Package   Class  Use  Tree  Deprecated  Index  Help 
 PREV CLASS   NEXT CLASS FRAMES    NO FRAMES    
SUMMARY: NESTED | FIELD | CONSTR | METHOD DETAIL: FIELD | CONSTR | METHOD

org.jboss.aspects.security
Class RoleBasedAuthorizationInterceptor

java.lang.Object
  extended by org.jboss.aspects.security.RoleBasedAuthorizationInterceptor
All Implemented Interfaces:
org.jboss.aop.advice.Interceptor
public class RoleBasedAuthorizationInterceptor
extends Object
implements org.jboss.aop.advice.Interceptor

The RoleBasedAuthorizationInterceptor checks that the caller principal is authorized to call a method by verifing that it contains at least one of the required roled.

Version:
$Revision: 46061 $
Author:
Bill Burke, Oleg Nitz, Scott Stark., Dain Sundstrom.

Field Summary
protected  org.jboss.security.AuthenticationManager authenticationManager
           
protected  org.jboss.security.AuthorizationManager authorizationManager
           
protected  org.jboss.logging.Logger log
           
protected  org.jboss.security.RealmMapping realmMapping
           
 
Constructor Summary
RoleBasedAuthorizationInterceptor(org.jboss.security.AuthenticationManager authManager, org.jboss.security.AuthorizationManager authzManager)
           Creates an instance of RoleBasedAuthorizationInterceptor using the specified AuthenticationManager and AuthorizationManager implementations.
RoleBasedAuthorizationInterceptor(org.jboss.security.AuthenticationManager manager, org.jboss.security.RealmMapping realmMapping)
          Deprecated. use #RoleBasedAuthorizationInterceptor(AuthenticationManager, AuthorizationManager) instead.
 
Method Summary
protected  Set<Principal> getAnnotationRoleSet(org.jboss.aop.joinpoint.Invocation invocation)
           Obtains the roles that have been specified through annotations from the Invocation object.
 String getName()
           
protected  Set<Principal> getRoleSet(org.jboss.aop.joinpoint.Invocation invocation)
           Obtains the roles that have access to the method represented by the specified Invocation.
 Object invoke(org.jboss.aop.joinpoint.Invocation invocation)
          Check if the principal is authorized to call the method by verifying that the it containes at least one of the required roles.
 
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
 

Field Detail

log

protected org.jboss.logging.Logger log

authenticationManager

protected org.jboss.security.AuthenticationManager authenticationManager

authorizationManager

protected org.jboss.security.AuthorizationManager authorizationManager

realmMapping

protected org.jboss.security.RealmMapping realmMapping
Constructor Detail

RoleBasedAuthorizationInterceptor

@Deprecated
public RoleBasedAuthorizationInterceptor(org.jboss.security.AuthenticationManager manager,
                                                    org.jboss.security.RealmMapping realmMapping)
Deprecated. use #RoleBasedAuthorizationInterceptor(AuthenticationManager, AuthorizationManager) instead.

Creates an instance of RoleBasedAuthorizationInterceptor using the specified AuthenticationManager and RealmMapping implementations.

Parameters:
manager - the AuthenticationManager instance to be used when the caller hasn't been previously authenticated.
realmMapping - the RealmMapping instance to be used to determine if the caller has or has not the required roles.

RoleBasedAuthorizationInterceptor

public RoleBasedAuthorizationInterceptor(org.jboss.security.AuthenticationManager authManager,
                                         org.jboss.security.AuthorizationManager authzManager)

Creates an instance of RoleBasedAuthorizationInterceptor using the specified AuthenticationManager and AuthorizationManager implementations.

Parameters:
authManager - the AuthenticationManager instance to be used when the caller hasn't been previously authenticated.
authzManager - the AuthorizationManager instance to be used to determine if the caller is authorized to access the protected resource. This typically means checking if the caller has been assigned to one or more required roles.
Method Detail

getName

public String getName()
Specified by:
getName in interface org.jboss.aop.advice.Interceptor

getRoleSet

protected Set<Principal> getRoleSet(org.jboss.aop.joinpoint.Invocation invocation)

Obtains the roles that have access to the method represented by the specified Invocation.

Parameters:
invocation - the object that contains the metadata of the method being called.
Returns:
a Set<Principal> containing the allowed roles.

getAnnotationRoleSet

protected Set<Principal> getAnnotationRoleSet(org.jboss.aop.joinpoint.Invocation invocation)

Obtains the roles that have been specified through annotations from the Invocation object.

Parameters:
invocation - the object that contains the metadata of the method being called.
Returns:
a Set<Principal> containing the roles that have been specified through annotations.

invoke

public Object invoke(org.jboss.aop.joinpoint.Invocation invocation)
              throws Throwable
Check if the principal is authorized to call the method by verifying that the it containes at least one of the required roles.

Specified by:
invoke in interface org.jboss.aop.advice.Interceptor
Throws:
Throwable
Package   Class  Use  Tree  Deprecated  Index  Help 
 PREV CLASS   NEXT CLASS FRAMES    NO FRAMES    
SUMMARY: NESTED | FIELD | CONSTR | METHOD DETAIL: FIELD | CONSTR | METHOD
Copyright © 2009 JBoss Inc.. All Rights Reserved.