Package org.apache.cxf.rt.security.saml.xacml2

Class AbstractXACMLAuthorizingInterceptor

java.lang.Object

org.apache.cxf.phase.AbstractPhaseInterceptor<Message>

org.apache.cxf.rt.security.saml.xacml2.AbstractXACMLAuthorizingInterceptor

All Implemented Interfaces:

Interceptor<Message>, PhaseInterceptor<Message>

Direct Known Subclasses:

XACMLAuthorizingInterceptor

public abstract class AbstractXACMLAuthorizingInterceptor
extends AbstractPhaseInterceptor<Message>

An interceptor to perform an XACML 2.0 authorization request to a remote PDP using OpenSAML, and make an authorization decision based on the response. It takes the principal and roles from the SecurityContext, and uses the XACMLRequestBuilder to construct an XACML Request statement. How the actual PDP invocation is made is up to a subclass.

Constructor Summary

Constructors

Constructor	Description
AbstractXACMLAuthorizingInterceptor()

Method Summary

Modifier and Type	Method	Description
protected boolean	authorize(Principal principal, List<String> roles, Message message)	Perform a (remote) authorization decision and return a boolean depending on the result
XACMLRequestBuilder	getRequestBuilder()
void	handleMessage(Message message)	Intercepts a message.
protected void	handleObligations(org.opensaml.xacml.ctx.RequestType request, Principal principal, Message message, org.opensaml.xacml.ctx.ResultType result)	Handle any Obligations returned by the PDP
protected abstract org.opensaml.xacml.ctx.ResponseType	performRequest(org.opensaml.xacml.ctx.RequestType request, Message message)
void	setRequestBuilder(XACMLRequestBuilder requestBuilder)

Methods inherited from class org.apache.cxf.phase.AbstractPhaseInterceptor

addAfter, addAfter, addBefore, addBefore, getAdditionalInterceptors, getAfter, getBefore, getId, getPhase, handleFault, isGET, isRequestor, setAfter, setBefore

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Detail

AbstractXACMLAuthorizingInterceptor

public AbstractXACMLAuthorizingInterceptor()

Method Detail

handleMessage

public void handleMessage(Message message)
                   throws Fault

Description copied from interface: Interceptor

Intercepts a message. Interceptors should NOT invoke handleMessage or handleFault on the next interceptor - the interceptor chain will take care of this.

Throws:

Fault

getRequestBuilder

public XACMLRequestBuilder getRequestBuilder()

setRequestBuilder

public void setRequestBuilder(XACMLRequestBuilder requestBuilder)

authorize

protected boolean authorize(Principal principal,
                            List<String> roles,
                            Message message)
                     throws Exception

Perform a (remote) authorization decision and return a boolean depending on the result

Throws:

Exception

handleObligations

protected void handleObligations(org.opensaml.xacml.ctx.RequestType request,
                                 Principal principal,
                                 Message message,
                                 org.opensaml.xacml.ctx.ResultType result)
                          throws Exception

Handle any Obligations returned by the PDP

Throws:

Exception

performRequest

protected abstract org.opensaml.xacml.ctx.ResponseType performRequest(org.opensaml.xacml.ctx.RequestType request,
                                                                      Message message)
                                                               throws Exception

Throws:

Exception