*/
package org.wamblee.security.authorization;
-import org.wamblee.persistence.Persistent;
+import javax.persistence.DiscriminatorColumn;
+import javax.persistence.Entity;
+import javax.persistence.GeneratedValue;
+import javax.persistence.GenerationType;
+import javax.persistence.Id;
+import javax.persistence.Inheritance;
+import javax.persistence.InheritanceType;
+import javax.persistence.NamedQueries;
+import javax.persistence.NamedQuery;
+import javax.persistence.Table;
+import javax.persistence.Version;
+
+import org.wamblee.usermgt.UserAccessor;
/**
* Service to determine if access to a certain resource is allowed.
*
* @author Erik Brakkee
*/
-public interface AuthorizationService extends Persistent {
+@Entity
+@Table(name = "SEC_AUTH_SVC")
+@Inheritance(strategy = InheritanceType.SINGLE_TABLE)
+@DiscriminatorColumn(name = "TYPE")
+@NamedQueries(
+ @NamedQuery(name = AuthorizationService.QUERY_FIND_BY_NAME,
+ query = "select s from AuthorizationService s where s.name = :" +
+ AuthorizationService.NAME_PARAM)
+ )
+public abstract class AuthorizationService {
+
+ public static final String QUERY_FIND_BY_NAME = "AuthorizationService.findByName";
+ public static final String NAME_PARAM = "name";
+
+ @Id
+ @GeneratedValue(strategy = GenerationType.AUTO)
+ private Long primaryKey;
+
+ @Version
+ private int version;
+
+ public AuthorizationService() {
+ // Empty.
+ }
+
+ public AuthorizationService(AuthorizationService aSvc) {
+ primaryKey = aSvc.primaryKey;
+ version = aSvc.version;
+ }
+
/**
* Checks whether an operation is allowed on a resource.
*
*
* @return Checks whether the operation is allowed on a resource.
*/
- boolean isAllowed(Object aResource, Operation aOperation);
+ public abstract boolean isAllowed(Object aResource, Operation aOperation);
- <T> T check(T aResource, Operation aOperation);
+ public abstract <T> T check(T aResource, Operation aOperation);
/**
* Gets the authorization rules.
*
* @return Rules.
*/
- AuthorizationRule[] getRules();
+ public abstract AuthorizationRule[] getRules();
/**
* Appends a new authorization rule to the end.
* @param aRule
* Rule to append.
*/
- void appendRule(AuthorizationRule aRule);
+ public abstract void appendRule(AuthorizationRule aRule);
/**
* Removes a rule.
* @param aIndex
* Index of the rule to remove.
*/
- void removeRule(int aIndex);
+ public abstract void removeRule(int aIndex);
/**
* Inserts a rule.
* @param aRule
* Rule to insert.
*/
- void insertRuleAfter(int aIndex, AuthorizationRule aRule);
+ public abstract void insertRuleAfter(int aIndex, AuthorizationRule aRule);
+
+ /**
+ * Sets the user accessor so that the authorization service can get access to the logged in
+ * user.
+ * @param aUserAccessor User accessor.
+ */
+ public abstract void setUserAccessor(UserAccessor aUserAccessor);
}