Example: Update the system authentication store
The following examples use the SystemAuthenticationControl feature in the Diffusion™ API to update the system authentication store.
.NET
/** * Copyright © 2021, 2022 Push Technology Ltd. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. */ using System; using System.Collections.Generic; using System.Linq; using System.Threading; using System.Threading.Tasks; using PushTechnology.ClientInterface.Client.Factories; using PushTechnology.ClientInterface.Client.Session; using PushTechnology.ClientInterface.Client.Types; using static System.Console; namespace PushTechnology.ClientInterface.Example { /// <summary> /// Client implementation that demonstrates how to update the system authentication store. /// </summary> public sealed class SystemAuthenticationControl { public async Task SystemAuthenticationControlExample(string serverUrl) { // Connect as an admin session var session = Diffusion.Sessions.Principal("admin").Password("password") .CertificateValidation((cert, chain, errors) => CertificateValidationResult.ACCEPT) .Open(serverUrl); string testPrincipal = "TestPrincipal"; // Create a new principal try { WriteLine($"Creating principal '{testPrincipal}'."); string storeScript = session.SystemAuthenticationControl.Script .AddPrincipal(testPrincipal, "password", new List<string>()) .TrustClientProposedPropertyIn("Foo", new List<string> { "value1", "value2" }) .TrustClientProposedPropertyMatches("Bar", "regex1") .ToScript(); await session.SystemAuthenticationControl.UpdateStoreAsync(storeScript); WriteLine($"'{testPrincipal}' has been created."); } catch (Exception ex) { WriteLine($"Failed to create principal : {ex}."); } //Assign roles to the principal try { WriteLine($"Adding the roles of Administrator and Modify Session to '{testPrincipal}'."); string script1 = session.SystemAuthenticationControl.Script .AssignRoles(testPrincipal, new[] { "ADMINISTRATOR", "MODIFY_SESSION" }) .ToScript(); await session.SystemAuthenticationControl.UpdateStoreAsync(script1); WriteLine($"Roles have been added."); } catch (Exception ex) { WriteLine($"Failed to assign roles : {ex}."); } finally { session.Close(); } } } }
Java and Android
package com.pushtechnology.diffusion.examples; import java.util.HashSet; import java.util.Set; import java.util.concurrent.CompletableFuture; import java.util.concurrent.ExecutionException; import org.slf4j.Logger; import org.slf4j.LoggerFactory; import com.pushtechnology.diffusion.client.Diffusion; import com.pushtechnology.diffusion.client.features.control.clients.SystemAuthenticationControl; import com.pushtechnology.diffusion.client.features.control.clients.SystemAuthenticationControl.ScriptBuilder; import com.pushtechnology.diffusion.client.session.Session; /** * An example of using a control client to alter the system authentication * configuration. * <P> * This uses the {@link SystemAuthenticationControl} feature only. * * @author Push Technology Limited * @since 5.2 */ public class ControlClientChangingSystemAuthentication { private static final Logger LOG = LoggerFactory.getLogger( ControlClientChangingSystemAuthentication.class); private final SystemAuthenticationControl systemAuthenticationControl; private final ScriptBuilder emptyScript; /** * Constructor. */ public ControlClientChangingSystemAuthentication() { final Session session = Diffusion.sessions() // Authenticate with a user that has the VIEW_SECURITY and // MODIFY_SECURITY permissions. .principal("admin").password("password") // Use a secure channel because we're transferring sensitive // information. .open("wss://diffusion.example.com:80"); systemAuthenticationControl = session.feature(SystemAuthenticationControl.class); emptyScript = systemAuthenticationControl.scriptBuilder(); } /** * For all system users, update the assigned roles to replace the * "SUPERUSER" role and with "ADMINISTRATOR". * * @return a CompletableFuture that completes when the operation succeeds or * fails. * * <p> * If the operation was successful, the CompletableFuture will * complete successfully. * * <p> * Otherwise, the CompletableFuture will complete exceptionally with * an {@link ExecutionException}. See * {@link SystemAuthenticationControl#getSystemAuthentication()} and * {@link SystemAuthenticationControl#updateStore(String)} for * common failure reasons. */ public CompletableFuture<Void> changeSuperUsersToAdministrators() { return systemAuthenticationControl .getSystemAuthentication() .thenCompose(configuration -> { final String script = configuration // For each principal ... .getPrincipals().stream() // ... that has the SUPERUSER assigned role ... .filter(p -> p.getAssignedRoles().contains("SUPERUSER")) // ... create a script that updates the assigned roles to // replace SUPERUSER with ADMINISTRATOR ... .map(p -> { final Set<String> newRoles = new HashSet<>(p.getAssignedRoles()); newRoles.remove("SUPERUSER"); newRoles.add("ADMINISTRATOR"); return emptyScript.assignRoles(p.getName(), newRoles); }) // ... create a single combined script. .reduce(emptyScript, (sb1, sb2) -> sb1.append(sb2)) .script(); LOG.info("Sending the following script to the server:\n{}", script); return systemAuthenticationControl.updateStore(script) // Convert CompletableFuture<?> to // CompletableFuture<Void>. .thenAccept(ignored -> { }); }); } /** * Close the session. */ public void close() { systemAuthenticationControl.getSession().close(); } }
C
/** * Copyright © 2021 Push Technology Ltd. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. * */ #include <stdio.h> #include <stdlib.h> #ifndef WIN32 #include <unistd.h> #else #define sleep(x) Sleep(1000 * x) #endif #include "diffusion.h" /* * This callback is invoked when the system authentication store is * received, and prints the contents of the store. */ int on_get_system_authentication_store( SESSION_T *session, const SYSTEM_AUTHENTICATION_STORE_T store, void *context) { printf("Received %ld principals\n", store.system_principals->size); char **names = get_principal_names(store); for(char **name = names; *name != NULL; name++) { printf("Principal: %s\n", *name); char **roles = get_roles_for_principal(store, *name); for(char **role = roles; *role != NULL; role++) { printf(" |- Role: %s\n", *role); } free(roles); } free(names); switch(store.anonymous_connection_action) { case ANONYMOUS_CONNECTION_ACTION_ALLOW: printf("Allow anonymous connections\n"); break; case ANONYMOUS_CONNECTION_ACTION_DENY: printf("Deny anonymous connections\n"); break; case ANONYMOUS_CONNECTION_ACTION_ABSTAIN: printf("Abstain from making anonymous connection decision\n"); break; } printf("Anonymous connection roles:\n"); char **roles = get_anonymous_roles(store); for(char **role = roles; *role != NULL; role++) { printf(" |- Role: %s\n", *role); } free(roles); return HANDLER_SUCCESS; } int main(int argc, char **argv) { const char *url = "ws://localhost:8080"; const char *principal = "admin"; const char *password = "password"; CREDENTIALS_T *credentials = credentials_create_password(password); // Create a session, synchronously SESSION_T *session; DIFFUSION_ERROR_T error = { 0 }; session = session_create(url, principal, credentials, NULL, NULL, &error); if(session == NULL) { fprintf(stderr, "TEST: Failed to create session\n"); fprintf(stderr, "ERR : %s\n", error.message); return EXIT_FAILURE; } // Request the system authentication store const GET_SYSTEM_AUTHENTICATION_STORE_PARAMS_T params = { .on_get = on_get_system_authentication_store }; get_system_authentication_store(session, params); // Sleep for a while sleep(5); // Close the session, and release resources and memory session_close(session, NULL); session_free(session); credentials_free(credentials); return EXIT_SUCCESS; }
Change the URL from that provided in the example to the URL of the Diffusion server.