public interface AuthorisationHandler
Such a handler may be specified in Server.xml or added using
Publishers.setAuthorisationHandler(AuthorisationHandler)
. If there is
no interest in any of the events then there is no need to add a handler.
Only one handler may be added.
Modifier and Type | Method and Description |
---|---|
boolean |
canConnect(Client client)
Deprecated.
since 5.2
Use an authentication handler in preference. This method is
still invoked for backwards compatibility, and can veto
attempts to connect |
boolean |
canFetch(Client client,
Topic topic)
Checks whether a given client is allowed to fetch the current state of a
specified Topic, even when not subscribed.
|
boolean |
canFetch(Client client,
TopicSelector selector)
Checks whether a given Client is allowed to fetch using a specified Topic
Selector.
|
boolean |
canSubscribe(Client client,
Topic topic)
Deprecated.
since 5.9
This method is deprecated and will be removed in a future release. This method is called frequently from performance sensitive code. When a new topic is added is added, this method will be called for all existing Clients. Implementations must be heavily optimized to avoid severely degrading server performance. Blocking I/O, allocation, use of locks, and computationally expensive operations should be avoided. Prefer Diffusion's declarative role-based security. |
boolean |
canSubscribe(Client client,
TopicSelector selector)
Checks whether a given Client is allowed to subscribe using a specified
Topic Selector.
|
boolean |
canWrite(Client client,
Topic topic)
Checks whether a given Client is allowed to send Messages to a specified
Topic.
|
boolean |
credentialsSupplied(Client client,
Credentials credentials)
Deprecated.
since 5.2
Use an authentication handler in preference. This method is
still invoked for backwards compatibility, and can veto
attempts to change the authenticated principal by returning
|
@Deprecated boolean credentialsSupplied(Client client, Credentials credentials)
Use an authentication handler in preference. This method is
still invoked for backwards compatibility, and can veto
attempts to change the authenticated principal by returning
false
. This method will be removed in a future
release.
The method should validate the Credentials and return true if they are valid or false if they are not.
When there is no handler then Credentials sent after connection are set
on the Client (see Client.setCredentials(Credentials)
) but if
there is a handler then it is the responsibility of this method to set
the Credentials on the Client.
This method may also simply decide to disconnect the Client (using
Client.abort()
or ClientConnection.close()
as appropriate.
client
- the Client for which credentials have been supplied.credentials
- the credentials (which could be null).@Deprecated boolean canConnect(Client client)
Use an authentication handler in preference. This method is
still invoked for backwards compatibility, and can veto
attempts to connect false
. This method will be
removed in a future release.
client
- the Client.boolean canSubscribe(Client client, TopicSelector selector)
This is only called if a subscription is attempted that specified a Topic
selection pattern or a topic name with a suffix indicating the selection
of children. A normal topic name subscription would not cause this to be
called as it would be caught by canSubscribe(Client, Topic)
.
Note that even though this may allow a selector pattern the
canSubscribe(Client, Topic)
method will still be called for each
Topic actually selected.
client
- the Client.selector
- the Topic selector.@Deprecated boolean canSubscribe(Client client, Topic topic)
This method is deprecated and will be removed in a future release.
This method is called frequently from performance sensitive code. When a new topic is added is added, this method will be called for all existing Clients. Implementations must be heavily optimized to avoid severely degrading server performance. Blocking I/O, allocation, use of locks, and computationally expensive operations should be avoided.
Prefer Diffusion's declarative role-based security.
client
- the Client.topic
- the Topic.boolean canWrite(Client client, Topic topic)
client
- the Client.topic
- the Topic.boolean canFetch(Client client, TopicSelector selector)
This is only called if a fetch is attempted that specified a Topic
selection pattern or a topic name with a suffix indicating the fetch of
children. A normal topic name fetch would not cause this to be called as
it would be caught by canFetch(Client, Topic)
.
client
- the Client.selector
- the Topic selector.boolean canFetch(Client client, Topic topic)
client
- the clienttopic
- the TopicCopyright © 2016 Push Technology Ltd. All Rights Reserved.