de.taimos.springcxfdaemon.providers

Class AuthorizationProvider

java.lang.Object

de.taimos.springcxfdaemon.providers.AuthorizationProvider

All Implemented Interfaces:

javax.ws.rs.container.ContainerRequestFilter

@Provider
 @Priority(value=1000)
public abstract class AuthorizationProvider
extends Object
implements javax.ws.rs.container.ContainerRequestFilter

Field Summary

Fields

Modifier and Type	Field and Description
static String	ANONYMOUS_USER UserName used for anonymous SecurityContext

Constructor Summary

Constructors

Constructor and Description
AuthorizationProvider()

Method Summary

Modifier and Type	Method and Description
protected void	abortUnauthorized(javax.ws.rs.container.ContainerRequestContext requestContext)
protected static org.apache.cxf.security.SecurityContext	createAnonymousSC(String... roles) Create a SecurityContext for an unauthenticated user to return to the provider
protected static org.apache.cxf.security.SecurityContext	createSC(String user, String... roles) Create a SecurityContext to return to the provider
void	filter(javax.ws.rs.container.ContainerRequestContext requestContext)
protected abstract org.apache.cxf.security.SecurityContext	handleAuthHeader(javax.ws.rs.container.ContainerRequestContext requestContext, org.apache.cxf.message.Message msg, String type, String auth) handle the presence of the Authorization header
protected abstract org.apache.cxf.security.SecurityContext	handleOther(javax.ws.rs.container.ContainerRequestContext requestContext, org.apache.cxf.message.Message msg, javax.ws.rs.core.HttpHeaders head) handle other auth methods like sessions, custom headers, etc
protected abstract boolean	isAuthorizationMandatory()
protected boolean	sendWWWAuthenticate()

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Field Detail

ANONYMOUS_USER

public static final String ANONYMOUS_USER

UserName used for anonymous SecurityContext

See Also:

Constant Field Values

Constructor Detail

AuthorizationProvider

public AuthorizationProvider()

Method Detail

filter

public final void filter(javax.ws.rs.container.ContainerRequestContext requestContext)
                  throws IOException

Specified by:

filter in interface javax.ws.rs.container.ContainerRequestFilter

Throws:

IOException

abortUnauthorized

protected final void abortUnauthorized(javax.ws.rs.container.ContainerRequestContext requestContext)

sendWWWAuthenticate

protected boolean sendWWWAuthenticate()

isAuthorizationMandatory

protected abstract boolean isAuthorizationMandatory()

Returns:

true if the request should fail if no valid user is found

handleAuthHeader

protected abstract org.apache.cxf.security.SecurityContext handleAuthHeader(javax.ws.rs.container.ContainerRequestContext requestContext,
                                                                            org.apache.cxf.message.Message msg,
                                                                            String type,
                                                                            String auth)

handle the presence of the Authorization header

Parameters:

requestContext - the CXF request context

msg - the message

type - the Authorization type (Basic|Bearer|...)

auth - the auth part of the header

Returns:

the SecurityContext if logged in or null

handleOther

protected abstract org.apache.cxf.security.SecurityContext handleOther(javax.ws.rs.container.ContainerRequestContext requestContext,
                                                                       org.apache.cxf.message.Message msg,
                                                                       javax.ws.rs.core.HttpHeaders head)

handle other auth methods like sessions, custom headers, etc

Parameters:

requestContext - the CXF request context

msg - the message

head - the HTTP headers

Returns:

the SecurityContext if logged in or null

createSC

protected static org.apache.cxf.security.SecurityContext createSC(String user,
                                                                  String... roles)

Create a SecurityContext to return to the provider

Parameters:

user - the user principal

roles - the roles of the user

Returns:

the SecurityContext

createAnonymousSC

protected static org.apache.cxf.security.SecurityContext createAnonymousSC(String... roles)

Create a SecurityContext for an unauthenticated user to return to the provider

Parameters:

roles - the roles of the user

Returns:

the SecurityContext