Package com.pushtechnology.diffusion.client.types

Enum Class PathPermission

java.lang.Object
java.lang.Enum<PathPermission>
com.pushtechnology.diffusion.client.types.PathPermission
All Implemented Interfaces:
Permission, Serializable, Comparable<PathPermission>, Constable
public enum PathPermission extends Enum<PathPermission> implements Permission
Permissions protecting access-controlled operations that are evaluated for a specific path.

The meaning of the path depends on the permission. Most permissions apply to topic paths in the topic tree. The SEND_TO_MESSAGE_HANDLER and SEND_TO_SESSION permissions apply to message paths. The ACQUIRE_LOCK permission applies to lock names.

Since:
6.5
Author:
DiffusionData Limited
See Also:

  • Enum Constant Details

    • SELECT_TOPIC

      public static final PathPermission SELECT_TOPIC
      Use a topic selector that selects a topic path.

      To fetch or subscribe using a topic selector, a session must have SELECT_TOPIC permission for each individual path that the selector may match. This allows SELECT_TOPIC to be granted to a branch of the topic tree and explicitly revoked for specific sub-branches.

      For full path pattern topic selectors, the model is even more restrictive: SELECT_TOPIC permission is required for all paths, at and below the path prefix of the selector. This is necessary to prevent circumvention using advanced regular expressions.

      When the subscription or fetch request completes, the resulting topics are further filtered based on the READ_TOPIC permission.

      A session that has READ_TOPIC but not SELECT_TOPIC for a particular topic path cannot subscribe directly to topics belonging to the path. However, the session can be independently subscribed by a control session that has GlobalPermission.MODIFY_SESSION permission in addition to the appropriate SELECT_TOPIC permission.

      Since:
      5.7

    • READ_TOPIC

      public static final PathPermission READ_TOPIC
      Required to receive information from a topic.

      If a session does not have read_topic permission for a topic, the topic will be excluded from the results of subscription or fetch operations for the session, and the topic's details cannot be retrieved by the session.

      See Also:

    • UPDATE_TOPIC

      public static final PathPermission UPDATE_TOPIC
      Update a topic.

    • MODIFY_TOPIC

      public static final PathPermission MODIFY_TOPIC
      Add a topic or remove a topic.

    • SEND_TO_MESSAGE_HANDLER

      public static final PathPermission SEND_TO_MESSAGE_HANDLER
      Send a message to a handler registered with the server for a particular message path.

    • SEND_TO_SESSION

      public static final PathPermission SEND_TO_SESSION
      Send a message to a client session for a particular message path.

    • QUERY_OBSOLETE_TIME_SERIES_EVENTS

      public static final PathPermission QUERY_OBSOLETE_TIME_SERIES_EVENTS
      Evaluate queries that return a non-current view of a time series topic.

      The READ_TOPIC permission is required to evaluate any type of TimeSeries.Query for a time series topic. This permission is additionally required for queries that potentially return a non-current view of all or part of a time series. Such queries include value range queries that specify an edit range, and all types of edit range query.

      See Also:

    • EDIT_TIME_SERIES_EVENTS

      public static final PathPermission EDIT_TIME_SERIES_EVENTS
      Submit edits to time series topic events.

      The UPDATE_TOPIC permission is required to update a time series topic. This permission is additionally required to submit edits to a time series topic.

      See Also:

    • EDIT_OWN_TIME_SERIES_EVENTS

      public static final PathPermission EDIT_OWN_TIME_SERIES_EVENTS
      Submit edits to time series topic events which have an author which is the same as the principal of the calling session.

      This permission is a more restrictive alternative to EDIT_TIME_SERIES_EVENTS.

      The UPDATE_TOPIC permission is required to update a time series topic. This permission is additionally required to submit edits to a time series topic where the event author is the same as the principal of the calling session.

      See Also:

    • ACQUIRE_LOCK

      public static final PathPermission ACQUIRE_LOCK
      Acquire a session lock.
      See Also:

    • EXPOSE_BRANCH

      public static final PathPermission EXPOSE_BRANCH
      Expose a branch of the topic tree as a virtual session tree.

      The EXPOSE_BRANCH path permission is powerful since it allows a session to expose a whole branch of the topic tree under a different set of path permissions.

      A session granted EXPOSE_BRANCH for a particular path effectively has the permission for all descendant paths. From a security perspective, if a role grants EXPOSE_BRANCH at branch X it is ineffectual for it also to deny EXPOSE_BRANCH at a child branch X/Y because a branch mapping to X can still expose paths below X/Y.

      Since:
      6.7
      See Also:

    • UNKNOWN_PATH_PERMISSION

      public static final PathPermission UNKNOWN_PATH_PERMISSION
      A permission that is unsupported by the session.

  • Method Details

    • values

      public static PathPermission[] values()
      Returns an array containing the constants of this enum class, in the order they are declared.
      Returns:
      an array containing the constants of this enum class, in the order they are declared

    • valueOf

      public static PathPermission valueOf(String name)
      Returns the enum constant of this class with the specified name. The string must match exactly an identifier used to declare an enum constant in this class. (Extraneous whitespace characters are not permitted.)
      Parameters:
      name - the name of the enum constant to be returned.
      Returns:
      the enum constant with the specified name
      Throws:
      IllegalArgumentException - if this enum class has no constant with the specified name
      NullPointerException - if the argument is null