Interface SystemAuthenticationControl.ScriptBuilder
- Enclosing interface:
- SystemAuthenticationControl
Each method call on the builder adds a line to the script and then the
script may be built using the script
method which produces a String script which may be sent to the server
using updateStore
.
Such a builder may be created using the
scriptBuilder
method.
From Diffusion 6.5, script builders are no longer immutable. Each builder operation mutates this script builder and returns it.
-
Method Summary
Modifier and TypeMethodDescriptionInstruct the system authentication handler to defer authentication decisions for anonymous connections to subsequent handlers.addPrincipal
(String name, String password, Set<String> roles) Add a new principal.Add a new locked principal.allowAnonymousConnections
(Set<String> roles) Instruct the system authentication handler to allow anonymous connections.Append all the operations ofother
to this ScriptBuilder.assignRoles
(String principal, Set<String> roles) Change a principal's assigned roles.Instruct the system authentication handler to deny anonymous connections.ignoreClientProposedProperty
(String propertyName) Specifies the name of a client proposed session property that should now be ignored by the system authenticator.removePrincipal
(String principal) Remove a principal.script()
Create a script.setPassword
(String principal, String password) Set a principal's password.trustClientProposedPropertyIn
(String propertyName, Set<String> allowedValues) Specifies the name of a client proposed session property that should be allowed by the system authenticator along with a set of permissible values.trustClientProposedPropertyMatches
(String propertyName, String regex) Specifies the name of a client proposed session property that should be allowed by the system authenticator along with a regular expression to validate the property value.verifyPassword
(String principal, String password) Assert that a principal's password ispassword
.
-
Method Details
-
addPrincipal
SystemAuthenticationControl.ScriptBuilder addPrincipal(String name, String password, Set<String> roles) Add a new principal.The script will fail if the principal is already defined at the server.
- Parameters:
name
- principal namepassword
- passwordroles
- assigned roles, may be empty- Returns:
- this builder, modified to add the principal
-
addPrincipal
SystemAuthenticationControl.ScriptBuilder addPrincipal(String name, String password, Set<String> roles, String lockingPrincipal) Add a new locked principal.A locked principal can only be edited by the principal defined in the lock. The script will fail if the principal is already defined at the server.
- Parameters:
name
- principal namepassword
- passwordroles
- assigned roles, may be emptylockingPrincipal
- the name of the principal that can edit this principal- Returns:
- this builder, modified to add the principal
-
setPassword
Set a principal's password.The principal must already be defined at the server in order to set the password.
- Parameters:
principal
- principal namepassword
- password- Returns:
- this builder, modified to set the password
-
verifyPassword
Assert that a principal's password ispassword
.This command does not update the store. It can be used in conjunction with
setPassword
to create a script that updates a password only if the previous password is supplied.- Parameters:
principal
- principal namepassword
- password- Returns:
- this builder, modified to verify the password
-
assignRoles
Change a principal's assigned roles.The specified principal must already be defined at the server.
- Parameters:
principal
- principal nameroles
- assigned roles- Returns:
- this builder, modified to assign the roles
-
removePrincipal
Remove a principal.The principal must be one that is already defined at the server.
- Parameters:
principal
- principal name- Returns:
- this builder, modified to remove the principal
-
allowAnonymousConnections
Instruct the system authentication handler to allow anonymous connections.- Parameters:
roles
- roles to assign to anonymous sessions. This may be empty- Returns:
- this builder, modified to allow anonymous connections
-
denyAnonymousConnections
SystemAuthenticationControl.ScriptBuilder denyAnonymousConnections()Instruct the system authentication handler to deny anonymous connections.- Returns:
- this builder, modified to deny anonymous connections
-
abstainAnonymousConnections
SystemAuthenticationControl.ScriptBuilder abstainAnonymousConnections()Instruct the system authentication handler to defer authentication decisions for anonymous connections to subsequent handlers.- Returns:
- this builder, modified to abstain from authentication decisions for anonymous connections
-
trustClientProposedPropertyIn
SystemAuthenticationControl.ScriptBuilder trustClientProposedPropertyIn(String propertyName, Set<String> allowedValues) Specifies the name of a client proposed session property that should be allowed by the system authenticator along with a set of permissible values. The property will only be allowed if the supplied value matches one of those in the set of values specified.- Parameters:
propertyName
- specifies the name of the client proposed property to be allowedallowedValues
- specifies a set of allowed values for the client proposed property- Returns:
- this builder, modified to allow the specified client proposed property if its value matches one of those supplied
- Since:
- 6.5
-
trustClientProposedPropertyMatches
SystemAuthenticationControl.ScriptBuilder trustClientProposedPropertyMatches(String propertyName, String regex) Specifies the name of a client proposed session property that should be allowed by the system authenticator along with a regular expression to validate the property value. The property will only be allowed if the supplied value matches with the regular expression.- Parameters:
propertyName
- specifies the name of the client proposed property to be allowedregex
- regular expression which will be matched against supplied values to determine whether they are valid- Returns:
- this builder, modified to allow the specified client proposed property if its value matches the given regular expression
- Since:
- 6.5
-
ignoreClientProposedProperty
Specifies the name of a client proposed session property that should now be ignored by the system authenticator.This removes the effect of a previous request to trust the named property using
trustClientProposedPropertyIn(java.lang.String, java.util.Set<java.lang.String>)
ortrustClientProposedPropertyMatches(java.lang.String, java.lang.String)
.- Parameters:
propertyName
- specifies the name of the client proposed property to be ignored- Returns:
- this builder, modified to ignore the specified client proposed property
- Since:
- 6.5
-
append
Append all the operations ofother
to this ScriptBuilder.- Returns:
- a combined script builder
- Since:
- 6.0
-
script
String script()Create a script.- Returns:
- the script
-