+++ /dev/null
-/*
- * Copyright 2005-2010 the original author or authors.
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package org.wamblee.security.authorization;
-
-import java.util.ArrayList;
-import java.util.List;
-
-import javax.persistence.CascadeType;
-import javax.persistence.DiscriminatorValue;
-import javax.persistence.Entity;
-import javax.persistence.JoinColumn;
-import javax.persistence.JoinTable;
-import javax.persistence.OneToMany;
-import javax.persistence.OrderColumn;
-import javax.persistence.Transient;
-
-import org.wamblee.security.authentication.UserAccessor;
-import org.wamblee.security.authentication.UserAdministration;
-
-/**
- * Default implementation of an authorization service. To determine whether
- * access to a resource is allowed, the service consults a number of
- * authorization rules in a fixed order. The first rule that gives a result
- * GRANTED or DENIED determines the result of the evaluation. Rules that return
- * any other result are ignoed. If none of the rules match, than access is
- * denied.
- *
- * @author Erik Brakkee
- */
-@Entity
-@DiscriminatorValue("DEFAULT")
-public class DefaultAuthorizationService extends AbstractAuthorizationService {
-
- /**
- * List of ordered authorization rules.
- */
- @OneToMany(cascade = CascadeType.ALL, orphanRemoval = true, targetEntity = AbstractAuthorizationRule.class)
- @JoinTable(name = "SEC_AUTH_SVC_RULE", joinColumns = { @JoinColumn(name = "SVC_ID") }, inverseJoinColumns = { @JoinColumn(name = "RULE_ID") })
- @OrderColumn(name = "RULE_INDEX")
- private List<AuthorizationRule> rules;
-
- /**
- * User accessor used to obtain the current user.
- */
- @Transient
- private UserAccessor userAccessor;
-
- @Transient
- private UserAdministration userAdmin;
-
- /**
- * Constructs the service.
- *
- * @param aAccessor
- * User accessor.
- * @param aUserAdmin
- * User administration.
- * @param aName
- * Name of this instance of the service.
- */
- public DefaultAuthorizationService(UserAccessor aAccessor,
- UserAdministration aUserAdmin, String aName) {
- super(aName);
- rules = new ArrayList<AuthorizationRule>();
- userAccessor = aAccessor;
- userAdmin = aUserAdmin;
- }
-
- /**
- * Constructs the authorization service.
- */
- public DefaultAuthorizationService() {
- rules = new ArrayList<AuthorizationRule>();
- userAccessor = null;
- userAdmin = null;
- }
-
- @Override
- public void setUserAccessor(UserAccessor aUserAccessor) {
- userAccessor = aUserAccessor;
- }
-
- @Override
- public void setUserAdministration(UserAdministration aUserAdmin) {
- userAdmin = aUserAdmin;
- for (AuthorizationRule rule : rules) {
- rule.setUserAdministration(userAdmin);
- }
- }
-
- /*
- * (non-Javadoc)
- *
- * @see
- * org.wamblee.security.authorization.AuthorizationService#isAllowed(java
- * .lang.Object, org.wamblee.security.authorization.Operation)
- */
- public boolean isAllowed(Object aResource, Operation aOperation) {
- String user = userAccessor.getCurrentUser();
-
- for (AuthorizationRule rule : rules) {
- switch (rule.isAllowed(aResource, aOperation, user)) {
- case DENIED:
- return false;
-
- case GRANTED:
- return true;
- }
- }
-
- return false;
- }
-
- /*
- * (non-Javadoc)
- *
- * @see org.wamblee.security.authorization.AuthorizationService#check(T,
- * org.wamblee.security.authorization.Operation)
- */
- public <T> T check(T aResource, Operation aOperation) {
- if (!isAllowed(aResource, aOperation)) {
- throw new AuthorizationException(aResource, aOperation);
- }
-
- return aResource;
- }
-
- /*
- * (non-Javadoc)
- *
- * @see org.wamblee.security.authorization.AuthorizationService#getRules()
- */
- public AuthorizationRule[] getRules() {
- return rules.toArray(new AbstractAuthorizationRule[0]);
- }
-
- /*
- * (non-Javadoc)
- *
- * @see
- * org.wamblee.security.authorization.AuthorizationService#appendRule(org
- * .wamblee.security.authorization.AuthorizationRule)
- */
- public void appendRule(AuthorizationRule aRule) {
- aRule.setUserAdministration(userAdmin);
- rules.add(aRule);
- }
-
- /*
- * (non-Javadoc)
- *
- * @see
- * org.wamblee.security.authorization.AuthorizationService#insertRuleAfter
- * (int, org.wamblee.security.authorization.AuthorizationRule)
- */
- public void insertRuleAfter(int aIndex, AuthorizationRule aRule) {
- aRule.setUserAdministration(userAdmin);
- rules.add(aIndex, aRule);
- }
-
- /*
- * (non-Javadoc)
- *
- * @see
- * org.wamblee.security.authorization.AuthorizationService#removeRule(int)
- */
- public void removeRule(int aIndex) {
- rules.remove(aIndex);
- }
-
- /**
- * For OR mapping.
- *
- * @return The rules.
- */
- protected List<AuthorizationRule> getMappedRules() {
- return rules;
- }
-
- /**
- * For OR mapping.
- *
- * @param aRules
- * The rules.
- */
- protected void setMappedRules(List<AuthorizationRule> aRules) {
- rules = aRules;
- for (AuthorizationRule rule : rules) {
- rule.setUserAdministration(userAdmin);
- }
- }
-}
git://wamblee.org / utils / blobdiff