Apache CXF API

org.apache.cxf.interceptor.security
Class AbstractAuthorizingInInterceptor

java.lang.Object
  extended by org.apache.cxf.phase.AbstractPhaseInterceptor<Message>
      extended by org.apache.cxf.interceptor.security.AbstractAuthorizingInInterceptor
All Implemented Interfaces:
Interceptor<Message>, PhaseInterceptor<Message>
Direct Known Subclasses:
SimpleAuthorizingInterceptor

public abstract class AbstractAuthorizingInInterceptor
extends AbstractPhaseInterceptor<Message>


Constructor Summary
AbstractAuthorizingInInterceptor()
           
 
Method Summary
protected  boolean authorize(SecurityContext sc, Method method)
           
protected  List<String> getDenyRoles(Method method)
          Returns a list of roles to be denied for a given method.
protected abstract  List<String> getExpectedRoles(Method method)
          Returns a list of expected roles for a given method.
protected  Method getTargetMethod(Message m)
           
 void handleMessage(Message message)
          Intercepts a message.
protected  boolean isUserInRole(SecurityContext sc, List<String> roles, boolean deny)
           
 
Methods inherited from class org.apache.cxf.phase.AbstractPhaseInterceptor
addAfter, addAfter, addBefore, addBefore, getAdditionalInterceptors, getAfter, getBefore, getId, getPhase, handleFault, isGET, isRequestor, setAfter, setBefore
 
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
 

Constructor Detail

AbstractAuthorizingInInterceptor

public AbstractAuthorizingInInterceptor()
Method Detail

handleMessage

public void handleMessage(Message message)
                   throws Fault
Description copied from interface: Interceptor
Intercepts a message. Interceptors should NOT invoke handleMessage or handleFault on the next interceptor - the interceptor chain will take care of this.

Throws:
Fault

getTargetMethod

protected Method getTargetMethod(Message m)

authorize

protected boolean authorize(SecurityContext sc,
                            Method method)

isUserInRole

protected boolean isUserInRole(SecurityContext sc,
                               List<String> roles,
                               boolean deny)

getExpectedRoles

protected abstract List<String> getExpectedRoles(Method method)
Returns a list of expected roles for a given method.

Parameters:
method - Method
Returns:
list, empty if no roles are available

getDenyRoles

protected List<String> getDenyRoles(Method method)
Returns a list of roles to be denied for a given method.

Parameters:
method - Method
Returns:
list, empty if no roles are available

Apache CXF API

Apache CXF