DefaultAuthorizationPolicy (Core XMPP Server 4.4.1 API)

java.lang.Object
- org.jivesoftware.openfire.auth.DefaultAuthorizationPolicy

All Implemented Interfaces:

AuthorizationPolicy
```
public class DefaultAuthorizationPolicy
extends Object
implements AuthorizationPolicy
```
Different clients perform authentication differently, so this policy will authorize any principal to a requested user that match specific conditions that are considered secure defaults for most installations. Keep in mind if a client does not request any username Java copies the authenticated ID to the requested username.
- If the authenticated ID is in the form of a plain username, and the requested user is in the form of a plain username, then the two must be exactly the same.
- If the authenticated ID contains an '@', then the portion before the '@' must match exactly the requested username and the portion after the '@' must match at least one of the following:
  - The XMPP domain of the server
  - The SASL realm of the server
  - Be in the list of acceptable realms
- If the requested username contains an '@' then the portion before the '@' will be considered the requested username only if the portion after the '@' matches the XMPP domain of the server or the portion after the '@' in the authenticated ID, if any.
Author:

Jay Kline

See Also:

AuthorizationManager

Constructor Summary

Constructors
Constructor Description

DefaultAuthorizationPolicy()

Method Summary

All Methods Instance Methods Concrete Methods
Modifier and Type	Method	Description
`boolean`	`authorize(String username, String authenID)`	Returns true if the principal is explicitly authorized to the JID
`String`	`description()`	Returns a description of the Policy
`String`	`name()`	Returns the short name of the Policy

Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

- Constructor Detail
  - DefaultAuthorizationPolicy
```
public DefaultAuthorizationPolicy()
```
- Method Detail
  - authorize
```
public boolean authorize(String username,
                         String authenID)
```
    Returns true if the principal is explicitly authorized to the JID
    
    Specified by:
    
    authorize in interface AuthorizationPolicy
    
    Parameters:
    
    username - The username requested.
    
    authenID - The authenticated ID (principal) requesting the username.
    
    Returns:
    
    true if the authenticated ID is authorized to the requested user.
  - name
```
public String name()
```
    Returns the short name of the Policy
    
    Specified by:
    
    name in interface AuthorizationPolicy
    
    Returns:
    
    The short name of the Policy
  - description
```
public String description()
```
    Returns a description of the Policy
    
    Specified by:
    
    description in interface AuthorizationPolicy
    
    Returns:
    
    The description of the Policy.