy).
-
Method Summary
Modifier and Type Method Description booleancanCreate(BayeuxServer server, ServerSession session, String channelId, ServerMessage message)Checks if a message should be allowed to create a new channel.booleancanHandshake(BayeuxServer server, ServerSession session, ServerMessage message)Checks if a handshake message should be accepted.booleancanPublish(BayeuxServer server, ServerSession session, ServerChannel channel, ServerMessage message)Checks if a client can publish a message to a channel.booleancanSubscribe(BayeuxServer server, ServerSession session, ServerChannel channel, ServerMessage message)Checks if a subscribe message from a client is allowed to subscribe to a channel.
-
Method Details
-
canHandshake
Checks if a handshake message should be accepted.
Both remote sessions and local sessions are subject to this check. Applications usually want local sessions (that is, server-side only sessions related to services) to always pass this check, so a typical implementation filters local session using
ServerSession.isLocalSession().- Parameters:
server- theBayeuxServerobjectsession- the session (not yet added to the BayeuxServer)message- the handshake message- Returns:
- true if the handshake message should be accepted and the
ServerSessioninstance associated to theBayeuxServerobject
-
canCreate
boolean canCreate(BayeuxServer server, ServerSession session, String channelId, ServerMessage message)Checks if a message should be allowed to create a new channel.
A subscribe message or publish message to a channel not yet known to the server triggers this check. Both remote sessions and local sessions, when performing subscribes or publishes via
ClientSessionChannel.subscribe(ClientSessionChannel.MessageListener)orClientSessionChannel.publish(Object)are therefore subject to this check.Direct calls to
BayeuxServer.createChannelIfAbsent(String, ConfigurableServerChannel.Initializer...)are not subject to this check.- Parameters:
server- theBayeuxServerobjectsession- the client sending the messagechannelId- the channel to be createdmessage- the message trying to create the channel- Returns:
- true if the channel should be created
-
canSubscribe
boolean canSubscribe(BayeuxServer server, ServerSession session, ServerChannel channel, ServerMessage message)Checks if a subscribe message from a client is allowed to subscribe to a channel.
Both remote and local sessions are subject to this check when performing subscribes via
ClientSessionChannel.subscribe(ClientSessionChannel.MessageListener).ServerChannel.subscribe(ServerSession)is not subject to this check.- Parameters:
server- theBayeuxServerobjectsession- the client sending the messagechannel- the channel to subscribe tomessage- the subscribe message- Returns:
- true if the client can subscribe to the channel
-
canPublish
boolean canPublish(BayeuxServer server, ServerSession session, ServerChannel channel, ServerMessage message)Checks if a client can publish a message to a channel.
Both remote and local sessions are subject to this check when performing publishes via
ClientSessionChannel.publish(Object).ServerChannel.publish(Session, Object)is not subject to this check.- Parameters:
server- theBayeuxServerobjectsession- the client sending the messagechannel- the channel to publish tomessage- the message to being published- Returns:
- true if the client can publish to the channel
-