PubNub Wildcard Channel Group Manage Grant - Java SDK v4


When it comes to adding/removing channels to/from your channel groups, you need to have must have the manage permission for those channel groups. But you should never grant clients the permission to manage the channel groups that they will subscribe to. If they did, then they could add any channel they wanted to their channel group and instantly have read access to that channel.

So this is why your server must be the only entity that has the manage permission. But your server will need to have the manage permission for every single channel group so that it can add/remove channels to/from channel groups on behalf of all of the clients.

But granting manage to each and every channel group can be a bit tedious. Instead, you can grant manage to all channel groups (existing and to be created) in one wildcard grant.

// init PubNub instance using PNConfiguration with the secret-key
PNConfiguration pnConfiguration = new PNConfiguration();
// secret key allows server to `grant` permissions
// set the the server's auth key
PubNub pubnub = new PubNub(pnConfiguration);

// grant read and manage using the channel group wildcard - ":" 
// with forever ttl (0) 
    .channelGroups(Arrays.asList(":")) // colon (:) is channel group wildcard
    .manage(true) // add/remove channels to/from channel groups
    .read(true) // in case server needs to subscribe or do here-now on channel groups
    .ttl(0) // 0 = forever grant
    .async(new PNCallback<PNAccessManagerGrantResult>() {
        public void onResponse(PNAccessManagerGrantResult result, PNStatus status) {
            // check status for success or failure of grant

From here on, your server will be able to add/remove channels to/from any channel group your app creates.