org.jdesktop.wonderland.server.comms
Interface SecureClientConnectionHandler

All Superinterfaces:
ClientConnectionHandler

public interface SecureClientConnectionHandler
extends ClientConnectionHandler

An extension of the ClientConnectionHandler that allows security checks for who may or may not connect to the handler.

Author:
jkaplan

Method Summary
 Resource checkConnect(WonderlandClientID clientID, java.util.Properties properties)
          Get the resource to use for security checks on a new incoming connection.
 Resource checkMessage(WonderlandClientID clientID, Message message)
          Get the resource to use for security checks on the given message.
 void connectionRejected(WonderlandClientID clientID)
          Notification that a connection was rejected.
 boolean messageRejected(WonderlandClientSender sender, WonderlandClientID clientID, Message message, java.util.Set<Action> requested, java.util.Set<Action> granted)
          Notification that a message was rejected.
 
Methods inherited from interface org.jdesktop.wonderland.server.comms.ClientConnectionHandler
clientConnected, clientDisconnected, getConnectionType, messageReceived, registered
 

Method Detail

checkConnect

Resource checkConnect(WonderlandClientID clientID,
                      java.util.Properties properties)
Get the resource to use for security checks on a new incoming connection. This resource will be queried with the connecting user's ID and and instance of ConnectAction. If the resource grants access to the ConnectAction, the connection will be allowed to proceed. If access is denied, the client's connection will be aborted and the connectionRejected() method will be called.

Parameters:
clientID - the ID of the session that connected
properties - the properties the client is connecting with
Returns:
a resource that can be used for security checks, or null to skip security checks.

connectionRejected

void connectionRejected(WonderlandClientID clientID)
Notification that a connection was rejected. This will happen when the provided resource denies access to the ConnectAction. This method is provided to give the handler the option of doing any necessary bookkeeping when a connection is rejected. In the case of a rejection, the system automatically sends an error message back to the requesting client.

Parameters:
clientID - the ID of the client that was rejected

checkMessage

Resource checkMessage(WonderlandClientID clientID,
                      Message message)
Get the resource to use for security checks on the given message. This resource will be queried with the sending user's ID and an instance of each of the declared actions associated with the given message. Note that if no actions are associated with the message, the resource will not be queried. If the resource grants access to all the requested actions, the message will be delivered using the messageReceived() method. If access is denied, the messageRejected() method will be called with the information about the message and the permissions that were denied. If the return value from messageRejected is true, a standard error will be sent to the client. If the return value is false, the connection handler is responsible for sending an appropriate error message to the client.

Parameters:
clientID - the ID of the session that sent the message
message - the message that was sent
Returns:
a resource that can be used for security checks, or null to skip security checks.

messageRejected

boolean messageRejected(WonderlandClientSender sender,
                        WonderlandClientID clientID,
                        Message message,
                        java.util.Set<Action> requested,
                        java.util.Set<Action> granted)
Notification that a message was rejected. This method is provided so that connection handlers can respond to the client, especially in the case of partial rejections (a message in which only some of the requested permissions were granted).

If the return value of this method is true, the system will send an error response to the client. If it is false, the system will not send any response, and the handler is assumed to manage the response.

Parameters:
sender - the sender that can be used to send responses to the client
clientID - the id of the client that sent the message
message - the message that was rejected
requested - the actions that were required to process the message fully
granted - the actions that were granted


Open Wonderland - http://openwonderland.org