WebSphere brand IBM WebSphere Presence Server, Version 7.0

Developing an authorization application

To develop an authorization application you need to understand how the authorizationService interface passes information.

Restrictions

The following restrictions apply when you implement the Authorization service:
  • Only one authorization service registration is allowed.
  • The Authorization service should be deployed on the same WebSphere® Application Server server as Presence Server.
  • Each new SUBSCRIBE request will use the following method to subscribe to permission notifications for that subscription: AuthorizationService.doSubscribeIsAllowedUser().
  • Presence Server will use the same method–AuthorizationService.doUnsubscribeIsAllowedUser()–to stop receiving notifications on permission policies when the subscription is no longer active. As long as the subscription to the Authorization service is active, it will send notification to Presence Server.
Note: For communication to take place with the external authorization service, the Presence Server externalAuthorization tag must be enabled (the enable value set to true). See the topic Configuring authorization for more information.

Implementing the Authorization service

You can implement the Authorization service by the following steps:
  1. Create an EJB project and implement the AuthorizationService interface:
    public interface AuthorizationService {
    public void doSubscribeIsAllowedUser (AuthorizationData authorization Data,
    		AuthorizationRulesListener listener) throws RemoteException;
    public void doUnsubscribeIsAllowedUser (AuthorizationData authorization Data)
    		throws RemoteException;
    	}
  2. Register with the Presence Server using:
    AuthorizationServiceManager.registerAuthorizationService (AuthorizationData data) API.
    This mechanism is used in place of a JNDI mechanism. When registering to Presence Server a reference to an AuthorizationService EJB, which is encapsulated within AuthorizationData, is passed to Presence Server.
  3. Presence Server calls method doSubscribeIsAllowedUser( ) for every new subscription that it receives. If the subscription is on a resource-list, this method is called for each member in the resource-list. This method is implemented by a third party and passes these two objects to the AuthorizationService EJB.
    • AuthorizationData: This object encapsulates the information about To or From headers that the AuthorizationService uses to retrieve authorization. The logic of this object needs to be implemented by a third party.
    • AuthorizationRulesListener: This object provides a handle to a listener in Presence Server where authorizationService uses the method
      onSubscriptionIsAllowed(AuthorizationData authorizationData data, AuthorizationRules Rule) 
      This method can be used synchronously or asynchronously to notify Presence Server for authorization results or changes. The third party will instantiate the object rule, which contains the authorization result in the form of an integer representing one of the following actions: Block, Confirm, Polite_Block, or Allow.

      Presence Server will then examine the rule object to determine whether or not it can retrieve the current presence information for that presence entity, and will then send it to the subscriber.

      Note that the Polite Block action was called Block in previous versions of Presence Server.




Terms of use
(C) Copyright IBM Corporation 2009. All Rights Reserved.