Class AbstractAuthorizingInInterceptor
- java.lang.Object
- 
- org.apache.cxf.phase.AbstractPhaseInterceptor<Message>
- 
- org.apache.cxf.interceptor.security.AbstractAuthorizingInInterceptor
 
 
- 
- All Implemented Interfaces:
- Interceptor<Message>,- PhaseInterceptor<Message>
 - Direct Known Subclasses:
- SimpleAuthorizingInterceptor
 
 public abstract class AbstractAuthorizingInInterceptor extends AbstractPhaseInterceptor<Message> 
- 
- 
Constructor SummaryConstructors Constructor Description AbstractAuthorizingInInterceptor()AbstractAuthorizingInInterceptor(boolean uniqueId)
 - 
Method SummaryAll Methods Instance Methods Abstract Methods Concrete Methods Modifier and Type Method Description protected booleanauthorize(SecurityContext sc, Method method)protected List<String>getDenyRoles(Method method)Returns a list of roles to be denied for a given method.protected abstract List<String>getExpectedRoles(Method method)Returns a list of expected roles for a given method.voidhandleMessage(Message message)Intercepts a message.booleanisAllowAnonymousUsers()protected booleanisMethodProtected(Method method)protected booleanisUserInRole(SecurityContext sc, List<String> roles, boolean deny)voidsetAllowAnonymousUsers(boolean allowAnonymousUsers)- 
Methods inherited from class org.apache.cxf.phase.AbstractPhaseInterceptoraddAfter, addAfter, addBefore, addBefore, getAdditionalInterceptors, getAfter, getBefore, getId, getPhase, handleFault, isGET, isRequestor, setAfter, setBefore
 
- 
 
- 
- 
- 
Method Detail- 
handleMessagepublic void handleMessage(Message message) Description copied from interface:InterceptorIntercepts a message. Interceptors should NOT invoke handleMessage or handleFault on the next interceptor - the interceptor chain will take care of this.
 - 
authorizeprotected boolean authorize(SecurityContext sc, Method method) 
 - 
isMethodProtectedprotected boolean isMethodProtected(Method method) 
 - 
isUserInRoleprotected boolean isUserInRole(SecurityContext sc, List<String> roles, boolean deny) 
 - 
getExpectedRolesprotected abstract List<String> getExpectedRoles(Method method) Returns a list of expected roles for a given method.- Parameters:
- method- Method
- Returns:
- list, empty if no roles are available
 
 - 
getDenyRolesprotected List<String> getDenyRoles(Method method) Returns a list of roles to be denied for a given method.- Parameters:
- method- Method
- Returns:
- list, empty if no roles are available
 
 - 
isAllowAnonymousUserspublic boolean isAllowAnonymousUsers() 
 - 
setAllowAnonymousUserspublic void setAllowAnonymousUsers(boolean allowAnonymousUsers) 
 
- 
 
-