Class AbstractAuthorizingInInterceptor

java.lang.Object
org.apache.cxf.phase.AbstractPhaseInterceptor<Message>
org.apache.cxf.interceptor.security.AbstractAuthorizingInInterceptor
All Implemented Interfaces:
Interceptor<Message>, PhaseInterceptor<Message>
Direct Known Subclasses:
SimpleAuthorizingInterceptor

public abstract class AbstractAuthorizingInInterceptor extends AbstractPhaseInterceptor<Message>
  • Constructor Details

    • AbstractAuthorizingInInterceptor

      public AbstractAuthorizingInInterceptor()
    • AbstractAuthorizingInInterceptor

      public AbstractAuthorizingInInterceptor(boolean uniqueId)
  • Method Details

    • handleMessage

      public void handleMessage(Message message)
      Description copied from interface: Interceptor
      Intercepts a message. Interceptors should NOT invoke handleMessage or handleFault on the next interceptor - the interceptor chain will take care of this.
    • authorize

      protected boolean authorize(SecurityContext sc, Method method)
    • isMethodProtected

      protected boolean isMethodProtected(Method method)
    • isUserInRole

      protected boolean isUserInRole(SecurityContext sc, List<String> roles, boolean deny)
    • getExpectedRoles

      protected abstract List<String> getExpectedRoles(Method method)
      Returns a list of expected roles for a given method.
      Parameters:
      method - Method
      Returns:
      list, empty if no roles are available
    • getDenyRoles

      protected List<String> getDenyRoles(Method method)
      Returns a list of roles to be denied for a given method.
      Parameters:
      method - Method
      Returns:
      list, empty if no roles are available
    • isAllowAnonymousUsers

      public boolean isAllowAnonymousUsers()
    • setAllowAnonymousUsers

      public void setAllowAnonymousUsers(boolean allowAnonymousUsers)