/** * Sets the modifiable list of methods authorized for anonymous users. This * method clears the current list and adds all entries in the parameter * list. * * @param anonymousMethods * A list of methods authorized for anonymous users. */ public void setAnonymousMethods(List<Method> anonymousMethods) { synchronized (getAnonymousMethods()) { if (anonymousMethods != getAnonymousMethods()) { getAnonymousMethods().clear(); if (anonymousMethods != null) { getAnonymousMethods().addAll(anonymousMethods); } } } }
/** * Sets the modifiable list of methods authorized for authenticated users. * This method clears the current list and adds all entries in the parameter * list. * * @param authenticatedMethods * A list of methods authorized for authenticated users. */ public void setAuthenticatedMethods(List<Method> authenticatedMethods) { synchronized (getAuthenticatedMethods()) { if (authenticatedMethods != getAuthenticatedMethods()) { getAuthenticatedMethods().clear(); if (authenticatedMethods != null) { getAuthenticatedMethods().addAll(authenticatedMethods); } } } }
/** * Authorizes the request only if its method is one of the authorized * methods. * * @param request * The request sent. * @param response * The response to update. * @return True if the authorization succeeded. */ @Override public boolean authorize(Request request, Response response) { boolean authorized = false; if (request.getClientInfo().isAuthenticated()) { // Verify if the request method is one of the forbidden methods for (Method authenticatedMethod : getAuthenticatedMethods()) { authorized = authorized || request.getMethod().equals(authenticatedMethod); } } else { // Verify if the request method is one of the authorized methods for (Method authorizedMethod : getAnonymousMethods()) { authorized = authorized || request.getMethod().equals(authorizedMethod); } } return authorized; }