org.jivesoftware.wildfire.sasl
Class LazyAuthorizationPolicy

java.lang.Object
  org.jivesoftware.wildfire.sasl.AbstractAuthorizationPolicy
      org.jivesoftware.wildfire.sasl.LazyAuthorizationPolicy

All Implemented Interfaces:

AuthorizationProvider

public class LazyAuthorizationPolicy
extends AbstractAuthorizationPolicy
implements AuthorizationProvider

This policy will authorize any principal who's username matches exactly the username of the JID. This means when cross realm authentication is allowed, user@REALM_A.COM and user@REALM_B.COM could both authorize as user@servername, so there is some risk here. But if usernames across the

Author:

Jay Kline

Constructor Summary

LazyAuthorizationPolicy()

Method Summary

boolean	authorize(String username, String principal) Returns true if the principal is explicity authorized to the JID
String	description() Returns a description of the Policy
String	name() Returns the short name of the Policy

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Detail

LazyAuthorizationPolicy

public LazyAuthorizationPolicy()

Method Detail

authorize

public boolean authorize(String username,
                         String principal)

Returns true if the principal is explicity authorized to the JID

Specified by:

authorize in interface AuthorizationProvider

Specified by:

authorize in class AbstractAuthorizationPolicy

Parameters:

username - The username requested.

principal - The principal requesting the username.

Returns:

true is the user is authorized to be principal

name

public String name()

Returns the short name of the Policy

Specified by:

name in class AbstractAuthorizationPolicy

Returns:

The short name of the Policy

description

public String description()

Returns a description of the Policy

Specified by:

description in class AbstractAuthorizationPolicy

Returns:

The description of the Policy.