To develop an authorization application you need to understand
how the authorizationService interface passes information.
Restrictions
The following restrictions apply when
you implement the Authorization service:
- Only one authorization service registration is allowed.
- The Authorization service should be deployed on the same WebSphere® Application Server server as Presence Server.
- Each new SUBSCRIBE request will use the following method to subscribe
to permission notifications for that subscription: AuthorizationService.doSubscribeIsAllowedUser().
- Presence Server will
use the same method–AuthorizationService.doUnsubscribeIsAllowedUser()–to
stop receiving notifications on permission policies when the subscription
is no longer active. As long as the subscription to the Authorization service
is active, it will send notification to Presence Server.
Note: For communication to take place with the external authorization
service, the Presence Server externalAuthorization tag
must be enabled (the enable value set to true). See the topic Configuring
authorization for more information.
Implementing the Authorization service
You can implement
the Authorization service by the following steps:
- Create an EJB project and implement the AuthorizationService interface:
public interface AuthorizationService {
public void doSubscribeIsAllowedUser (AuthorizationData authorization Data,
AuthorizationRulesListener listener) throws RemoteException;
public void doUnsubscribeIsAllowedUser (AuthorizationData authorization Data)
throws RemoteException;
}
- Register with the Presence Server using:
AuthorizationServiceManager.registerAuthorizationService (AuthorizationData data) API.
This mechanism is used in place of a JNDI mechanism. When registering to Presence Server a
reference to an AuthorizationService EJB, which is encapsulated within AuthorizationData,
is passed to Presence Server.
- Presence Server calls
method doSubscribeIsAllowedUser( ) for every new subscription that it receives.
If the subscription is on a resource-list, this method is called for each
member in the resource-list. This method is implemented by a third party and
passes these two objects to the AuthorizationService EJB.
- AuthorizationData: This object encapsulates the information
about To or From headers that the AuthorizationService
uses to retrieve authorization. The logic of this object needs to be implemented
by a third party.
- AuthorizationRulesListener: This object provides
a handle to a listener in Presence Server where
authorizationService uses the method
onSubscriptionIsAllowed(AuthorizationData authorizationData data, AuthorizationRules Rule)
This method can be used synchronously or asynchronously to notify Presence Server for
authorization results or changes. The third party will instantiate the object rule,
which contains the authorization result in the form of an integer representing
one of the following actions: Block, Confirm, Polite_Block,
or Allow. Presence Server will
then examine the rule object to determine whether or not
it can retrieve the current presence information for that presence entity,
and will then send it to the subscriber.
Note that the Polite
Block action was called Block in previous versions
of Presence Server.