public interface SecurityControl extends SecurityStoreFeature
The security store is maintained at the server and defines the roles that can be assigned to principals.
The association between roles and permissions is defined in the security store. A fixed set of permissions is defined and these are used to control access to actions and data on the server. Roles are used to associate permissions with principals. Permissions are assigned to roles and roles are assigned to principals.
A role can be assigned zero, one or many permissions. The same permission can be assigned to multiple roles. Roles can also include other roles to form a role hierarchy, and so inherit permissions.
Roles are implicitly defined by specifying them in relationships. There is no need to explicitly create roles in the security store.
Permissions may have 'global' or 'topic' scope. Global permissions apply to actions that are not specific to the topic tree, whereas 'topic' permissions apply to a topic or branch of the topic tree.
Topic scoped permissions are assigned to roles for specific topic paths. The permission assignment applies to all descendant topics, unless there is a more specific assignment. To evaluate whether a client session has access to a permission for a topic, the server starts at that topic and searches up the tree to find the nearest permission assignment. The first assignment is the only one considered, even if the client has roles involved in assignments further up the topic tree. Default topic-scope assignments can also be defined. These are used if no path assignment matches.
VIEW_SECURITY
permission and in order
to update the store it needs MODIFY_SECURITY
permission.
session
as follows:
SecurityControl securityControl = session.feature(SecurityControl.class);
Modifier and Type | Interface and Description |
---|---|
static interface |
SecurityControl.ConfigurationCallback
The callback interface for use with
getSecurity . |
static interface |
SecurityControl.ConfigurationContextCallback<C>
The contextual callback interface for use with
getSecurity . |
static interface |
SecurityControl.Role
Encapsulates the defined details for an individual role.
|
static interface |
SecurityControl.ScriptBuilder
A script builder may be used to create a script of commands to apply to
the security store at the server.
|
static interface |
SecurityControl.SecurityConfiguration
Snapshot of information from the security store.
|
SecurityStoreFeature.UpdateStoreCallback, SecurityStoreFeature.UpdateStoreContextCallback<C>
Modifier and Type | Method and Description |
---|---|
<C> void |
getSecurity(C context,
SecurityControl.ConfigurationContextCallback<C> callback)
Obtain the current contents of the security store, with a contextual
callback.
|
void |
getSecurity(SecurityControl.ConfigurationCallback callback)
Obtain the current contents of the security store.
|
SecurityControl.ScriptBuilder |
scriptBuilder()
Returns a builder that can be used to create scripts for use with
updateStore . |
updateStore, updateStore
getSession
void getSecurity(SecurityControl.ConfigurationCallback callback) throws IllegalArgumentException, SessionClosedException
callback
- the operation callbackIllegalArgumentException
- if callback is nullSessionClosedException
- if the session is closed<C> void getSecurity(C context, SecurityControl.ConfigurationContextCallback<C> callback) throws IllegalArgumentException, SessionClosedException
C
- the context typecontext
- the context to pass to the callback, may be nullcallback
- the operation callbackIllegalArgumentException
- if callback is nullSessionClosedException
- if the session is closedgetSecurity(ConfigurationCallback)
SecurityControl.ScriptBuilder scriptBuilder()
updateStore
.Copyright © 2016 Push Technology Ltd. All Rights Reserved.