PubSub Component Authorization

Will Tan
Added over 2 years ago


Is there a configuration in Tigase or PubSub component to only allow admins to perform PubSub actions? (I.e: create new nodes)

In my config, I have set my admin as:


and I am under the impression that I would need to use the admin account to be able to create new nodes but I am able to create node even when logged in as a non-admin user.

For example, if I am logged in as notadmin@mydomain, I want to make it that I am not able to create a node by sending the following stanza to the server.

<iq type='set'
<pubsub xmlns=''>
<create node='princely_musings'/>

Please let me know if my understanding above is wrong.

My setup is Tigase Server 7.0.4 with PubSub 3.1.0.


Replies (3)


Added by Bartosz Małkowski TigaseTeam over 2 years ago

In current implementation everybody can create new node.


Added by Will Tan over 2 years ago

So there no direct way to have this level of control within Tigase?

Any suggestion or idea on how this can possibly be achieved if we need to prevent every user from being able to create new nodes.

Thanks for the answer.


Added by Wojciech Kapcia TigaseTeam over 2 years ago

PubSub specification doesn't define, that only administrators should be able to create PubSub nodes, it implies, that such limitations may be imposed:

An entity may want to create a new node. Support for this feature ("create-nodes") is RECOMMENDED. However, a service MAY disallow creation of nodes based on the identity of the requesting entity, or MAY disallow node creation altogether (e.g., reserving that privilege to a service-wide administrator).

As Bartosz already said - currently such feature is not implemented. What you could do modify tigase.pubsub.modules.NodeCreateModule implementation and include additional check (for example only JIDs defined as admins can create nodes) and then use this implementation in Tigase.

In the new 7.2.0 version it will be possible to extend default modules without without the need to make changes to original sources.

I've created task #4605 to track this functionality and added you to watcher list.