The global permission enum
The topic permission enum
Returns a SystemAuthenticationScriptBuilder that can be used to modify the server's SystemAuthenticationConfiguration.
a script builder
Change the principal associated with this session.
Allows a session to authenticate as a different principal. If the authentication fails, the current principal remains valid.
the new principal to use.
credentials to authenticate the principal with.
a Result
Example:
session.security.changePrincipal('foo', 'password');
Query the global permissions assigned to the calling session.
a Result which completes when the response is received from the server.
If the request was successful, the Result will complete successfully with a list of GlobalPermission.
Query the topic permissions assigned to the calling session on a given path.
the path to query for permissions
a Result which completes when the response is received from the server.
If the request was successful, the Result will complete successfully with a list of TopicPermission.
Get the principal that the session is currently authenticated as.
the session's principal
Obtain the current contents of the server's security store.
If the request is successful, the result will complete with a SecurityConfiguration.
Example:
session.security.getSecurityConfiguration().then(function(configuration) {
console.log('Got security configuration', configuration);
}, function(err) {
console.log('Error getting security configuration', err);
});
a Result that completes with the security configuration
Obtain the current contents of the server's authentication store.
If the request is successful, the success callback will be called with a SystemAuthenticationConfiguration object.
Example:
session.security.getSystemAuthenticationConfiguration().then(function(configuration) {
// Display principals/roles
configuration.principals.forEach(function(principal) {
console.log(principal.name, principal.roles);
});
// Check the authentication action applied to anonymous connections
console.log(configuration.anonymous.action);
// Check the default roles assigned to anonymous connections
console.log(configuration.anonymous.roles);
}, function(err) {
// Error retrieving configuration
console.log(err);
});
a Result that completes with the server's authentication store
Returns a SecurityScriptBuilder that can be used to modify the server's SecurityConfiguration.
a script builder
Register a handler for client authentication events.
Each handler is registered under a particular handlerName
. For
registration to succeed, the server's security configuration must include
a matching <control-authentication-handler/>
entry for the name.
Otherwise registration will fail, the handler will be closed immediately,
and an error will be reported to the session error handler.
Each control session can register a single handler for a handlerName
.
See onActive.
It is normal for several or all of the control sessions in a control group to set a handler for a given name. Registration will fail if a session in a different control group has registered a handler using the name.
For each authentication event, the server will use its configuration to determine the handler priority order. The server can call authentication handlers in serial or parallel. The server can stop the authentication process as soon as it has an allow or deny response from a handler and all higher priority handlers have abstained.
For a configured control authentication handler, the server will select a
single handler from those registered for the handlerName
. If
no handlers are currently registered, the server will consult the next
handler.
Example:
// Set a simple handler to handle pre-defined principals, otherwise defer to default handling
session.security.setAuthenticationHandler('before-system-handler', [], {
onAuthenticate : function(principal, credentials, details, callback) {
if (principal === 'alice' && credentials === 'hello') {
callback.allow();
} else if (principal === 'bob') {
callback.deny();
} else {
callback.abstain();
}
},
onActive : function(deregister) { },
onClose : function() { },
onError : function() { }
});
Example:
// Set a handler that allocates roles & properties to certain sessions
session.security.setAuthenticationHandler('before-system-handler', [diffusion.clients.DetailType.SUMMARY], {
onAuthenticate : function(principal, credentials, details, callback) {
if (details.summary.clientType === diffusion.clients.ClientType.IOS &&
details.summary.transportType === diffusion.clients.TransportType.WEBSOCKET) {
// Session will be authenticated with the 'WS_IOS' role, and an assigned session property
callback.allow({
roles : ['WS_IOS'],
properties : {
PropertyName : 'PropertyValue'
}
});
} else {
callback.abstain();
}
},
onActive : function(deregister) { },
onClose : function() { },
onError : function() { }
});
must match an entry in the server's security configuration for registration to succeed
the session details that the server will supply, if available
the authentication handler to set
a Result
Register an authenticator for client authentication events.
the handler name which must match an entry in the server's security configuration
specifies the authentication handler
a Result that completes when the authentication handler has been registered, returning a Registration which can be used to unregister the authentication handler.
Otherwise, the Result will resolve with an error. Common reasons for failure include:
REGISTER_HANDLER
or AUTHENTICATE
permission;
control-authentication-handler
element with the given name.
Send a command script to the server to update the authentication store. The script may be produced by the builder SystemAuthenticationScriptBuilder.
If the script is applied without error to the server, the operation result will complete successfully.
If any command in the script fails, none of the changes will be applied, and the result will be failed with an error object.
If the server is configured for topic replication then the changes will be replicated to all members of the cluster.
Example:
session.security.updateAuthenticationStore(script).then(function() {
console.log('Authentication configuration updated');
}, function(err) {
console.log('Failed to update security configuration', err);
});
the command script
a Result
Send a command script to the server to update the security store. The script may be produced by the builder SecurityScriptBuilder.
If the script is applied without error to the server, the operation result will complete successfully.
If any command in the script fails, none of the changes will be applied, and the result will be failed with an error object.
If the server is configured for topic replication then the changes will be replicated to all members of the cluster.
Example:
session.security.updateSecurityStore(script).then(function() {
console.log('Security configuration updated');
}, function(err) {
console.log('Failed to update security configuration', err);
});
the command script
a Result
Security feature. Allows querying and modification of server-side security and authentication configuration.
Example:
// Get a reference to the security feature var security = session.security;