Package org.jivesoftware.openfire.auth

Class AuthorizationManager

java.lang.Object

org.jivesoftware.openfire.auth.AuthorizationManager

public class AuthorizationManager
extends Object

Manages the AuthorizationProvider objects. Overall description of the authentication and authorization process: After a client connects, and indicates a desire to use SASL, the SASLAuthentication object decides which SASL mechanisms to advertise, and then performs the authentication. If authentication is successful, the XMPPCallbackHandler is asked to handle() an AuthorizeCallback. The XMPPCallbackHandler asks the AuthorizationManager to authorize the authentication identity whose password was used (the 'principal) to the requested authorization identity (the username that the user wants to act as). The AuthorizationManager manages a list of AuthorizationProvider classes, and tries them one at a time and returns true with the first AuthorizationProvider that authorizes the authentication identity to the authorization identity. If no classes authorize the authentication identity, false is returned, which traces all the way back to give the client an unauthorized message. It's important to note that the message the client receives will give no indication if the authentication identity authenticated successfully. You will need to check the server logs for that information.

Author:

Jay Kline

Method Summary

Modifier and Type	Method	Description
static boolean	authorize(String authzid, String authcid)	Authorize the authenticated username (authcid, principal) to the requested username (authzid).
static Collection<AuthorizationPolicy>	getAuthorizationPolicies()	Returns the currently-installed AuthorizationProvider.
static String	map(String authcid)	Map the authenticated username (authcid, principal) to the username to act as (authzid).

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Method Details

getAuthorizationPolicies

public static Collection<AuthorizationPolicy> getAuthorizationPolicies()

Returns the currently-installed AuthorizationProvider. Warning: You should not be calling the AuthorizationProvider directly to perform authorizations, it will not take into account the policy selected in the openfire.xml. Use @see{authorize} in this class, instead.

Returns:

the current AuthorizationProvider.

authorize

public static boolean authorize(String authzid,
 String authcid)

Authorize the authenticated username (authcid, principal) to the requested username (authzid). This uses the selected AuthenticationProviders.

Parameters:

authzid - authorization identity (identity to act as).

authcid - authentication identity (identity whose password will be used)

Returns:

true if the user is authorized to act as the requested authorization identity.

map

public static String map(String authcid)

Map the authenticated username (authcid, principal) to the username to act as (authzid). If the authenticated username did not supply a username to act as, determine the default to use.

Parameters:

authcid - authentication identity (identity whose password will be used), for which to determine the username to act as (authzid).

Returns:

The username to act as (authzid) for the provided authentication identity.