Class AuthorizationManager

  • public class AuthorizationManager
    extends Object
    Manages the AuthorizationProvider objects.

    Overall description of the authentication and authorization process:

    After a client connects, and indicates a desire to use SASL, the SASLAuthentication object decides which SASL mechanisms to advertise, and then performs the authentication. If authentication is successful, the XMPPCallbackHandler is asked to handle() an AuthorizeCallback. The XMPPCallbackHandler asks the AuthorizationManager to authorize the principal to the requested username. The AuthorizationManager manages a list of AuthorizationProvider classes, and tries them one at a time and returns true with the first AuthorizationProvider that authorizes the principal to the username. If no classes authorize the principal, false is returned, which traces all the way back to give the client an unauthorized message. Its important to note that the message the client receives will give no indication if the principal authenticated successfully, you will need to check the server logs for that information.
    Jay Kline
    • Method Detail

      • getAuthorizationPolicies

        public static Collection<AuthorizationPolicy> getAuthorizationPolicies()
        Returns the currently-installed AuthorizationProvider. Warning: You should not be calling the AuthorizationProvider directly to perform authorizations, it will not take into account the policy selected in the openfire.xml. Use @see{authorize} in this class, instead.
        the current AuthorizationProvider.
      • authorize

        public static boolean authorize​(String username,
                                        String principal)
        Authorize the authenticated used to the requested username. This uses the selected the selected AuthenticationProviders.
        username - The requested username.
        principal - The authenticated principal.
        true if the user is authorized.
      • map

        public static String map​(String principal)
        Map the authenticated principal to the default username. If the authenticated principal did not supply a username, determine the default to use.
        principal - The authentiated principal to determine the default username.
        The default username for the authentiated principal.