Interface SecurityPolicy
-
- All Known Implementing Classes:
DefaultSecurityPolicy
public interface SecurityPolicyA
SecurityPolicydefines the broad authorization constraints that must be enforced by aBayeuxServer.The usage of
SecurityPolicyhas been mostly replaced by the usage of the more flexibleAuthorizerfor creation of channels, subscription to channels and publish to channels.SecurityPolicyis still the central authorization component for handshakes.A
BayeuxServermay deny the handshake from clients that do not have proper authentication credentials, or may deny clients to publish on reserved channels and so on; all these activities are controlled by theSecurityPolicyimplementation installed on theBayeuxServerviaBayeuxServer.setSecurityPolicy(SecurityPolicy).
-
-
Method Summary
All Methods Instance Methods Default Methods Modifier and Type Method Description default booleancanCreate(BayeuxServer server, ServerSession session, java.lang.String channelId, ServerMessage message)Blocking version ofcanCreate(BayeuxServer, ServerSession, String, ServerMessage, Promise).default voidcanCreate(BayeuxServer server, ServerSession session, java.lang.String channelId, ServerMessage message, Promise<java.lang.Boolean> promise)Checks if a message should be allowed to create a new channel.default booleancanHandshake(BayeuxServer server, ServerSession session, ServerMessage message)Blocking version ofcanHandshake(BayeuxServer, ServerSession, ServerMessage, Promise).default voidcanHandshake(BayeuxServer server, ServerSession session, ServerMessage message, Promise<java.lang.Boolean> promise)Checks if a handshake message should be accepted.default booleancanPublish(BayeuxServer server, ServerSession session, ServerChannel channel, ServerMessage message)Blocking version ofcanPublish(BayeuxServer, ServerSession, ServerChannel, ServerMessage, Promise).default voidcanPublish(BayeuxServer server, ServerSession session, ServerChannel channel, ServerMessage message, Promise<java.lang.Boolean> promise)Checks if a client can publish a message to a channel.default booleancanSubscribe(BayeuxServer server, ServerSession session, ServerChannel channel, ServerMessage message)Blocking version ofcanSubscribe(BayeuxServer, ServerSession, ServerChannel, ServerMessage, Promise).default voidcanSubscribe(BayeuxServer server, ServerSession session, ServerChannel channel, ServerMessage message, Promise<java.lang.Boolean> promise)Checks if a subscribe message from a client is allowed to subscribe to a channel.
-
-
-
Method Detail
-
canHandshake
default void canHandshake(BayeuxServer server, ServerSession session, ServerMessage message, Promise<java.lang.Boolean> promise)
Checks if a handshake message should be accepted.
Both remote sessions and local sessions are subject to this check. Applications usually want local sessions (that is, server-side only sessions related to services) to always pass this check, so a typical implementation filters local session using
ServerSession.isLocalSession().- Parameters:
server- theBayeuxServerobjectsession- the session (not yet added to the BayeuxServer)message- the handshake messagepromise- the promise to notify whether the handshake message should be accepted and theServerSessioninstance associated to theBayeuxServerobject
-
canHandshake
default boolean canHandshake(BayeuxServer server, ServerSession session, ServerMessage message)
Blocking version of
canHandshake(BayeuxServer, ServerSession, ServerMessage, Promise).- Parameters:
server- theBayeuxServerobjectsession- the session (not yet added to the BayeuxServer)message- the handshake message- Returns:
- whether the handshake message is allowed
-
canCreate
default void canCreate(BayeuxServer server, ServerSession session, java.lang.String channelId, ServerMessage message, Promise<java.lang.Boolean> promise)
Checks if a message should be allowed to create a new channel.
A subscribe message or publish message to a channel not yet known to the server triggers this check. Both remote sessions and local sessions, when performing subscribes or publishes via
ClientSessionChannel.subscribe(ClientSessionChannel.MessageListener)orClientSessionChannel.publish(Object)are therefore subject to this check.Direct calls to
BayeuxServer.createChannelIfAbsent(String, ConfigurableServerChannel.Initializer...)are not subject to this check.- Parameters:
server- theBayeuxServerobjectsession- the client sending the messagechannelId- the channel to be createdmessage- the message trying to create the channelpromise- the promise to notify whether the channel should be created
-
canCreate
default boolean canCreate(BayeuxServer server, ServerSession session, java.lang.String channelId, ServerMessage message)
Blocking version of
canCreate(BayeuxServer, ServerSession, String, ServerMessage, Promise).- Parameters:
server- theBayeuxServerobjectsession- the client sending the messagechannelId- the channel to be createdmessage- the message trying to create the channel- Returns:
- whether the channel creation is allowed
-
canSubscribe
default void canSubscribe(BayeuxServer server, ServerSession session, ServerChannel channel, ServerMessage message, Promise<java.lang.Boolean> promise)
Checks if a subscribe message from a client is allowed to subscribe to a channel.
Both remote and local sessions are subject to this check when performing subscribes via
ClientSessionChannel.subscribe(ClientSessionChannel.MessageListener).ServerChannel.subscribe(ServerSession)is not subject to this check.- Parameters:
server- theBayeuxServerobjectsession- the client sending the messagechannel- the channel to subscribe tomessage- the subscribe messagepromise- the promise to notify whether the client can subscribe to the channel
-
canSubscribe
default boolean canSubscribe(BayeuxServer server, ServerSession session, ServerChannel channel, ServerMessage message)
Blocking version of
canSubscribe(BayeuxServer, ServerSession, ServerChannel, ServerMessage, Promise).- Parameters:
server- theBayeuxServerobjectsession- the client sending the messagechannel- the channel to subscribe tomessage- the subscribe message- Returns:
- whether the channel subscription is allowed
-
canPublish
default void canPublish(BayeuxServer server, ServerSession session, ServerChannel channel, ServerMessage message, Promise<java.lang.Boolean> promise)
Checks if a client can publish a message to a channel.
Both remote and local sessions are subject to this check when performing publishes via
ClientSessionChannel.publish(Object).Server-side publishes are not subject to this check.
- Parameters:
server- theBayeuxServerobjectsession- the client sending the messagechannel- the channel to publish tomessage- the message to being publishedpromise- the promise to notify whether the client can publish to the channel
-
canPublish
default boolean canPublish(BayeuxServer server, ServerSession session, ServerChannel channel, ServerMessage message)
Blocking version of
canPublish(BayeuxServer, ServerSession, ServerChannel, ServerMessage, Promise).- Parameters:
server- theBayeuxServerobjectsession- the client sending the messagechannel- the channel to publish tomessage- the message to being published- Returns:
- whether the publish is allowed
-
-