org.apache.cxf.interceptor.security
Class AbstractAuthorizingInInterceptor
java.lang.Object
org.apache.cxf.phase.AbstractPhaseInterceptor<Message>
org.apache.cxf.interceptor.security.AbstractAuthorizingInInterceptor
- All Implemented Interfaces:
- Interceptor<Message>, PhaseInterceptor<Message>
- Direct Known Subclasses:
- SimpleAuthorizingInterceptor
public abstract class AbstractAuthorizingInInterceptor
- extends AbstractPhaseInterceptor<Message>
Methods inherited from class org.apache.cxf.phase.AbstractPhaseInterceptor |
addAfter, addAfter, addBefore, addBefore, getAdditionalInterceptors, getAfter, getBefore, getId, getPhase, handleFault, isGET, isRequestor, setAfter, setBefore |
Methods inherited from class java.lang.Object |
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait |
AbstractAuthorizingInInterceptor
public AbstractAuthorizingInInterceptor()
handleMessage
public void handleMessage(Message message)
throws Fault
- Description copied from interface:
Interceptor
- Intercepts a message.
Interceptors should NOT invoke handleMessage or handleFault
on the next interceptor - the interceptor chain will
take care of this.
- Throws:
Fault
getTargetMethod
protected Method getTargetMethod(Message m)
authorize
protected boolean authorize(SecurityContext sc,
Method method)
isUserInRole
protected boolean isUserInRole(SecurityContext sc,
List<String> roles,
boolean deny)
getExpectedRoles
protected abstract List<String> getExpectedRoles(Method method)
- Returns a list of expected roles for a given method.
- Parameters:
method
- Method
- Returns:
- list, empty if no roles are available
getDenyRoles
protected List<String> getDenyRoles(Method method)
- Returns a list of roles to be denied for a given method.
- Parameters:
method
- Method
- Returns:
- list, empty if no roles are available
Apache CXF