PubNub Access Manager (PAM) extends PubNub's existing security framework by allowing developers to create and enforce secure access to channels throughout the PubNub Real Time Network.
Access Manager allows you to manage granular permissions for your realtime apps and data streams, create multiple permission levels, grant and revoke access, and audit user access.
To use Access Manager, you need to enable Access Manager in the Admin Dashboard. Once you enable Access Manager, you must grant permissions before any data can be sent or received.
PAM Server side Configuration
In order to client side working correctly, at server side must first issue the appropriate permissions for a given PAM channel or channel-group and auth token combination.
for granting these permission you must initialize pubnub instance at least with your subscribe and secret keys.
Example :
Step 1. Make Pubnub Configuration : -
PNConfiguration pnConfiguration = new PNConfiguration();
pnConfiguration.setSubscribeKey(SUBSCRIBE_KEY);
pnConfiguration.setPublishKey(PUBLISH_KEY);;
pnConfiguration.setSecretKey(SECRET_KEY);
pnConfiguration.setSecure(true);
pnConfiguration.setLogVerbosity(PNLogVerbosity.BODY);
Step 2. Initialize PubNub with pnConfiguration
PubNub pubnub = new PubNub(pnConfiguration);
PAM Operation occurs at three level
1. A global level (no auth key, and no channel/channel group is defined)
2. A channel/channel group level (only a channel/channel group is defined)
3. A channel/channel group and key level (where both the channel/channel group and key are defined)
At all these levels we can grant , revoke and audit permissions. Here we do the same on channel/channel group and auth key level.
PAM Grant
we can grant a read/write permission to auth_key on specific channels or channel groups
Example:
Synchronously:
try {
pubnub.grant().authKeys(Arrays.asList("auth1,auth2"))
.channels(Arrays.asList("channel1,channel2")).read(true).write(true ).ttl(0).sync();
} catch (PubNubException e) {
e.printStackTrace();
}
Asynchronously:
pubNub.grant().channels(channels).authKeys(Arrays.asList(authKey)).read(true).write(true).manage(false).ttl(0) .async(new PNCallback() {
@Override
public void onResponse(PNAccessManagerGrantResult result,
PNStatus status) {
}});
PAM REVOKE:
we can revoke a permission to auth_key from a specific channel or channel groups.
Syntax for revoking permission same as granting . Just we need to change the permission true to false.
try {
pubnub.grant().authKeys(Arrays.asList("auth1,auth2"))
.channels(Arrays.asList("channel1,channel2")).read(false).write( false ).ttl(0).sync();
} catch (PubNubException e) {
e.printStackTrace();
}
PAM Audit:
we can audit a given permission to specific channel/channel group or to a given auth_key on specific channel or channel group
Example:
pubnub.audit().channel("mycha").authKeys(Arrays.asList("a1")).async(new PNCallback<PNAccessManagerAuditResult>(){
@Override
public void onResponse(PNAccessManagerAuditResult result,
PNStatus status) {
}
});
PAM Add Channels into groups:
we can also add channels into channel groups
Example:
pubnub.addChannelsToChannelGroup().channelGroup("my_channel").channels(Arrays.asList("my_channel5"))
.async(new PNCallback<PNChannelGroupsAddChannelResult>() {
@Override
public void onResponse(PNChannelGroupsAddChannelResult result,PNStatus status) {
}
});
Authentication Isue at Client Side
(403 Forbidden):
If there is an error performing PAM operations, you may receive a 403 error. If you do, be sure you have set the correct secret_key, and the issuing computer's clock is synced with NTP.
NTP Setup
Network Time Protocol (NTP) is a protocol that is used to synchronize computer clock times in a network of computers. NTP uses Coordinated Universal Time (UTC) to synchronize computer clock times to a millisecond, and sometimes to a fraction of a millisecond.
Here we need to scyn server time with pubnub. Follow the step for doing so
Step 1 Intallation NTP
$ sudo apt-get update
$ sudo apt-get install ntp
Step 2 Edit ntp.conf
Replace these four with pubnub server
server 0.ubuntu.pool.ntp.org
server 1.ubuntu.pool.ntp.org
server 2.ubuntu.pool.ntp.org
server 3.ubuntu.pool.ntp.org
to
server 0.pubsub.pubnub.com
server 1.pubsub.pubnub.com
server 2.pubsub.pubnub.com
server 3.pubsub.pubnub.com
Step 3 Restart NTP Service
$ sudo service ntp restart
Ref :
[https://www.pubnub.com/docs/web-javascript/pam-security][1]
https://www.pubnub.com/docs/java/pubnub-java-sdk-v4