new SecurityScriptBuilder()
A builder that can be used to create scripts for use with Session.security#updateStore.
Facilitates producing scripts that control the assigment of permissions to roles.
Methods
-
build()
-
Create the script string.
Returns:
The script
- Type
- String
-
removeTopicPermissions(role, path)
-
Remove any previously assigned permissions from a particular topic for a given role.
This is different from setting no permissions to a topic. By removing permissions set for a topic, permissions will be inherited from the nearest set of permissions that have been assigned higher in the topic path hierarchy or from the default topic permissions if no more specific permissions are found.
Parameters:
Name Type Description role
String The role to remove topic permissions from.
path
String The topic path to remove permissions from.
Returns:
-
setDefaultTopicPermissions(role [, permissions])
-
Set the default permissions that a particular role will have for topics.
Parameters:
Name Type Argument Default Description role
String The role to set topic permissions for.
permissions
Array.<String> <optional>
[] The topic permissions to assign for the role.
Returns:
-
setGlobalPermissions(role [, permissions])
-
Set the global permissions assigned to a particular role.
Parameters:
Name Type Argument Default Description role
String The role to set global permissions for.
permissions
Array.<String> <optional>
[] The permissions to assign globally for a role.
Returns:
-
setRoleIncludes(role [, roles])
-
Specify a set of a roles that another role should inherit permissions from.
Parameters:
Name Type Argument Default Description role
String The role
roles
Array.<String> <optional>
[] The set of roles to inherit from.
Returns:
-
setRolesForAnonymousSessions( [roles])
-
Sets the roles to be assigned by default to all anonymous sessions.
Parameters:
Name Type Argument Default Description roles
Array.<String> <optional>
[] The roles to be assigned. An empty array, or no argument, will result in anonymous sessions being assigned no roles by default.
Returns:
-
setRolesForNamedSession( [roles])
-
Sets the roles to be assigned by default to all sessions that authenticate with a principal.
Parameters:
Name Type Argument Default Description roles
Array.<String> <optional>
[] The roles to be assigned. Any empty array, or no argument, will result in named sessions being assigned no roles by default.
Returns:
-
setTopicPermissions(role, path, permissions)
-
Sets specific topic permissions for a named role.
When permissions are assigned to a role for a topic path they will apply to the topic and any topics below the specified path. Topic-scoped permissions are assigned to roles for specific topic paths. The permission assignment applies to all descendant topics, unless there is a more specific assignment.
To evaluate whether a session has permission for a topic, the server starts at that topic and searches up the tree to find the nearest permissions assignment. The first assignment is the only one considered, even if the session has roles involved in assignments further up the hierarchy.
Parameters:
Name Type Description role
String The role to assign permissions for.
path
String The topic path to assign permissions.
permissions
Array.<String> The permissions to assign to the role for the specified path. Any empty array or no argument would specify that the role has no permissions at this path, which differs from there being no permissions assigned for that path (see SecurityScriptBuilder#removeTopicPermissions).
Returns: