The Authorizer interface is used for authorizing incoming requests.
Authorizers are specific to a transport and external authentication/ authorization mechanism and must be implemented specifically for an application.
An implementation of Authorizer is responsible for the following:
- Ensure that the current session, connection or request is properly authenticated (e.g., via username and password, using HTTP Basic Authentication or another transport-specific authentication mechanism). For transports that support an Authenticator, this is usually taken care of by the Authenticator.
- Check whether the user account associated with the request has the required permission for a specific method call.
Direct Base Classes: Poco::RefCountedObject
All Base Classes: Poco::RefCountedObject
Member Functions: authorize
Inherited Functions: duplicate, referenceCount, release
using Ptr = Poco::AutoPtr < Authorizer >;
Creates the Authorizer.
Destroys the Authorizer.
virtual bool authorize(
const std::string & method,
const std::string & permission
) = 0;
Verifies that the request is properly authenticated (using a transport-specific authentication mechanism, e.g. HTTP Basic Authentication) and checks whether the user account associated with the request has the given permission.
The given permission will be the the one specified with the @permission attribute for the respective remote method. If no @permission attribute has been specified for a remote method, this method will not be called.
An implementation of this method will usually obtain the Context object associated with the request to retrieve authentication data (e.g., username and password, or any other transport-specific information).
Returns true if the request is authorized, otherwise false.