Package org.jivesoftware.openfire.auth

Class DefaultAuthorizationPolicy

java.lang.Object

org.jivesoftware.openfire.auth.DefaultAuthorizationPolicy

All Implemented Interfaces:

AuthorizationPolicy

public class DefaultAuthorizationPolicy
extends Object
implements AuthorizationPolicy

Different clients perform authentication differently, so this policy will authorize any authentication identity, or 'principal' (identity whose password will be used) to a requested authorization identity (identity to act as) that match specific conditions that are considered secure defaults for most installations. Keep in mind if a client does not request any authorization identity, the authentication identity will be used as the authorization identity.

• If the authentication identity is in the form of a plain username, and the requested authorization identity is in the form of a plain username, then the two must be exactly the same.
• If the authentication identity contains an '@', then the portion before the '@' must match exactly the requested authorization identity and the portion after the '@' must match at least one of the following:
  • The XMPP domain of the server
  • The SASL realm of the server
  • Be in the list of acceptable realms
• If the requested authorization identity contains an '@' then the portion before the '@' will be considered the requested authorization identity only if the portion after the '@' matches the XMPP domain of the server or the portion after the '@' in the authentication identity, if any.

Author:

Jay Kline

See Also:

• AuthorizationManager

Field Summary

Fields

Modifier and Type	Field	Description
static final SystemProperty<Boolean>	IGNORE_CASE

Constructor Summary

Constructors

Constructor	Description
DefaultAuthorizationPolicy()

Method Summary

Modifier and Type	Method	Description
boolean	authorize(String authzid, String authcid)	Returns true if the provided authentication identity (identity whose password will be used) is explicitly allowed to the provided authorization identity (identity to act as).
String	description()	Returns a description of the Policy
String	name()	Returns the short name of the Policy

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Field Details

IGNORE_CASE

public static final SystemProperty<Boolean> IGNORE_CASE

Constructor Details

DefaultAuthorizationPolicy

public DefaultAuthorizationPolicy()

Method Details

authorize

public boolean authorize(String authzid,
 String authcid)

Returns true if the provided authentication identity (identity whose password will be used) is explicitly allowed to the provided authorization identity (identity to act as).

Specified by:

authorize in interface AuthorizationPolicy

Parameters:

authzid - authorization identity (identity to act as).

authcid - authentication identity, or 'principal' (identity whose password will be used)

Returns:

true if the authzid is explicitly allowed to be used by the user authenticated with the authcid.

name

public String name()

Returns the short name of the Policy

Specified by:

name in interface AuthorizationPolicy

Returns:

The short name of the Policy

description

public String description()

Returns a description of the Policy

Specified by:

description in interface AuthorizationPolicy

Returns:

The description of the Policy.