Class astutedds::security::AccessControlPlugin

Class astutedds::security::AccessControlPlugin

ClassList > astutedds > security > AccessControlPlugin

Access Control Service Plugin Interface (SPI) More...

  • #include <access_control_spi.hpp>

Public Functions

Type Name
virtual bool check_create_datareader (PermissionsHandle permissions_handle, uint32_t domain_id, const std::string & topic_name, SecurityException & ex) = 0
Check if participant can create DataReader.
virtual bool check_create_datawriter (PermissionsHandle permissions_handle, uint32_t domain_id, const std::string & topic_name, SecurityException & ex) = 0
Check if participant can create DataWriter.
virtual bool check_relay_topic (PermissionsHandle permissions_handle, const std::string & topic_name, SecurityException & ex) = 0
Check if topic relay is allowed.
virtual bool check_remote_datareader (PermissionsHandle writer_permissions_handle, PermissionsHandle reader_permissions_handle, const PropertySeq & publication_data, const PropertySeq & subscription_data, SecurityException & ex) = 0
Check if local DataWriter can match with remote DataReader.
virtual bool check_remote_datawriter (PermissionsHandle reader_permissions_handle, PermissionsHandle writer_permissions_handle, const PropertySeq & subscription_data, const PropertySeq & publication_data, SecurityException & ex) = 0
Check if local DataReader can match with remote DataWriter.
virtual EndpointSecurityAttributes get_endpoint_sec_attributes (PermissionsHandle permissions_handle, const std::string & topic_name, SecurityException & ex) = 0
Get endpoint security attributes.
virtual ParticipantSecurityAttributes get_participant_sec_attributes (PermissionsHandle permissions_handle, SecurityException & ex) = 0
Get participant security attributes.
virtual Token get_permissions_credential_token (PermissionsHandle permissions_handle, SecurityException & ex) = 0
Get permissions credential token.
virtual Token get_permissions_token (PermissionsHandle permissions_handle, SecurityException & ex) = 0
Get permissions token.
virtual bool return_permissions_handle (PermissionsHandle permissions_handle, SecurityException & ex) = 0
Return permissions handle.
virtual PermissionsHandle validate_local_permissions (const AuthenticationPlugin & auth_plugin, IdentityHandle local_identity_handle, uint32_t domain_id, const PropertySeq & participant_qos, SecurityException & ex) = 0
Validate local permissions.
virtual PermissionsHandle validate_remote_permissions (const AuthenticationPlugin & auth_plugin, IdentityHandle local_identity_handle, IdentityHandle remote_identity_handle, const Token & remote_permissions_token, const Token & remote_credential_token, SecurityException & ex) = 0
Validate remote permissions.
virtual ~AccessControlPlugin () = default

Detailed Description

Based on DDS Security 1.1 Section 8.4 Provides authorization and permission enforcement

Public Functions Documentation

function check_create_datareader

Check if participant can create DataReader. 

virtual bool astutedds::security::AccessControlPlugin::check_create_datareader (
    PermissionsHandle permissions_handle,
    uint32_t domain_id,
    const std::string & topic_name,
    SecurityException & ex
) = 0

Parameters:

  • permissions_handle Permissions handle
  • domain_id Domain ID
  • topic_name Topic name
  • ex Security exception output

Returns:

True if allowed

function check_create_datawriter

Check if participant can create DataWriter. 

virtual bool astutedds::security::AccessControlPlugin::check_create_datawriter (
    PermissionsHandle permissions_handle,
    uint32_t domain_id,
    const std::string & topic_name,
    SecurityException & ex
) = 0

Parameters:

  • permissions_handle Permissions handle
  • domain_id Domain ID
  • topic_name Topic name
  • ex Security exception output

Returns:

True if allowed

function check_relay_topic

Check if topic relay is allowed. 

virtual bool astutedds::security::AccessControlPlugin::check_relay_topic (
    PermissionsHandle permissions_handle,
    const std::string & topic_name,
    SecurityException & ex
) = 0

Parameters:

  • permissions_handle Permissions handle
  • topic_name Topic name
  • ex Security exception output

Returns:

True if relay allowed

function check_remote_datareader

Check if local DataWriter can match with remote DataReader. 

virtual bool astutedds::security::AccessControlPlugin::check_remote_datareader (
    PermissionsHandle writer_permissions_handle,
    PermissionsHandle reader_permissions_handle,
    const PropertySeq & publication_data,
    const PropertySeq & subscription_data,
    SecurityException & ex
) = 0

