org.cometd.bayeux.server

Interface SecurityPolicy

All Known Implementing Classes:

DefaultSecurityPolicy

public interface SecurityPolicy

A SecurityPolicy defines the broad authorization constraints that must be enforced by a BayeuxServer.

The usage of SecurityPolicy has been mostly replaced by the usage of the more flexible Authorizer for creation of channels, subscription to channels and publish to channels. SecurityPolicy is still the central authorization component for handshakes.

A BayeuxServer may deny the handshake from clients that do not have proper authentication credentials, or may deny clients to publish on reserved channels and so on; all these activities are controlled by the SecurityPolicy implementation installed on the BayeuxServer via BayeuxServer.setSecurityPolicy(SecurityPolicy).

See Also:

ConfigurableServerChannel.addAuthorizer(Authorizer)

Method Summary

Modifier and Type	Method and Description
default boolean	canCreate(BayeuxServer server, ServerSession session, String channelId, ServerMessage message) Blocking version of canCreate(BayeuxServer, ServerSession, String, ServerMessage, Promise).
default void	canCreate(BayeuxServer server, ServerSession session, String channelId, ServerMessage message, Promise<Boolean> promise) Checks if a message should be allowed to create a new channel.
default boolean	canHandshake(BayeuxServer server, ServerSession session, ServerMessage message) Blocking version of canHandshake(BayeuxServer, ServerSession, ServerMessage, Promise).
default void	canHandshake(BayeuxServer server, ServerSession session, ServerMessage message, Promise<Boolean> promise) Checks if a handshake message should be accepted.
default boolean	canPublish(BayeuxServer server, ServerSession session, ServerChannel channel, ServerMessage message) Blocking version of canPublish(BayeuxServer, ServerSession, ServerChannel, ServerMessage, Promise).
default void	canPublish(BayeuxServer server, ServerSession session, ServerChannel channel, ServerMessage message, Promise<Boolean> promise) Checks if a client can publish a message to a channel.
default boolean	canSubscribe(BayeuxServer server, ServerSession session, ServerChannel channel, ServerMessage message) Blocking version of canSubscribe(BayeuxServer, ServerSession, ServerChannel, ServerMessage, Promise).
default void	canSubscribe(BayeuxServer server, ServerSession session, ServerChannel channel, ServerMessage message, Promise<Boolean> promise) Checks if a subscribe message from a client is allowed to subscribe to a channel.

Method Detail

canHandshake

default void canHandshake(BayeuxServer server,
                          ServerSession session,
                          ServerMessage message,
                          Promise<Boolean> promise)

Checks if a handshake message should be accepted.

Both remote sessions and local sessions are subject to this check. Applications usually want local sessions (that is, server-side only sessions related to services) to always pass this check, so a typical implementation filters local session using ServerSession.isLocalSession().

Parameters:

server - the BayeuxServer object

session - the session (not yet added to the BayeuxServer)

message - the handshake message

promise - the promise to notify whether the handshake message should be accepted and the ServerSession instance associated to the BayeuxServer object

canHandshake

default boolean canHandshake(BayeuxServer server,
                             ServerSession session,
                             ServerMessage message)

Blocking version of canHandshake(BayeuxServer, ServerSession, ServerMessage, Promise).

Parameters:

server - the BayeuxServer object

session - the session (not yet added to the BayeuxServer)

message - the handshake message

Returns:

whether the handshake message is allowed

canCreate

default void canCreate(BayeuxServer server,
                       ServerSession session,
                       String channelId,
                       ServerMessage message,
                       Promise<Boolean> promise)

Checks if a message should be allowed to create a new channel.

A subscribe message or publish message to a channel not yet known to the server triggers this check. Both remote sessions and local sessions, when performing subscribes or publishes via ClientSessionChannel.subscribe(ClientSessionChannel.MessageListener) or ClientSessionChannel.publish(Object) are therefore subject to this check.

Direct calls to BayeuxServer.createChannelIfAbsent(String, ConfigurableServerChannel.Initializer...) are not subject to this check.

Parameters:

server - the BayeuxServer object

session - the client sending the message

channelId - the channel to be created

message - the message trying to create the channel

promise - the promise to notify whether the channel should be created

canCreate

default boolean canCreate(BayeuxServer server,
                          ServerSession session,
                          String channelId,
                          ServerMessage message)

Blocking version of canCreate(BayeuxServer, ServerSession, String, ServerMessage, Promise).

Parameters:

server - the BayeuxServer object

session - the client sending the message

channelId - the channel to be created

message - the message trying to create the channel

Returns:

whether the channel creation is allowed

canSubscribe

default void canSubscribe(BayeuxServer server,
                          ServerSession session,
                          ServerChannel channel,
                          ServerMessage message,
                          Promise<Boolean> promise)

Checks if a subscribe message from a client is allowed to subscribe to a channel.

Both remote and local sessions are subject to this check when performing subscribes via ClientSessionChannel.subscribe(ClientSessionChannel.MessageListener).

ServerChannel.subscribe(ServerSession) is not subject to this check.

Parameters:

server - the BayeuxServer object

session - the client sending the message

channel - the channel to subscribe to

message - the subscribe message

promise - the promise to notify whether the client can subscribe to the channel

canSubscribe

default boolean canSubscribe(BayeuxServer server,
                             ServerSession session,
                             ServerChannel channel,
                             ServerMessage message)

Blocking version of canSubscribe(BayeuxServer, ServerSession, ServerChannel, ServerMessage, Promise).

Parameters:

server - the BayeuxServer object

session - the client sending the message

channel - the channel to subscribe to

message - the subscribe message

Returns:

whether the channel subscription is allowed

canPublish

default void canPublish(BayeuxServer server,
                        ServerSession session,
                        ServerChannel channel,
                        ServerMessage message,
                        Promise<Boolean> promise)

Checks if a client can publish a message to a channel.

Both remote and local sessions are subject to this check when performing publishes via ClientSessionChannel.publish(Object).

Server-side publishes are not subject to this check.

Parameters:

server - the BayeuxServer object

session - the client sending the message

channel - the channel to publish to

message - the message to being published

promise - the promise to notify whether the client can publish to the channel

canPublish

default boolean canPublish(BayeuxServer server,
                           ServerSession session,
                           ServerChannel channel,
                           ServerMessage message)

Blocking version of canPublish(BayeuxServer, ServerSession, ServerChannel, ServerMessage, Promise).

Parameters:

server - the BayeuxServer object

session - the client sending the message

channel - the channel to publish to

message - the message to being published

Returns:

whether the publish is allowed