public static interface SecurityControl.ScriptBuilder
Each method call on the builder adds a line to the script and then the
script may be built using the script
method which produces a String script which may be sent to the server
using updateStore
.
Such a builder may be created using the
scriptBuilder
method.
Modifier and Type | Method and Description |
---|---|
SecurityControl.ScriptBuilder |
removeTopicPermissions(String role,
String topicPath)
Removes any previously assigned permissions to a particular topic for
a given role.
|
String |
script()
Create a script.
|
SecurityControl.ScriptBuilder |
setDefaultTopicPermissions(String role,
Set<TopicPermission> permissions)
Sets the default topic permissions to be assigned to a named role.
|
SecurityControl.ScriptBuilder |
setGlobalPermissions(String role,
Set<GlobalPermission> permissions)
Sets the global permissions to be assigned to a named role.
|
SecurityControl.ScriptBuilder |
setRoleIncludes(String role,
Set<String> includedRoles)
Sets the roles that are to be included within a specified role.
|
SecurityControl.ScriptBuilder |
setRolesForAnonymousSessions(Set<String> roles)
Sets the roles to be assigned by default to all anonymous sessions.
|
SecurityControl.ScriptBuilder |
setRolesForNamedSessions(Set<String> roles)
Sets the roles to be assigned by default to all named sessions.
|
SecurityControl.ScriptBuilder |
setTopicPermissions(String role,
String topicPath,
Set<TopicPermission> permissions)
Sets specific topic permissions to be assigned for a named role.
|
SecurityControl.ScriptBuilder setRolesForAnonymousSessions(Set<String> roles) throws IllegalArgumentException
roles
- the roles to be assigned to anonymous sessions. This may
be empty which would mean that no roles are to be assigned by
default to anonymous sessions.IllegalArgumentException
- if roles
is nullSecurityControl.ScriptBuilder setRolesForNamedSessions(Set<String> roles) throws IllegalArgumentException
roles
- the roles to be assigned to all named sessions. This may
be empty which would mean that no roles are to be assigned by
default to named sessions.IllegalArgumentException
- if roles
is nullSecurityControl.ScriptBuilder setGlobalPermissions(String role, Set<GlobalPermission> permissions) throws IllegalArgumentException
role
- the rolepermissions
- the global permissions to assign to the role. This
may be empty which would mean that no global permissions are
to be assigned the role.IllegalArgumentException
- if any parameter is nullSecurityControl.ScriptBuilder setDefaultTopicPermissions(String role, Set<TopicPermission> permissions) throws IllegalArgumentException
The role will have the given permissions to all topics unless specifically overridden for named paths.
role
- the rolepermissions
- the default permissions to assigned to the role.
This may be empty which would mean that the named role will be
assigned no default topic permissions.IllegalArgumentException
- if any parameter is nullSecurityControl.ScriptBuilder setTopicPermissions(String role, String topicPath, Set<TopicPermission> permissions) throws IllegalArgumentException
When permissions are assigned to a role for a topic path they will apply to the topic and any topics below the specified topic in the topic tree. Topic scoped permissions are assigned to roles for specific topic paths. The permission assignment applies to all descendant topics, unless there is a more specific assignment.
To evaluate whether a client session has access to a permission for a topic, the server starts at that topic and searches up the tree to find the nearest permission assignment. The first assignment is the only one considered, even if the client has roles involved in assignments further up the topic tree.
role
- the roletopicPath
- Specifies the point in the topic tree at which the
permissions are to be applied for the named role.permissions
- the permissions to assign to the role for the
topic. This may be empty which would mean that the named role
will have no permissions to the specified topic (i.e. unable
to access the topic in any way), which is different from not
having permissions specified for the topic (see
removeTopicPermissions(String, String)
).IllegalArgumentException
- if any parameter is nullSecurityControl.ScriptBuilder removeTopicPermissions(String role, String topicPath) throws IllegalArgumentException
This is different from setting no permissions to a topic for a role. By removing permissions set for a particular branch of the topic hierarchy the permissions become deferred to superior branches in the hierarchy or to the default topic permissions.
role
- the role to remove topic permissions fromtopicPath
- the topic for which permissions are to be removedIllegalArgumentException
- if any parameter is nullSecurityControl.ScriptBuilder setRoleIncludes(String role, Set<String> includedRoles) throws IllegalArgumentException
role
- the roleincludedRoles
- the roles to include. This may be empty, which
would mean that the given role should not include any other
roles.IllegalArgumentException
- if any parameter is nullString script()
Copyright © 2016 Push Technology Ltd. All Rights Reserved.