Parameters:

  • writer_permissions_handle Writer's permissions
  • reader_permissions_handle Reader's permissions
  • publication_data Writer's endpoint data
  • subscription_data Reader's endpoint data
  • ex Security exception output

Returns:

True if match allowed

function check_remote_datawriter

Check if local DataReader can match with remote DataWriter. 

virtual bool astutedds::security::AccessControlPlugin::check_remote_datawriter (
    PermissionsHandle reader_permissions_handle,
    PermissionsHandle writer_permissions_handle,
    const PropertySeq & subscription_data,
    const PropertySeq & publication_data,
    SecurityException & ex
) = 0

Parameters:

  • reader_permissions_handle Reader's permissions
  • writer_permissions_handle Writer's permissions
  • subscription_data Reader's endpoint data
  • publication_data Writer's endpoint data
  • ex Security exception output

Returns:

True if match allowed

function get_endpoint_sec_attributes

Get endpoint security attributes. 

virtual EndpointSecurityAttributes astutedds::security::AccessControlPlugin::get_endpoint_sec_attributes (
    PermissionsHandle permissions_handle,
    const std::string & topic_name,
    SecurityException & ex
) = 0

Parameters:

  • permissions_handle Permissions handle
  • topic_name Topic name
  • ex Security exception output

Returns:

Endpoint security attributes

function get_participant_sec_attributes

Get participant security attributes. 

virtual ParticipantSecurityAttributes astutedds::security::AccessControlPlugin::get_participant_sec_attributes (
    PermissionsHandle permissions_handle,
    SecurityException & ex
) = 0

Parameters:

  • permissions_handle Permissions handle
  • ex Security exception output

Returns:

Participant security attributes

function get_permissions_credential_token

Get permissions credential token. 

virtual Token astutedds::security::AccessControlPlugin::get_permissions_credential_token (
    PermissionsHandle permissions_handle,
    SecurityException & ex
) = 0

Parameters:

  • permissions_handle Permissions handle
  • ex Security exception output

Returns:

Credential token

function get_permissions_token

Get permissions token. 

virtual Token astutedds::security::AccessControlPlugin::get_permissions_token (
    PermissionsHandle permissions_handle,
    SecurityException & ex
) = 0

Parameters:

  • permissions_handle Permissions handle
  • ex Security exception output

Returns:

Permissions token

function return_permissions_handle

Return permissions handle. 

virtual bool astutedds::security::AccessControlPlugin::return_permissions_handle (
    PermissionsHandle permissions_handle,
    SecurityException & ex
) = 0

Parameters:

  • permissions_handle Handle to release
  • ex Security exception output

Returns:

True if successfully released

function validate_local_permissions

Validate local permissions. 

virtual PermissionsHandle astutedds::security::AccessControlPlugin::validate_local_permissions (
    const AuthenticationPlugin & auth_plugin,
    IdentityHandle local_identity_handle,
    uint32_t domain_id,
    const PropertySeq & participant_qos,
    SecurityException & ex
) = 0

Parameters:

  • auth_plugin Authentication plugin (for identity verification)
  • local_identity_handle Local participant identity
  • domain_id DDS domain ID
  • participant_qos Participant QoS properties
  • ex Security exception output

Returns:

Permissions handle if valid, INVALID_PERMISSIONS_HANDLE otherwise

function validate_remote_permissions

Validate remote permissions. 

virtual PermissionsHandle astutedds::security::AccessControlPlugin::validate_remote_permissions (
    const AuthenticationPlugin & auth_plugin,
    IdentityHandle local_identity_handle,
    IdentityHandle remote_identity_handle,
    const Token & remote_permissions_token,
    const Token & remote_credential_token,
    SecurityException & ex
) = 0

Parameters:

  • auth_plugin Authentication plugin
  • local_identity_handle Local participant identity
  • remote_identity_handle Remote participant identity
  • remote_permissions_token Remote permissions token
  • remote_credential_token Remote credential token
  • ex Security exception output

Returns:

Permissions handle if valid

function ~AccessControlPlugin

virtual astutedds::security::AccessControlPlugin::~AccessControlPlugin () = default

The documentation for this class was generated from the following file include/astutedds/security/access_control_spi.hpp