Examples of org.cometd.bayeux.server.Authorizer

• org.cometd.bayeux.server.Authorizer
  t subscribe to all channel.addAuthorizer(GrantAuthorizer.GRANT_SUBSCRIBE); // Grant publishes only to CNN employees channel.addAuthorizer(new Authorizer() { public Result authorize(Operation operation, ChannelId channel, ServerSession session, ServerMessage message) { if (operation == Operation.PUBLISH && session.getAttribute("isCNNEmployee") == Boolean.TRUE) return Result.grant(); else return Result.ignore(); } }); } });

  A typical usage of authorizers is as follows:

  • Create a wildcard authorizer that matches all channels and neither grants or denies (e.g. use {@code org.cometd.server.authorizer.GrantAuthorizer.GRANT_NONE}). This authorizer can be added to channel /** or to a more specific channel for your application such as /game/**. This ensures that authorizers set is not empty and that another authorizer must explicitly grant access.
  • For public channels, that all users can access, add authorizers that will simply grant publish and/or subscribe permissions to the specific or wildcard channels.
  • For access controlled channels (e.g. only nominated players can publish to a game channel), then specific implementation of authorizers need to be created that will check identities and possibly other state before granting permission. Typically there is no need for such authorizers to explicitly deny access, unless that attempted access represents a specific error condition that needs to be passed to the client in the message associated with a deny.
  • For cross cutting concerns, such as checking a users credit or implementing user bans, authorizers can be created to explicitly deny access, without the need to modify all authorizers already in place that may grant.

  @see SecurityPolicy

        {
            public void configureChannel(ConfigurableServerChannel channel)
            {
                // Grant create and subscribe to all and publishes only to service channels
                channel.addAuthorizer(GrantAuthorizer.GRANT_CREATE_SUBSCRIBE);
                channel.addAuthorizer(new Authorizer()
                {
                    public Result authorize(Operation operation, ChannelId channel, ServerSession session, ServerMessage message)
                    {
                        if (operation == Operation.PUBLISH && channel.isService())
                            return Result.grant();

        String channelName = "/test";
        bayeux.createChannelIfAbsent(channelName, new ConfigurableServerChannel.Initializer()
        {
            public void configureChannel(ConfigurableServerChannel channel)
            {
                channel.addAuthorizer(new Authorizer()
                {
                    public Result authorize(Operation operation, ChannelId channel, ServerSession session, ServerMessage message)
                    {
                        return Result.ignore();
                    }

        String channelName = "/test/denied";
        bayeux.createChannelIfAbsent(channelName, new ConfigurableServerChannel.Initializer()
        {
            public void configureChannel(ConfigurableServerChannel channel)
            {
                channel.addAuthorizer(new Authorizer()
                {
                    public Result authorize(Operation operation, ChannelId channel, ServerSession session, ServerMessage message)
                    {
                        return Result.deny("test");
                    }

        String channelName = "/test/granted";
        bayeux.createChannelIfAbsent(channelName, new ConfigurableServerChannel.Initializer()
        {
            public void configureChannel(final ConfigurableServerChannel channel)
            {
                channel.addAuthorizer(new Authorizer()
                {
                    public Result authorize(Operation operation, ChannelId channelId, ServerSession session, ServerMessage message)
                    {
                        channel.removeAuthorizer(this);
                        return Result.grant();