org.jivesoftware.openfire.auth

Class AuthorizationManager

java.lang.Object

org.jivesoftware.openfire.auth.AuthorizationManager

public class AuthorizationManager
extends Object

Manages the AuthorizationProvider objects.

Overall description of the authentication and authorization process:

After a client connects, and indicates a desire to use SASL, the SASLAuthentication object decides which SASL mechanisms to advertise, and then performs the authentication. If authentication is successful, the XMPPCallbackHandler is asked to handle() an AuthorizeCallback. The XMPPCallbackHandler asks the AuthorizationManager to authorize the principal to the requested username. The AuthorizationManager manages a list of AuthorizationProvider classes, and tries them one at a time and returns true with the first AuthorizationProvider that authorizes the principal to the username. If no classes authorize the principal, false is returned, which traces all the way back to give the client an unauthorized message. Its important to note that the message the client receives will give no indication if the principal authenticated successfully, you will need to check the server logs for that information.

Author:

Jay Kline

Method Summary

Methods

Modifier and Type	Method and Description
static boolean	authorize(String username, String principal) Authorize the authenticated used to the requested username.
static Collection<AuthorizationPolicy>	getAuthorizationPolicies() Returns the currently-installed AuthorizationProvider.
static String	map(String principal) Map the authenticated principal to the default username.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Method Detail

getAuthorizationPolicies

public static Collection<AuthorizationPolicy> getAuthorizationPolicies()

Returns the currently-installed AuthorizationProvider. Warning: You should not be calling the AuthorizationProvider directly to perform authorizations, it will not take into account the policy selected in the openfire.xml. Use @see{authorize} in this class, instead.

Returns:

the current AuthorizationProvider.

authorize

public static boolean authorize(String username,
                String principal)

Authorize the authenticated used to the requested username. This uses the selected the selected AuthenticationProviders.

Parameters:

username - The requested username.

principal - The authenticated principal.

Returns:

true if the user is authorized.

map

public static String map(String principal)

Map the authenticated principal to the default username. If the authenticated principal did not supply a username, determine the default to use.

Parameters:

principal - The authentiated principal to determine the default username.

Returns:

The default username for the authentiated principal.