CometD Java Server Authorization
Java Server CometD API: Authorization
The Bayeux object can be configured with a
org.cometd.SecurityPolicy object, which allows to control various steps of the Bayeux protocol such as handshake, subscription, publish, etc.
By default, the Bayeux object does not have a SecurityPolicy installed, which means that any operation is authorized.
org.cometd.SecurityPolicy has a default implementation in
org.cometd.server.AbstractBayeux$DefaultPolicy, that is useful as a base class in case of customization of the SecurityPolicy (see how authentication works for an example).
org.cometd.SecurityPolicy methods are:
boolean canHandshake(Message message); boolean canCreate(Client client, String channel, Message message); boolean canSubscribe(Client client, String channel, Message message); boolean canPublish(Client client, String channel, Message message);
The methods are self-speaking and control, respectively, if an handshake, a channel creation, a subscription to a channel and a publish to a channel are to be authorized.
The default implementation
- allows any handshake
- allows creation of channel only from clients that handshook and only if the channel is not a meta channel
- allows subscription from clients that handshook, but not if the channel is a meta channels or the global channel wildcards
- allows publish from clients that handshook to any channel or from clients that want to handshake to the handshake meta channel only
To understand how to install your custom
SecurityPolicy on the Bayeux object, see how it is done in the authentication howto.