New accounts from admin only and smack

Ben25 · January 28, 2012, 11:24pm

I have installed the openfire server and it works great. I have a java application which uses the smack and smackx library to connect to my server using port 5222 which also works great.

I would like to set the server to disallow new account creation. I want my application to be the only entity that can register new accounts.

When I set “Inband Account Registration” to “Disabled”, my smack application can no longer crate users on the system. I have even set the user I login with as an administrator, but still no luck. I am using this code:


loadCredentials();

ConnectionConfiguration config = new ConnectionConfiguration(credentials.getServerUrl(), credentials.getServerPort(), credentials.getService());

connection = new XMPPConnection(config);

connection.connect();

connection.login(props.getUsername(), props.getPassword());

AccountManager am = new AccountManager(connection);

am.createAccount( username, password );

Which java library do I need to use to allow my application to create new users while keeping “Inband Account Registration” disabled? Also which port will this library use?

Thanks!

Robin_Collier · January 29, 2012, 1:32am

I don’t think that is possible. Disabling Inband Account Registration effectively turns off the ability to create accounts via XMPP (I believe). Your app and user have no special access, since you have turned off the actuall functionality.

You are looking for the ability to put specifial permissions against this service, and I don’t know if that is possilble.

Ben25 · January 29, 2012, 1:37am

But I can still make an account via the Admin panel on port 9090. Are you saying that I need to manually make http requests to the admin panel on 9090 for this to work? I am fully able to write this, but it seems like a hack.

Thanks for the info.

Robin_Collier · January 29, 2012, 2:13am

The admin panel is part of the actual server. It doesn’t access the server’s functionality via XMPP like your Smack client (or any other client) does. It does not have to follow any specification for access, as it is custom to this server.

If you want to provide similar capabilities via a remote xmpp client, you can write a plugin for OpenFire that gives that capability.

Ben25 · January 29, 2012, 2:19am

Great, can you point me to any tutorials or examples to get started writing plugins for Openfire? I would be happy to make this an opensource plugin as well. Assuming that my code is legit, do you have any idea how to list an plugin in the “Available Plugins” list?

-Ben

Robin_Collier · January 29, 2012, 2:50am

There are many existing plugins that you can take a look at and here is the dev guide.

I would suggest you simply offer the plugin up as an attachment in the forums when you’re done. Let the powers that be decide what to do from there.

Good luck.

Ben25 · January 29, 2012, 3:15am

Thanks so much for your help.

Just to check… this won’t help me will it?

http://www.igniterealtime.org/builds/openfire/docs/latest/documentation/javadoc/ org/jivesoftware/openfire/commands/admin/user/AddUser.html

For the record, the java application and the openfire server are running on the same linux box.

-Ben

Robin_Collier · January 29, 2012, 4:04pm

Looks like that appears to do exactly what you want. I wasn’t aware of those admin commands, but it appears to fit your use case perfectly as it is specifically for system administration.

The API doc is not that helpful if you want to do it from your client, but the spec it links to is, as you can write the adhoc commands using Smack.

The client application does not need to be colocated, it isn’t relevant.

onacit · March 21, 2018, 3:00am

I faced the same problem.
Disabled the in-band account creation, bypassed the capability to REST plugin who shares the port of 9090 with admin console, and secure the port accessibility to in-house addresses only.