Just a second...

Example: Update the system authentication store

The following examples use the SystemAuthenticationControl feature in the Diffusion™ API to update the system authentication store.

.NET
/**
 * Copyright © 2021 - 2023 DiffusionData Ltd.
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
 * You may obtain a copy of the License at
 * http://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS,
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 * See the License for the specific language governing permissions and
 * limitations under the License.
 */
using System;
using System.Collections.Generic;
using System.Linq;
using System.Threading;
using System.Threading.Tasks;
using PushTechnology.ClientInterface.Client.Factories;
using PushTechnology.ClientInterface.Client.Session;
using PushTechnology.ClientInterface.Client.Types;
using static System.Console;

namespace PushTechnology.ClientInterface.Example {
    /// <summary>
    /// Client implementation that demonstrates how to update the system authentication store.
    /// </summary>
    public sealed class SystemAuthenticationControl
    {
        public async Task SystemAuthenticationControlExample(string serverUrl)
        {
            // Connect as an admin session
            var session = Diffusion.Sessions.Principal("admin").Password("password")
                .CertificateValidation((cert, chain, errors) => CertificateValidationResult.ACCEPT)
                .Open(serverUrl);

            string testPrincipal = "TestPrincipal";

            // Create a new principal

            try
            {
                WriteLine($"Creating principal '{testPrincipal}'.");

                string storeScript = session.SystemAuthenticationControl.Script
                    .AddPrincipal(testPrincipal, "password", new List<string>())
                    .TrustClientProposedPropertyIn("Foo", new List<string> { "value1", "value2" })
                    .TrustClientProposedPropertyMatches("Bar", "regex1")
                    .ToScript();

                await session.SystemAuthenticationControl.UpdateStoreAsync(storeScript);

                WriteLine($"'{testPrincipal}' has been created.");
            }
            catch (Exception ex)
            {
                WriteLine($"Failed to create principal : {ex}.");
            }

            //Assign roles to the principal

            try
            {
                WriteLine($"Adding the roles of Administrator and Modify Session to '{testPrincipal}'.");

                string script1 = session.SystemAuthenticationControl.Script
                    .AssignRoles(testPrincipal, new[] { "ADMINISTRATOR", "MODIFY_SESSION" })
                    .ToScript();

                await session.SystemAuthenticationControl.UpdateStoreAsync(script1);

                WriteLine($"Roles have been added.");
            }
            catch (Exception ex)
            {
                WriteLine($"Failed to assign roles : {ex}.");
            }
            finally
            {
                session.Close();
            }
        }
    }
}
Java and Android
/*******************************************************************************
 * Copyright (C) 2023 DiffusionData Ltd.
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
 * You may obtain a copy of the License at
 * http://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS,
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 * See the License for the specific language governing permissions and
 * limitations under the License.
 *******************************************************************************/
package com.pushtechnology.client.sdk.manual;

import com.pushtechnology.diffusion.client.Diffusion;
import com.pushtechnology.diffusion.client.features.control.clients.SystemAuthenticationControl;
import com.pushtechnology.diffusion.client.features.control.clients.SystemAuthenticationControl.ScriptBuilder;
import com.pushtechnology.diffusion.client.features.control.clients.SystemAuthenticationControl.SystemAuthenticationConfiguration;
import com.pushtechnology.diffusion.client.session.Session;

import java.util.HashSet;
import java.util.Set;

/**
 * An example of using a control client to alter the system authentication
 * configuration.
 *
 * This uses the 'SystemAuthenticationControl' feature.
 *
 * @author DiffusionData Limited
 */
public final class SystemAuthenticationControlExample {

    public static void main(String[] args) {

        final Session session = Diffusion.sessions()
            .principal("admin")
            .password("password")
            .open("ws://localhost:8080");

        final SystemAuthenticationControl authenticationControl =
            session.feature(SystemAuthenticationControl.class);

        final ScriptBuilder scriptBuilder = authenticationControl.scriptBuilder();

        final Set<String> roles = new HashSet<String>() {{
            add("CLIENT_CONTROL");
            add("TOPIC_CONTROL");
            add("AUTHENTICATION_HANDLER");
        }};

        // add a new principal named 'observer' with the given roles
        scriptBuilder.addPrincipal("observer", "password", roles);

        // disallow anonymous connections
        scriptBuilder.denyAnonymousConnections();

        // update the system authentication store
        authenticationControl.updateStore(scriptBuilder.script()).join();

        // get the authentication configuration and print out all principals
        final SystemAuthenticationConfiguration configuration =
            authenticationControl.getSystemAuthentication().join();

        configuration.getPrincipals().forEach(System.out::println);
        session.close();
    }
}
C
/**
 * Copyright © 2021 - 2023 DiffusionData Ltd.
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
 * You may obtain a copy of the License at
 * http://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS,
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 * See the License for the specific language governing permissions and
 * limitations under the License.
 *
 */

#include <stdio.h>
#include <stdlib.h>

#ifndef WIN32
    #include <unistd.h>
#else
    #define sleep(x) Sleep(1000 * x)
#endif

#include "diffusion.h"

/*
 * This callback is invoked when the system authentication store is
 * received, and prints the contents of the store.
 */
int on_get_system_authentication_store(
    SESSION_T *session,
    const SYSTEM_AUTHENTICATION_STORE_T store,
    void *context)
{
    printf("Received %ld principals\n", store.system_principals->size);

    char **names = get_principal_names(store);
    for (char **name = names; *name != NULL; name++)
    {
        printf("Principal: %s\n", *name);

        char **roles = get_roles_for_principal(store, *name);
        for (char **role = roles; *role != NULL; role++)
        {
            printf("  |- Role: %s\n", *role);
        }
        free(roles);
    }
    free(names);

    switch (store.anonymous_connection_action)
    {
    case ANONYMOUS_CONNECTION_ACTION_ALLOW:
        printf("Allow anonymous connections\n");
        break;
    case ANONYMOUS_CONNECTION_ACTION_DENY:
        printf("Deny anonymous connections\n");
        break;
    case ANONYMOUS_CONNECTION_ACTION_ABSTAIN:
        printf("Abstain from making anonymous connection decision\n");
        break;
    }

    printf("Anonymous connection roles:\n");
    char **roles = get_anonymous_roles(store);
    for (char **role = roles; *role != NULL; role++)
    {
        printf("  |- Role: %s\n", *role);
    }
    free(roles);

    return HANDLER_SUCCESS;
}

int main(
    int argc,
    char **argv)
{
    const char *url = "ws://localhost:8080";
    const char *principal = "admin";
    const char *password = "password";

    CREDENTIALS_T *credentials = credentials_create_password(password);

    // Create a session, synchronously
    SESSION_T *session;
    DIFFUSION_ERROR_T error = {0};
    session = session_create(url, principal, credentials, NULL, NULL, &error);
    if (session == NULL)
    {
        fprintf(stderr, "TEST: Failed to create session\n");
        fprintf(stderr, "ERR : %s\n", error.message);
        return EXIT_FAILURE;
    }

    // Request the system authentication store
    const GET_SYSTEM_AUTHENTICATION_STORE_PARAMS_T params = {.on_get = on_get_system_authentication_store};
    get_system_authentication_store(session, params);

    // Sleep for a while
    sleep(5);

    // Close the session, and release resources and memory
    session_close(session, NULL);
    session_free(session);

    credentials_free(credentials);

    return EXIT_SUCCESS;
}

Change the URL from that provided in the example to the URL of the Diffusion server .