Skip to content

Custom Authorizers

Jump to bottom Edit New page
uklance edited this page Nov 15, 2012 · 10 revisions

Security can be added to your topics via custom authorizers which fire on every client subscription attempt. Authorizer configuration must specify a topic and can pass or fail an authorization attempt by returning a boolean from isAuthorized(PushSession).

Configuration at application startup

Authorizers can be contributed via your Tapestry application's IOC Module.

public static void contributeAuthorizers(
    OrderedConfiguration<AuthorizerContribution> config, 
    final MyAuthorizationService authService,
    final ApplicationStateManager asm)
{
    Authorizer myAuthorizer = new Authorizer() {
        public boolean isAuthorized(PushSession pushSession) {
            User user = asm.getIfExists(User.class);
            return authService.isAuthorized(user, pushSession.getTopic());
        }
    };
    AuthorizerContribution contribution = new AuthorizerContribution("/**", myAuthorizer);
    config.add("myAuthorizer", contribution, "before:*");
}

Runtime configuration

Authorizers can be added and removed at runtime via the Authorizers service

@Inject 
private Authorizers authorizers;

@Inject
private ApplicationStateManager asm;

@Inject
private MyAuthorizationService authService;

private Authorizer myAuthorizer;

public synchronized void doAdd() {
    if (myAuthorizer == null) {
        myAuthorizer = new Authorizer() {
            public boolean isAuthorized(PushSession pushSession) {
                User user = asm.getIfExists(User.class);
                return authService.isAuthorized(user, pushSession.getTopic());
            }
        };
        authorizers.addAuthorizer("/**", myAuthorizer);
    }
}

public synchronized void doRemove() {
    if (myAuthorizer != null) {
        authorizers.removeAuthorizer("/**", myAuthorizer);
        myAuthorizer = null;
    }
}
Add a custom footer
Add a custom sidebar
Clone this wiki locally