Package org.jivesoftware.openfire.auth
Class DefaultAuthorizationPolicy
- java.lang.Object
-
- org.jivesoftware.openfire.auth.DefaultAuthorizationPolicy
-
- All Implemented Interfaces:
AuthorizationPolicy
public class DefaultAuthorizationPolicy extends Object implements AuthorizationPolicy
Different clients perform authentication differently, so this policy will authorize any authentication identity, or 'principal' (identity whose password will be used) to a requested authorization identity (identity to act as) that match specific conditions that are considered secure defaults for most installations. Keep in mind if a client does not request any authorization identity, the authentication identity will be used as the authorization identity.- If the authentication identity is in the form of a plain username, and the requested authorization identity is in the form of a plain username, then the two must be exactly the same.
- If the authentication identity contains an '@', then the portion before the '@' must match exactly the requested
authorization identity and the portion after the '@' must match at least one of the following:
- The XMPP domain of the server
- The SASL realm of the server
- Be in the list of acceptable realms
- If the requested authorization identity contains an '@' then the portion before the '@' will be considered the requested authorization identity only if the portion after the '@' matches the XMPP domain of the server or the portion after the '@' in the authentication identity, if any.
- Author:
- Jay Kline
- See Also:
AuthorizationManager
-
-
Field Summary
Fields Modifier and Type Field Description static SystemProperty<Boolean>
IGNORE_CASE
-
Constructor Summary
Constructors Constructor Description DefaultAuthorizationPolicy()
-
Method Summary
All Methods Instance Methods Concrete Methods Modifier and Type Method Description boolean
authorize(String authzid, String authcid)
Returns true if the provided authentication identity (identity whose password will be used) is explicitly allowed to the provided authorization identity (identity to act as).String
description()
Returns a description of the PolicyString
name()
Returns the short name of the Policy
-
-
-
Field Detail
-
IGNORE_CASE
public static final SystemProperty<Boolean> IGNORE_CASE
-
-
Method Detail
-
authorize
public boolean authorize(String authzid, String authcid)
Returns true if the provided authentication identity (identity whose password will be used) is explicitly allowed to the provided authorization identity (identity to act as).- Specified by:
authorize
in interfaceAuthorizationPolicy
- Parameters:
authzid
- authorization identity (identity to act as).authcid
- authentication identity, or 'principal' (identity whose password will be used)- Returns:
- true if the authzid is explicitly allowed to be used by the user authenticated with the authcid.
-
name
public String name()
Returns the short name of the Policy- Specified by:
name
in interfaceAuthorizationPolicy
- Returns:
- The short name of the Policy
-
description
public String description()
Returns a description of the Policy- Specified by:
description
in interfaceAuthorizationPolicy
- Returns:
- The description of the Policy.
-
-