Just a second...

Example: Update the system authentication store

The following examples use the SystemAuthenticationControl feature in the Diffusion™ API to update the system authentication store.

.NET
/**
 * Copyright © 2021 - 2023 DiffusionData Ltd.
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
 * You may obtain a copy of the License at
 * http://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS,
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 * See the License for the specific language governing permissions and
 * limitations under the License.
 */
using System;
using System.Collections.Generic;
using System.Linq;
using System.Threading;
using System.Threading.Tasks;
using PushTechnology.ClientInterface.Client.Factories;
using PushTechnology.ClientInterface.Client.Session;
using PushTechnology.ClientInterface.Client.Types;
using static System.Console;

namespace PushTechnology.ClientInterface.Example {
    /// <summary>
    /// Client implementation that demonstrates how to update the system authentication store.
    /// </summary>
    public sealed class SystemAuthenticationControl
    {
        public async Task SystemAuthenticationControlExample(string serverUrl)
        {
            // Connect as an admin session
            var session = Diffusion.Sessions.Principal("admin").Password("password")
                .CertificateValidation((cert, chain, errors) => CertificateValidationResult.ACCEPT)
                .Open(serverUrl);

            string testPrincipal = "TestPrincipal";

            // Create a new principal

            try
            {
                WriteLine($"Creating principal '{testPrincipal}'.");

                string storeScript = session.SystemAuthenticationControl.Script
                    .AddPrincipal(testPrincipal, "password", new List<string>())
                    .TrustClientProposedPropertyIn("Foo", new List<string> { "value1", "value2" })
                    .TrustClientProposedPropertyMatches("Bar", "regex1")
                    .ToScript();

                await session.SystemAuthenticationControl.UpdateStoreAsync(storeScript);

                WriteLine($"'{testPrincipal}' has been created.");
            }
            catch (Exception ex)
            {
                WriteLine($"Failed to create principal : {ex}.");
            }

            //Assign roles to the principal

            try
            {
                WriteLine($"Adding the roles of Administrator and Modify Session to '{testPrincipal}'.");

                string script1 = session.SystemAuthenticationControl.Script
                    .AssignRoles(testPrincipal, new[] { "ADMINISTRATOR", "MODIFY_SESSION" })
                    .ToScript();

                await session.SystemAuthenticationControl.UpdateStoreAsync(script1);

                WriteLine($"Roles have been added.");
            }
            catch (Exception ex)
            {
                WriteLine($"Failed to assign roles : {ex}.");
            }
            finally
            {
                session.Close();
            }
        }
    }
}
Java and Android
/*******************************************************************************
 * Copyright (C) 2023 DiffusionData Ltd.
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
 * You may obtain a copy of the License at
 * http://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS,
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 * See the License for the specific language governing permissions and
 * limitations under the License.
 *******************************************************************************/
package com.pushtechnology.client.sdk.manual;

import com.pushtechnology.diffusion.client.Diffusion;
import com.pushtechnology.diffusion.client.features.control.clients.SystemAuthenticationControl;
import com.pushtechnology.diffusion.client.features.control.clients.SystemAuthenticationControl.ScriptBuilder;
import com.pushtechnology.diffusion.client.features.control.clients.SystemAuthenticationControl.SystemAuthenticationConfiguration;
import com.pushtechnology.diffusion.client.session.Session;

import java.util.HashSet;
import java.util.Set;

/**
 * An example of using a control client to alter the system authentication
 * configuration.
 *
 * This uses the 'SystemAuthenticationControl' feature.
 *
 * @author DiffusionData Limited
 */
public final class SystemAuthenticationControlExample {

    public static void main(String[] args) {

        final Session session = Diffusion.sessions()
            .principal("admin")
            .password("password")
            .open("ws://localhost:8080");

        final SystemAuthenticationControl authenticationControl =
            session.feature(SystemAuthenticationControl.class);

        final ScriptBuilder scriptBuilder = authenticationControl.scriptBuilder();

        final Set<String> roles = new HashSet<String>() {{
            add("CLIENT_CONTROL");
            add("TOPIC_CONTROL");
            add("AUTHENTICATION_HANDLER");
        }};

        // add a new principal named 'observer' with the given roles
        scriptBuilder.addPrincipal("observer", "password", roles);

        // disallow anonymous connections
        scriptBuilder.denyAnonymousConnections();

        // update the system authentication store
        authenticationControl.updateStore(scriptBuilder.script()).join();

        // get the authentication configuration and print out all principals
        final SystemAuthenticationConfiguration configuration =
            authenticationControl.getSystemAuthentication().join();

        configuration.getPrincipals().forEach(System.out::println);
        session.close();
    }
}
C
/**
 * Copyright © 2021 - 2023 DiffusionData Ltd.
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
 * You may obtain a copy of the License at
 * http://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS,
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 * See the License for the specific language governing permissions and
 * limitations under the License.
 *
 */

#include <stdio.h>
#include <stdlib.h>

#ifndef WIN32
        #include <unistd.h>
#else
        #define sleep(x) Sleep(1000 * x)
#endif

#include "diffusion.h"

/*
 * This callback is invoked when the system authentication store is
 * received, and prints the contents of the store.
 */
int on_get_system_authentication_store(
        SESSION_T *session,
        const SYSTEM_AUTHENTICATION_STORE_T store,
        void *context)
{
        printf("Received %ld principals\n", store.system_principals->size);

        char **names = get_principal_names(store);
        for(char **name = names; *name != NULL; name++) {
                printf("Principal: %s\n", *name);

                char **roles = get_roles_for_principal(store, *name);
                for(char **role = roles; *role != NULL; role++) {
                    printf("  |- Role: %s\n", *role);
                }
                free(roles);
        }
        free(names);

        switch(store.anonymous_connection_action) {
        case ANONYMOUS_CONNECTION_ACTION_ALLOW:
                printf("Allow anonymous connections\n");
                break;
        case ANONYMOUS_CONNECTION_ACTION_DENY:
                printf("Deny anonymous connections\n");
                break;
        case ANONYMOUS_CONNECTION_ACTION_ABSTAIN:
                printf("Abstain from making anonymous connection decision\n");
                break;
        }

        printf("Anonymous connection roles:\n");
        char **roles = get_anonymous_roles(store);
        for(char **role = roles; *role != NULL; role++) {
                printf("  |- Role: %s\n", *role);
        }
        free(roles);

        return HANDLER_SUCCESS;
}


int main(int argc, char **argv)
{
        const char *url = "ws://localhost:8080";
        const char *principal = "admin";
        const char *password = "password";

        CREDENTIALS_T *credentials = credentials_create_password(password);

        // Create a session, synchronously
        SESSION_T *session;
        DIFFUSION_ERROR_T error = { 0 };
        session = session_create(url, principal, credentials, NULL, NULL, &error);
        if(session == NULL) {
                fprintf(stderr, "TEST: Failed to create session\n");
                fprintf(stderr, "ERR : %s\n", error.message);
                return EXIT_FAILURE;
        }

        // Request the system authentication store
        const GET_SYSTEM_AUTHENTICATION_STORE_PARAMS_T params = {
                .on_get = on_get_system_authentication_store
        };
        get_system_authentication_store(session, params);

        // Sleep for a while
        sleep(5);

        // Close the session, and release resources and memory
        session_close(session, NULL);
        session_free(session);

        credentials_free(credentials);

        return EXIT_SUCCESS;
}

Change the URL from that provided in the example to the URL of Diffusion Cloud . Diffusion Cloud service URLs end in diffusion.cloud