Package org.apache.unomi.rest.authentication

Class AuthorizingInterceptor

java.lang.Object

org.apache.cxf.phase.AbstractPhaseInterceptor<org.apache.cxf.message.Message>

org.apache.cxf.interceptor.security.AbstractAuthorizingInInterceptor

org.apache.cxf.interceptor.security.SimpleAuthorizingInterceptor

org.apache.unomi.rest.authentication.AuthorizingInterceptor

All Implemented Interfaces:

org.apache.cxf.interceptor.Interceptor<org.apache.cxf.message.Message>, org.apache.cxf.phase.PhaseInterceptor<org.apache.cxf.message.Message>

public class AuthorizingInterceptor
extends org.apache.cxf.interceptor.security.SimpleAuthorizingInterceptor

Authorizing interceptor is in charge of testing that current authenticate user have the expected role during method access

Field Summary

Fields inherited from class org.apache.cxf.interceptor.security.SimpleAuthorizingInterceptor

globalRoles, methodRolesMap, userRolesMap

Constructor Summary

Constructors

Constructor	Description
AuthorizingInterceptor(RestAuthenticationConfig restAuthenticationConfig)

Method Summary

Modifier and Type	Method	Description
protected List<String>	getExpectedRoles(Method method)	Returns a list of expected roles for a given method.

Methods inherited from class org.apache.cxf.interceptor.security.SimpleAuthorizingInterceptor

createMethodSig, isUserInRole, setCheckConfiguredRolesOnly, setGlobalRoles, setMethodRolesMap, setUserRolesMap

Methods inherited from class org.apache.cxf.interceptor.security.AbstractAuthorizingInInterceptor

authorize, getDenyRoles, getTargetMethod, handleMessage, isAllowAnonymousUsers, isMethodProtected, setAllowAnonymousUsers

Methods inherited from class org.apache.cxf.phase.AbstractPhaseInterceptor

addAfter, addAfter, addBefore, addBefore, getAdditionalInterceptors, getAfter, getBefore, getId, getPhase, handleFault, isGET, isRequestor, setAfter, setBefore

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Detail

AuthorizingInterceptor

public AuthorizingInterceptor(RestAuthenticationConfig restAuthenticationConfig)

Method Detail

getExpectedRoles

protected List<String> getExpectedRoles(Method method)

Returns a list of expected roles for a given method. This override provide an additional lookup to the default implementation It's now possible resolve role mapping using this syntax: CLASS_NAME.METHOD_NAME

Overrides:

getExpectedRoles in class org.apache.cxf.interceptor.security.SimpleAuthorizingInterceptor

Parameters:

method - Method

Returns:

list, empty if no roles are available