Package thredds.servlet.restrict
Interface Authorizer
- All Known Implementing Classes:
AuthorizerNoop,CAMSAuthorizer,TomcatAuthorizer
public interface Authorizer
An implementation must have a no-arg constructor, so it can be created through reflection.
This design allows for third party plug-ins.
-
Method Summary
Modifier and TypeMethodDescriptionbooleanauthorize(jakarta.servlet.http.HttpServletRequest req, jakarta.servlet.http.HttpServletResponse res, String role) Decide is this request is authorized in the named role.voiddoGet(jakarta.servlet.http.HttpServletRequest req, jakarta.servlet.http.HttpServletResponse res) Process this request.voidsetRoleSource(RoleSource roleSource) Set the role source, if there is one.
-
Method Details
-
setRoleSource
Set the role source, if there is one. If not, assume no role authentication is needed. use RoleSource.hasRole() to test for role.- Parameters:
roleSource- tells whether a user has the named role.
-
authorize
boolean authorize(jakarta.servlet.http.HttpServletRequest req, jakarta.servlet.http.HttpServletResponse res, String role) throws IOException, jakarta.servlet.ServletException Decide is this request is authorized in the named role. This method must be thread-safe.- Parameters:
req- the requestres- the responserole- need this role- Returns:
- true if user is authenticated. if false, must set res.setStatus().
- Throws:
IOException- I/O error, eg networkjakarta.servlet.ServletException- other errors
-
doGet
void doGet(jakarta.servlet.http.HttpServletRequest req, jakarta.servlet.http.HttpServletResponse res) throws jakarta.servlet.ServletException, IOException Process this request. May be a no-op.- Parameters:
req- the requestres- the response- Throws:
IOException- I/O error, eg networkjakarta.servlet.ServletException- other errors
-