Example: Update the system authentication store
The following examples use the SystemAuthenticationControl feature in the Diffusion™ API to update the system authentication store.
.NET
/** * Copyright © 2021 - 2023 DiffusionData Ltd. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. */ using System; using System.Collections.Generic; using System.Linq; using System.Threading; using System.Threading.Tasks; using PushTechnology.ClientInterface.Client.Factories; using PushTechnology.ClientInterface.Client.Session; using PushTechnology.ClientInterface.Client.Types; using static System.Console; namespace PushTechnology.ClientInterface.Example { /// <summary> /// Client implementation that demonstrates how to update the system authentication store. /// </summary> public sealed class SystemAuthenticationControl { public async Task SystemAuthenticationControlExample(string serverUrl) { // Connect as an admin session var session = Diffusion.Sessions.Principal("admin").Password("password") .CertificateValidation((cert, chain, errors) => CertificateValidationResult.ACCEPT) .Open(serverUrl); string testPrincipal = "TestPrincipal"; // Create a new principal try { WriteLine($"Creating principal '{testPrincipal}'."); string storeScript = session.SystemAuthenticationControl.Script .AddPrincipal(testPrincipal, "password", new List<string>()) .TrustClientProposedPropertyIn("Foo", new List<string> { "value1", "value2" }) .TrustClientProposedPropertyMatches("Bar", "regex1") .ToScript(); await session.SystemAuthenticationControl.UpdateStoreAsync(storeScript); WriteLine($"'{testPrincipal}' has been created."); } catch (Exception ex) { WriteLine($"Failed to create principal : {ex}."); } //Assign roles to the principal try { WriteLine($"Adding the roles of Administrator and Modify Session to '{testPrincipal}'."); string script1 = session.SystemAuthenticationControl.Script .AssignRoles(testPrincipal, new[] { "ADMINISTRATOR", "MODIFY_SESSION" }) .ToScript(); await session.SystemAuthenticationControl.UpdateStoreAsync(script1); WriteLine($"Roles have been added."); } catch (Exception ex) { WriteLine($"Failed to assign roles : {ex}."); } finally { session.Close(); } } } }
Java and Android
/******************************************************************************* * Copyright (C) 2023 DiffusionData Ltd. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. *******************************************************************************/ package com.pushtechnology.client.sdk.manual; import com.pushtechnology.diffusion.client.Diffusion; import com.pushtechnology.diffusion.client.features.control.clients.SystemAuthenticationControl; import com.pushtechnology.diffusion.client.features.control.clients.SystemAuthenticationControl.ScriptBuilder; import com.pushtechnology.diffusion.client.features.control.clients.SystemAuthenticationControl.SystemAuthenticationConfiguration; import com.pushtechnology.diffusion.client.session.Session; import java.util.HashSet; import java.util.Set; /** * An example of using a control client to alter the system authentication * configuration. * * This uses the 'SystemAuthenticationControl' feature. * * @author DiffusionData Limited */ public final class SystemAuthenticationControlExample { public static void main(String[] args) { final Session session = Diffusion.sessions() .principal("admin") .password("password") .open("ws://localhost:8080"); final SystemAuthenticationControl authenticationControl = session.feature(SystemAuthenticationControl.class); final ScriptBuilder scriptBuilder = authenticationControl.scriptBuilder(); final Set<String> roles = new HashSet<String>() {{ add("CLIENT_CONTROL"); add("TOPIC_CONTROL"); add("AUTHENTICATION_HANDLER"); }}; // add a new principal named 'observer' with the given roles scriptBuilder.addPrincipal("observer", "password", roles); // disallow anonymous connections scriptBuilder.denyAnonymousConnections(); // update the system authentication store authenticationControl.updateStore(scriptBuilder.script()).join(); // get the authentication configuration and print out all principals final SystemAuthenticationConfiguration configuration = authenticationControl.getSystemAuthentication().join(); configuration.getPrincipals().forEach(System.out::println); session.close(); } }
C
/** * Copyright © 2021 - 2023 DiffusionData Ltd. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. * */ #include <stdio.h> #include <stdlib.h> #ifndef WIN32 #include <unistd.h> #else #define sleep(x) Sleep(1000 * x) #endif #include "diffusion.h" /* * This callback is invoked when the system authentication store is * received, and prints the contents of the store. */ int on_get_system_authentication_store( SESSION_T *session, const SYSTEM_AUTHENTICATION_STORE_T store, void *context) { printf("Received %ld principals\n", store.system_principals->size); char **names = get_principal_names(store); for(char **name = names; *name != NULL; name++) { printf("Principal: %s\n", *name); char **roles = get_roles_for_principal(store, *name); for(char **role = roles; *role != NULL; role++) { printf(" |- Role: %s\n", *role); } free(roles); } free(names); switch(store.anonymous_connection_action) { case ANONYMOUS_CONNECTION_ACTION_ALLOW: printf("Allow anonymous connections\n"); break; case ANONYMOUS_CONNECTION_ACTION_DENY: printf("Deny anonymous connections\n"); break; case ANONYMOUS_CONNECTION_ACTION_ABSTAIN: printf("Abstain from making anonymous connection decision\n"); break; } printf("Anonymous connection roles:\n"); char **roles = get_anonymous_roles(store); for(char **role = roles; *role != NULL; role++) { printf(" |- Role: %s\n", *role); } free(roles); return HANDLER_SUCCESS; } int main(int argc, char **argv) { const char *url = "ws://localhost:8080"; const char *principal = "admin"; const char *password = "password"; CREDENTIALS_T *credentials = credentials_create_password(password); // Create a session, synchronously SESSION_T *session; DIFFUSION_ERROR_T error = { 0 }; session = session_create(url, principal, credentials, NULL, NULL, &error); if(session == NULL) { fprintf(stderr, "TEST: Failed to create session\n"); fprintf(stderr, "ERR : %s\n", error.message); return EXIT_FAILURE; } // Request the system authentication store const GET_SYSTEM_AUTHENTICATION_STORE_PARAMS_T params = { .on_get = on_get_system_authentication_store }; get_system_authentication_store(session, params); // Sleep for a while sleep(5); // Close the session, and release resources and memory session_close(session, NULL); session_free(session); credentials_free(credentials); return EXIT_SUCCESS; }
Change the URL from that provided in the example to the URL of Diffusion Cloud . Diffusion Cloud service URLs end in diffusion.cloud