/** * Sets the modifiable list of authorized roles. This method clears the * current list and adds all entries in the parameter list. * * @param authorizedRoles * A list of authorized roles. */ public void setAuthorizedRoles(List<Role> authorizedRoles) { synchronized (getAuthorizedRoles()) { if (authorizedRoles != getAuthorizedRoles()) { getAuthorizedRoles().clear(); if (authorizedRoles != null) { getAuthorizedRoles().addAll(authorizedRoles); } } } }
/** * Sets the modifiable list of forbidden roles. This method clears the * current list and adds all entries in the parameter list. * * @param forbiddenRoles * A list of forbidden roles. */ public void setForbiddenRoles(List<Role> forbiddenRoles) { synchronized (getForbiddenRoles()) { if (forbiddenRoles != getForbiddenRoles()) { getForbiddenRoles().clear(); if (forbiddenRoles != null) { getForbiddenRoles().addAll(forbiddenRoles); } } } }
/** * Creates a root Router to dispatch call to server resources. */ @Override public Restlet createInboundRoot() { Router router = new Router(getContext()); router.attach("/", RootServerResource.class); router.attach("/accounts/", AccountsServerResource.class); router.attach("/accounts/{accountId}", AccountServerResource.class); router.attach("/accounts/{accountId}/files", FilesServerResource.class); RoleAuthorizer authorizer = new RoleAuthorizer(); authorizer.getAuthorizedRoles().add(getRole("CFO")); authorizer.setNext(router); ChallengeAuthenticator authenticator = new ChallengeAuthenticator( getContext(), ChallengeScheme.HTTP_BASIC, "My Realm"); authenticator.setNext(authorizer); return authenticator; } }
if (getAuthorizedRoles().isEmpty()) { authorized = true; } else { for (Role authorizedRole : getAuthorizedRoles()) { authorized = authorized || request.getClientInfo().getRoles() for (Role forbiddenRole : getForbiddenRoles()) { forbidden = forbidden || request.getClientInfo().getRoles()