Permissions of an external component (XEP-0114)

Hi,

I’m not sure I’m posting this conversation in the right place. Maybe it belongs in the Whack subforums or just Openfire Support. Admins, feel free to correct my mistakes!

I have a question regarding external components (XEP-0114) and more specifically how OpenFire handles these. I’ve searched high and low for the answer and snooped through OpenFire’s source code but it isn’t clear to me yet.

What can an external component do exactly?

When reading the XEP it’s pretty open ended regarding a components permissions.

Quote from XEP-0114: “An external component is commonly trusted to do things that clients cannot, such as write ‘from’ addresses for the server’s domain(s).”

Okay, so ‘from’ addresses can probably be rewritten, but what else can be done? And how?

Thanks in advance,

Dennis