Example: Update the system authentication store
The following examples use the SystemAuthenticationControl feature in the Diffusion™ API to update the system authentication store.
.NET
/**
* Copyright © 2021 - 2023 DiffusionData Ltd.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
using System;
using System.Collections.Generic;
using System.Linq;
using System.Threading;
using System.Threading.Tasks;
using PushTechnology.ClientInterface.Client.Factories;
using PushTechnology.ClientInterface.Client.Session;
using PushTechnology.ClientInterface.Client.Types;
using static System.Console;
namespace PushTechnology.ClientInterface.Example {
/// <summary>
/// Client implementation that demonstrates how to update the system authentication store.
/// </summary>
public sealed class SystemAuthenticationControl
{
public async Task SystemAuthenticationControlExample(string serverUrl)
{
// Connect as an admin session
var session = Diffusion.Sessions.Principal("admin").Password("password")
.CertificateValidation((cert, chain, errors) => CertificateValidationResult.ACCEPT)
.Open(serverUrl);
string testPrincipal = "TestPrincipal";
// Create a new principal
try
{
WriteLine($"Creating principal '{testPrincipal}'.");
string storeScript = session.SystemAuthenticationControl.Script
.AddPrincipal(testPrincipal, "password", new List<string>())
.TrustClientProposedPropertyIn("Foo", new List<string> { "value1", "value2" })
.TrustClientProposedPropertyMatches("Bar", "regex1")
.ToScript();
await session.SystemAuthenticationControl.UpdateStoreAsync(storeScript);
WriteLine($"'{testPrincipal}' has been created.");
}
catch (Exception ex)
{
WriteLine($"Failed to create principal : {ex}.");
}
//Assign roles to the principal
try
{
WriteLine($"Adding the roles of Administrator and Modify Session to '{testPrincipal}'.");
string script1 = session.SystemAuthenticationControl.Script
.AssignRoles(testPrincipal, new[] { "ADMINISTRATOR", "MODIFY_SESSION" })
.ToScript();
await session.SystemAuthenticationControl.UpdateStoreAsync(script1);
WriteLine($"Roles have been added.");
}
catch (Exception ex)
{
WriteLine($"Failed to assign roles : {ex}.");
}
finally
{
session.Close();
}
}
}
}
Java and Android
/*******************************************************************************
* Copyright (C) 2023 DiffusionData Ltd.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*******************************************************************************/
package com.pushtechnology.client.sdk.manual;
import com.pushtechnology.diffusion.client.Diffusion;
import com.pushtechnology.diffusion.client.features.control.clients.SystemAuthenticationControl;
import com.pushtechnology.diffusion.client.features.control.clients.SystemAuthenticationControl.ScriptBuilder;
import com.pushtechnology.diffusion.client.features.control.clients.SystemAuthenticationControl.SystemAuthenticationConfiguration;
import com.pushtechnology.diffusion.client.session.Session;
import java.util.HashSet;
import java.util.Set;
/**
* An example of using a control client to alter the system authentication
* configuration.
*
* This uses the 'SystemAuthenticationControl' feature.
*
* @author DiffusionData Limited
*/
public final class SystemAuthenticationControlExample {
public static void main(String[] args) {
final Session session = Diffusion.sessions()
.principal("admin")
.password("password")
.open("ws://localhost:8080");
final SystemAuthenticationControl authenticationControl =
session.feature(SystemAuthenticationControl.class);
final ScriptBuilder scriptBuilder = authenticationControl.scriptBuilder();
final Set<String> roles = new HashSet<String>() {{
add("CLIENT_CONTROL");
add("TOPIC_CONTROL");
add("AUTHENTICATION_HANDLER");
}};
// add a new principal named 'observer' with the given roles
scriptBuilder.addPrincipal("observer", "password", roles);
// disallow anonymous connections
scriptBuilder.denyAnonymousConnections();
// update the system authentication store
authenticationControl.updateStore(scriptBuilder.script()).join();
// get the authentication configuration and print out all principals
final SystemAuthenticationConfiguration configuration =
authenticationControl.getSystemAuthentication().join();
configuration.getPrincipals().forEach(System.out::println);
session.close();
}
}
C
/**
* Copyright © 2021 - 2023 DiffusionData Ltd.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*
*/
#include <stdio.h>
#include <stdlib.h>
#ifndef WIN32
#include <unistd.h>
#else
#define sleep(x) Sleep(1000 * x)
#endif
#include "diffusion.h"
/*
* This callback is invoked when the system authentication store is
* received, and prints the contents of the store.
*/
int on_get_system_authentication_store(
SESSION_T *session,
const SYSTEM_AUTHENTICATION_STORE_T store,
void *context)
{
printf("Received %ld principals\n", store.system_principals->size);
char **names = get_principal_names(store);
for (char **name = names; *name != NULL; name++)
{
printf("Principal: %s\n", *name);
char **roles = get_roles_for_principal(store, *name);
for (char **role = roles; *role != NULL; role++)
{
printf(" |- Role: %s\n", *role);
}
free(roles);
}
free(names);
switch (store.anonymous_connection_action)
{
case ANONYMOUS_CONNECTION_ACTION_ALLOW:
printf("Allow anonymous connections\n");
break;
case ANONYMOUS_CONNECTION_ACTION_DENY:
printf("Deny anonymous connections\n");
break;
case ANONYMOUS_CONNECTION_ACTION_ABSTAIN:
printf("Abstain from making anonymous connection decision\n");
break;
}
printf("Anonymous connection roles:\n");
char **roles = get_anonymous_roles(store);
for (char **role = roles; *role != NULL; role++)
{
printf(" |- Role: %s\n", *role);
}
free(roles);
return HANDLER_SUCCESS;
}
int main(
int argc,
char **argv)
{
const char *url = "ws://localhost:8080";
const char *principal = "admin";
const char *password = "password";
CREDENTIALS_T *credentials = credentials_create_password(password);
// Create a session, synchronously
SESSION_T *session;
DIFFUSION_ERROR_T error = {0};
session = session_create(url, principal, credentials, NULL, NULL, &error);
if (session == NULL)
{
fprintf(stderr, "TEST: Failed to create session\n");
fprintf(stderr, "ERR : %s\n", error.message);
return EXIT_FAILURE;
}
// Request the system authentication store
const GET_SYSTEM_AUTHENTICATION_STORE_PARAMS_T params = {.on_get = on_get_system_authentication_store};
get_system_authentication_store(session, params);
// Sleep for a while
sleep(5);
// Close the session, and release resources and memory
session_close(session, NULL);
session_free(session);
credentials_free(credentials);
return EXIT_SUCCESS;
}
Change the URL from that provided in the example to the URL of the Diffusion server .