Package org.apache.cxf.rt.security.saml.xacml2

Class AbstractXACMLAuthorizingInterceptor

java.lang.Object
org.apache.cxf.phase.AbstractPhaseInterceptor<org.apache.cxf.message.Message>
org.apache.cxf.rt.security.saml.xacml2.AbstractXACMLAuthorizingInterceptor
All Implemented Interfaces:
org.apache.cxf.interceptor.Interceptor<org.apache.cxf.message.Message>, org.apache.cxf.phase.PhaseInterceptor<org.apache.cxf.message.Message>
Direct Known Subclasses:
XACMLAuthorizingInterceptor
public abstract class AbstractXACMLAuthorizingInterceptor extends org.apache.cxf.phase.AbstractPhaseInterceptor<org.apache.cxf.message.Message>
An interceptor to perform an XACML 2.0 authorization request to a remote PDP using OpenSAML, and make an authorization decision based on the response. It takes the principal and roles from the SecurityContext, and uses the XACMLRequestBuilder to construct an XACML Request statement. How the actual PDP invocation is made is up to a subclass.

  • Constructor Summary

    Constructors
    Constructor
    Description
    AbstractXACMLAuthorizingInterceptor()
     

  • Method Summary

    Modifier and Type
    Method
    Description
    protected boolean
    authorize(Principal principal, List<String> roles, org.apache.cxf.message.Message message)
    Perform a (remote) authorization decision and return a boolean depending on the result
    XACMLRequestBuilder
    getRequestBuilder()
     
    void
    handleMessage(org.apache.cxf.message.Message message)
     
    protected void
    handleObligations(org.opensaml.xacml.ctx.RequestType request, Principal principal, org.apache.cxf.message.Message message, org.opensaml.xacml.ctx.ResultType result)
    Handle any Obligations returned by the PDP
    protected abstract org.opensaml.xacml.ctx.ResponseType
    performRequest(org.opensaml.xacml.ctx.RequestType request, org.apache.cxf.message.Message message)
     
    void
    setRequestBuilder(XACMLRequestBuilder requestBuilder)
     

    Methods inherited from class org.apache.cxf.phase.AbstractPhaseInterceptor

    addAfter, addAfter, addBefore, addBefore, getAdditionalInterceptors, getAfter, getBefore, getId, getPhase, handleFault, isGET, isRequestor, setAfter, setBefore

    Methods inherited from class java.lang.Object

    clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

  • Constructor Details

    • AbstractXACMLAuthorizingInterceptor

      public AbstractXACMLAuthorizingInterceptor()

  • Method Details

    • handleMessage

      public void handleMessage(org.apache.cxf.message.Message message) throws org.apache.cxf.interceptor.Fault
      Throws:
      org.apache.cxf.interceptor.Fault

    • getRequestBuilder

      public XACMLRequestBuilder getRequestBuilder()

    • setRequestBuilder

      public void setRequestBuilder(XACMLRequestBuilder requestBuilder)

    • authorize

      protected boolean authorize(Principal principal, List<String> roles, org.apache.cxf.message.Message message) throws Exception
      Perform a (remote) authorization decision and return a boolean depending on the result
      Throws:
      Exception

    • handleObligations

      protected void handleObligations(org.opensaml.xacml.ctx.RequestType request, Principal principal, org.apache.cxf.message.Message message, org.opensaml.xacml.ctx.ResultType result) throws Exception
      Handle any Obligations returned by the PDP
      Throws:
      Exception

    • performRequest

      protected abstract org.opensaml.xacml.ctx.ResponseType performRequest(org.opensaml.xacml.ctx.RequestType request, org.apache.cxf.message.Message message) throws Exception
      Throws:
      Exception