Class DefaultAuthorizationPolicy

  • All Implemented Interfaces:
    AuthorizationPolicy

    public class DefaultAuthorizationPolicy
    extends Object
    implements AuthorizationPolicy
    Different clients perform authentication differently, so this policy will authorize any authentication identity, or 'principal' (identity whose password will be used) to a requested authorization identity (identity to act as) that match specific conditions that are considered secure defaults for most installations. Keep in mind if a client does not request any authorization identity, the authentication identity will be used as the authorization identity.
    • If the authentication identity is in the form of a plain username, and the requested authorization identity is in the form of a plain username, then the two must be exactly the same.
    • If the authentication identity contains an '@', then the portion before the '@' must match exactly the requested authorization identity and the portion after the '@' must match at least one of the following:
      • The XMPP domain of the server
      • The SASL realm of the server
      • Be in the list of acceptable realms
    • If the requested authorization identity contains an '@' then the portion before the '@' will be considered the requested authorization identity only if the portion after the '@' matches the XMPP domain of the server or the portion after the '@' in the authentication identity, if any.
    Author:
    Jay Kline
    See Also:
    AuthorizationManager
    • Constructor Detail

      • DefaultAuthorizationPolicy

        public DefaultAuthorizationPolicy()
    • Method Detail

      • authorize

        public boolean authorize​(String authzid,
                                 String authcid)
        Returns true if the provided authentication identity (identity whose password will be used) is explicitly allowed to the provided authorization identity (identity to act as).
        Specified by:
        authorize in interface AuthorizationPolicy
        Parameters:
        authzid - authorization identity (identity to act as).
        authcid - authentication identity, or 'principal' (identity whose password will be used)
        Returns:
        true if the authzid is explicitly allowed to be used by the user authenticated with the authcid.
      • name

        public String name()
        Returns the short name of the Policy
        Specified by:
        name in interface AuthorizationPolicy
        Returns:
        The short name of the Policy
      • description

        public String description()
        Returns a description of the Policy
        Specified by:
        description in interface AuthorizationPolicy
        Returns:
        The description of the Policy.