AbstractAuthorizingInInterceptor (Apache CXF 3.6.0 API)

java.lang.Object

org.apache.cxf.phase.AbstractPhaseInterceptor<Message>

org.apache.cxf.interceptor.security.AbstractAuthorizingInInterceptor

All Implemented Interfaces:: Interceptor<Message>, PhaseInterceptor<Message>

Direct Known Subclasses:: SimpleAuthorizingInterceptor

public abstract class AbstractAuthorizingInInterceptor extends AbstractPhaseInterceptor<Message>

Constructor Summary

Constructors

Constructor

Description

AbstractAuthorizingInInterceptor()

AbstractAuthorizingInInterceptor(boolean uniqueId)
Method Summary

Modifier and Type

Method

Description

protected boolean

authorize(SecurityContext sc, Method method)

protected List<String>

getDenyRoles(Method method)

Returns a list of roles to be denied for a given method.

protected abstract List<String>

getExpectedRoles(Method method)

Returns a list of expected roles for a given method.

void

handleMessage(Message message)

Intercepts a message.

boolean

isAllowAnonymousUsers()

protected boolean

isMethodProtected(Method method)

protected boolean

isUserInRole(SecurityContext sc, List<String> roles, boolean deny)

void

setAllowAnonymousUsers(boolean allowAnonymousUsers)

Methods inherited from class org.apache.cxf.phase.AbstractPhaseInterceptor
addAfter, addAfter, addBefore, addBefore, getAdditionalInterceptors, getAfter, getBefore, getId, getPhase, handleFault, isGET, isRequestor, setAfter, setBefore

Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Details
- AbstractAuthorizingInInterceptor
  
  public AbstractAuthorizingInInterceptor()
- AbstractAuthorizingInInterceptor
  
  public AbstractAuthorizingInInterceptor(boolean uniqueId)
Method Details
- handleMessage
  
  public void handleMessage(Message message)
  
  Description copied from interface: Interceptor
  
  Intercepts a message. Interceptors should NOT invoke handleMessage or handleFault on the next interceptor - the interceptor chain will take care of this.
- authorize
  
  protected boolean authorize(SecurityContext sc, Method method)
- isMethodProtected
  
  protected boolean isMethodProtected(Method method)
- isUserInRole
  
  protected boolean isUserInRole(SecurityContext sc, List<String> roles, boolean deny)
- getExpectedRoles
  
  protected abstract List<String> getExpectedRoles(Method method)
  
  Returns a list of expected roles for a given method.
  
  Parameters:
  
  method - Method
  
  Returns:
  
  list, empty if no roles are available
- getDenyRoles
  
  protected List<String> getDenyRoles(Method method)
  
  Returns a list of roles to be denied for a given method.
  
  Parameters:
  
  method - Method
  
  Returns:
  
  list, empty if no roles are available
- isAllowAnonymousUsers
  
  public boolean isAllowAnonymousUsers()
- setAllowAnonymousUsers
  
  public void setAllowAnonymousUsers(boolean allowAnonymousUsers)