Trait AccessControlPlugin 

pub trait AccessControlPlugin: Send + Sync {
    // Required methods
    fn validate_local_permissions(
        &mut self,
        local: IdentityHandle,
        participant_guid: [u8; 16],
        props: &PropertyList,
    ) -> SecurityResult<PermissionsHandle>;
    fn validate_remote_permissions(
        &mut self,
        local: IdentityHandle,
        remote: IdentityHandle,
        remote_permissions_token: &[u8],
        remote_credential: &[u8],
    ) -> SecurityResult<PermissionsHandle>;
    fn check_create_datawriter(
        &self,
        perms: PermissionsHandle,
        topic_name: &str,
    ) -> SecurityResult<AccessDecision>;
    fn check_create_datareader(
        &self,
        perms: PermissionsHandle,
        topic_name: &str,
    ) -> SecurityResult<AccessDecision>;
    fn check_remote_datawriter_match(
        &self,
        local_perms: PermissionsHandle,
        remote_perms: PermissionsHandle,
        topic_name: &str,
    ) -> SecurityResult<AccessDecision>;
    fn check_remote_datareader_match(
        &self,
        local_perms: PermissionsHandle,
        remote_perms: PermissionsHandle,
        topic_name: &str,
    ) -> SecurityResult<AccessDecision>;
    fn plugin_class_id(&self) -> &str;

    // Provided methods
    fn check_create_participant(
        &self,
        _local_perms: PermissionsHandle,
        _domain_id: u32,
    ) -> SecurityResult<AccessDecision> { ... }
    fn check_remote_participant(
        &self,
        _local_perms: PermissionsHandle,
        _remote_perms: PermissionsHandle,
        _domain_id: u32,
    ) -> SecurityResult<AccessDecision> { ... }
    fn check_create_topic(
        &self,
        _local_perms: PermissionsHandle,
        _topic_name: &str,
    ) -> SecurityResult<AccessDecision> { ... }
    fn get_permissions_token(
        &self,
        _local_perms: PermissionsHandle,
    ) -> SecurityResult<Vec<u8>> { ... }
    fn get_permissions_credential_token(
        &self,
        _local_perms: PermissionsHandle,
    ) -> SecurityResult<Vec<u8>> { ... }
}

Access control plugin trait (spec §8.4.2.9).

Required Methods

fn validate_local_permissions( &mut self, local: IdentityHandle, participant_guid: [u8; 16], props: &PropertyList, ) -> SecurityResult<PermissionsHandle>

Validates local permissions (Governance.xml + Permissions.xml

• signature check against the permissions CA).

Spec §8.4.2.9.1

fn validate_remote_permissions( &mut self, local: IdentityHandle, remote: IdentityHandle, remote_permissions_token: &[u8], remote_credential: &[u8], ) -> SecurityResult<PermissionsHandle>

Validates remote permissions from the SEDP handshake.

Spec §8.4.2.9.2

fn check_create_datawriter( &self, perms: PermissionsHandle, topic_name: &str, ) -> SecurityResult<AccessDecision>

May this participant create a DataWriter on this topic?

Spec §8.4.2.9.4 check_create_datawriter.

fn check_create_datareader( &self, perms: PermissionsHandle, topic_name: &str, ) -> SecurityResult<AccessDecision>

May this participant create a DataReader on this topic?

Spec §8.4.2.9.5 check_create_datareader.

fn check_remote_datawriter_match( &self, local_perms: PermissionsHandle, remote_perms: PermissionsHandle, topic_name: &str, ) -> SecurityResult<AccessDecision>

May the local reader match the remote’s publication?

Spec §8.4.2.9.17 check_remote_datawriter_match.

fn check_remote_datareader_match( &self, local_perms: PermissionsHandle, remote_perms: PermissionsHandle, topic_name: &str, ) -> SecurityResult<AccessDecision>

Mirror image: may a remote reader match our writer?

fn plugin_class_id(&self) -> &str

Plugin class id (e.g. “DDS:Access:Permissions:1.2”) for SPDP announcing.

Provided Methods

fn check_create_participant( &self, _local_perms: PermissionsHandle, _domain_id: u32, ) -> SecurityResult<AccessDecision>

Spec §9.4.2.5: check_create_participant. Default: permit (no plugin-specific filtering).

Errors

Implementation-specific.

fn check_remote_participant( &self, _local_perms: PermissionsHandle, _remote_perms: PermissionsHandle, _domain_id: u32, ) -> SecurityResult<AccessDecision>

Spec §9.4.2.6: check_remote_participant — may the remote participant join our domain? Default: permit.

Errors

Implementation-specific.

fn check_create_topic( &self, _local_perms: PermissionsHandle, _topic_name: &str, ) -> SecurityResult<AccessDecision>

Spec §9.4.2.10: check_create_topic — may the local subject create a topic with that name? Default: permit.

Errors

Implementation-specific.

fn get_permissions_token( &self, _local_perms: PermissionsHandle, ) -> SecurityResult<Vec<u8>>

Spec §9.4.2.13: get_permissions_token — opaque permissions token for SPDP announcing (PID_PERMISSIONS_TOKEN 0x1002). Default: empty.

Errors

Implementation-specific.

fn get_permissions_credential_token( &self, _local_perms: PermissionsHandle, ) -> SecurityResult<Vec<u8>>

Spec §9.4.2.14: get_permissions_credential_token — opaque credential passed on in the authentication plugin via set_permissions_credential_and_token. Default: empty.

Errors

Implementation-specific.

Dyn Compatibility

This trait is dyn compatible.

In older versions of Rust, dyn compatibility was called "object safety".

Implementors

impl AccessControlPlugin for MockAccessControlPlugin