org.jivesoftware.openfire.sasl
Class LooseAuthorizationPolicy

java.lang.Object
  org.jivesoftware.openfire.sasl.LooseAuthorizationPolicy

All Implemented Interfaces:

AuthorizationPolicy

public class LooseAuthorizationPolicy
extends Object
implements AuthorizationPolicy

This policy will authorize any principal who's username matches exactly the username of the JID. This means when cross realm authentication is allowed, user@REALM_A.COM and user@REALM_B.COM could both authorize as user@servername, so there is some risk here. But if usernames across the

Author:

Jay Kline

Constructor Summary

LooseAuthorizationPolicy()

Method Summary

boolean	authorize(String username, String principal) Returns true if the principal is explicity authorized to the JID
String	description() Returns a description of the Policy
String	name() Returns the short name of the Policy

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Detail

LooseAuthorizationPolicy

public LooseAuthorizationPolicy()

Method Detail

authorize

public boolean authorize(String username,
                         String principal)

Returns true if the principal is explicity authorized to the JID

Specified by:

authorize in interface AuthorizationPolicy

Parameters:

username - The username requested.

principal - The principal requesting the username.

Returns:

true is the user is authorized to be principal

name

public String name()

Returns the short name of the Policy

Specified by:

name in interface AuthorizationPolicy

Returns:

The short name of the Policy

description

public String description()

Returns a description of the Policy

Specified by:

description in interface AuthorizationPolicy

Returns:

The description of the Policy.