I’‘ve written some code using the Smack API to add users. This code is called via a Web interface (which has it’'s own user authentication). I want to restrict the ability to add users to administrators using the Web interface. I allow Web administrators (and only administrators) to call the app that uses the Smack API. This app in turn logs into the Jive Messenger service as ‘‘admin’’ and adds (or deletes) the user accounts. Problem is that if I set the register.inband property to false, then no one can create a new user. If I set it to true, then admins using my Web interface can creat new users, and so can anyone using a Jabber client. Is there a way to set things so that only a user logged in as ‘‘admin’’ can create new users?
Hi bplatt,
Is there a way to set things so that only a user logged in as ‘‘admin’’
can create new users?
Unfortunately, since Messenger doesn’‘t yet have the concept of role based security, I don’'t believe there is anyway to do this out-of-box. However, depending on how you have things setup you could probably write a plugin that uses a PacketInterceptor to intercept (and reject) registration requests from “clients” other than your custom app that uses Smack.
Hope that helps,
Ryan