public enum PathPermission extends Enum<PathPermission> implements Permission
The meaning of the path depends on the permission. Most permissions apply to
topic paths in the topic tree. The SEND_TO_MESSAGE_HANDLER
and
SEND_TO_SESSION
permissions apply to message
paths
. The ACQUIRE_LOCK
permission applies to
lock names
.
GlobalPermission
Enum Constant and Description |
---|
ACQUIRE_LOCK
Acquire a session lock.
|
EDIT_OWN_TIME_SERIES_EVENTS
Submit edits to time series topic events which have an author which is
the same as the principal of the calling session.
|
EDIT_TIME_SERIES_EVENTS
Submit edits to time series topic events.
|
EXPOSE_BRANCH
Expose a branch of the topic tree as a virtual session tree.
|
MODIFY_TOPIC
Add a topic or remove a topic.
|
QUERY_OBSOLETE_TIME_SERIES_EVENTS
Evaluate queries that return a non-current view of a time series topic.
|
READ_TOPIC
Required to receive information from a topic.
|
SELECT_TOPIC
Use a topic selector that selects a topic path.
|
SEND_TO_MESSAGE_HANDLER
Send a message to a handler registered with the server for a particular
message path.
|
SEND_TO_SESSION
Send a message to a client session for a particular message path.
|
UNKNOWN_PATH_PERMISSION
A permission that is unsupported by the session.
|
UPDATE_TOPIC
Update a topic.
|
Modifier and Type | Method and Description |
---|---|
static PathPermission |
valueOf(String name)
Returns the enum constant of this type with the specified name.
|
static PathPermission[] |
values()
Returns an array containing the constants of this enum type, in
the order they are declared.
|
public static final PathPermission SELECT_TOPIC
A session must have this permission for the
path prefix
of any topic selector used to subscribe or fetch.
When the subscription or fetch request completes, the resulting topics
are further filtered based on the READ_TOPIC
permission.
A session that has READ_TOPIC
but not SELECT_TOPIC
for a
particular topic path cannot subscribe directly to topics belonging to
the path. However, the session can be independently subscribed by a
control session that has GlobalPermission.MODIFY_SESSION
permission in addition to the appropriate SELECT_TOPIC
permission.
A session granted SELECT_TOPIC
for a particular path effectively
has the permission for all descendant paths. From a security perspective,
if a role grants SELECT_TOPIC
at branch X
it is
ineffectual for it also to deny SELECT_TOPIC
at a child branch
X/Y
because a a topic selector with a path prefix of X
can still select paths below X/Y
.
public static final PathPermission READ_TOPIC
If a session does not have read_topic permission for a topic, the topic will be excluded from the results of subscription or fetch operations for the session, and the topic's details cannot be retrieved by the session.
SELECT_TOPIC
public static final PathPermission UPDATE_TOPIC
public static final PathPermission MODIFY_TOPIC
public static final PathPermission SEND_TO_MESSAGE_HANDLER
public static final PathPermission SEND_TO_SESSION
public static final PathPermission QUERY_OBSOLETE_TIME_SERIES_EVENTS
The READ_TOPIC
permission is required to evaluate any type of
TimeSeries.Query
for a time series topic. This permission is additionally
required for queries that potentially return a non-current view of all or
part of a time series. Such queries include value range queries that
specify an edit range, and all types of edit range query.
TimeSeries
public static final PathPermission EDIT_TIME_SERIES_EVENTS
The UPDATE_TOPIC
permission is required to update a time series
topic. This permission is additionally required to submit
edits
to a time series topic.
TimeSeries
,
EDIT_OWN_TIME_SERIES_EVENTS
public static final PathPermission EDIT_OWN_TIME_SERIES_EVENTS
This permission is a more restrictive alternative to
EDIT_TIME_SERIES_EVENTS
.
The UPDATE_TOPIC
permission is required to update a time series
topic. This permission is additionally required to submit
edits
to a time series topic where the event
author is the same as the principal of the calling session.
TimeSeries
,
EDIT_TIME_SERIES_EVENTS
public static final PathPermission ACQUIRE_LOCK
Session.lock(java.lang.String)
public static final PathPermission EXPOSE_BRANCH
The EXPOSE_BRANCH
path permission is powerful since it allows a
session to expose a whole branch of the topic tree under a different set
of path permissions.
A session granted EXPOSE_BRANCH
for a particular path effectively
has the permission for all descendant paths. From a security perspective,
if a role grants EXPOSE_BRANCH
at branch X
it is
ineffectual for it also to deny EXPOSE_BRANCH
at a child branch
X/Y
because a branch mapping to X
can still expose paths
below X/Y
.
SessionTrees
public static final PathPermission UNKNOWN_PATH_PERMISSION
public static PathPermission[] values()
for (PathPermission c : PathPermission.values()) System.out.println(c);
public static PathPermission valueOf(String name)
name
- the name of the enum constant to be returned.IllegalArgumentException
- if this enum type has no constant with the specified nameNullPointerException
- if the argument is nullCopyright © 2022 Push Technology Ltd. All Rights Reserved.