2 * Copyright 2005-2010 the original author or authors.
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
8 * http://www.apache.org/licenses/LICENSE-2.0
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
16 package org.wamblee.security.authorization;
18 import javax.persistence.DiscriminatorColumn;
19 import javax.persistence.Entity;
20 import javax.persistence.GeneratedValue;
21 import javax.persistence.GenerationType;
22 import javax.persistence.Id;
23 import javax.persistence.Inheritance;
24 import javax.persistence.InheritanceType;
25 import javax.persistence.Table;
26 import javax.persistence.Version;
28 import org.wamblee.persistence.Persistent;
30 import org.wamblee.usermgt.User;
33 * Represents an authorization rule to determine whether an operation is allowed
36 * @author Erik Brakkee
39 @Table(name = "SEC_AUTH_RULE")
40 @Inheritance(strategy = InheritanceType.SINGLE_TABLE)
41 @DiscriminatorColumn(name = "TYPE")
42 public abstract class AuthorizationRule {
45 @GeneratedValue(strategy = GenerationType.AUTO)
46 private Long primaryKey;
51 public AuthorizationRule() {
55 public AuthorizationRule(AuthorizationRule aRule) {
56 primaryKey = aRule.primaryKey;
57 version = aRule.version;
61 * Returns the supported object types for which this authorization rule
62 * applies. This can be used by the authorization service for optimization.
64 * @return Array of supported types.
66 public abstract Class[] getSupportedTypes();
69 * Determines whether an operation is allowed on a certain resource. The
70 * rule implementation must be prepared to deal with resources for which it
71 * does not apply. In those cases it should return
72 * {@link AuthorizationResult#UNSUPPORTED_RESOURCE}.
81 * @return Authorization result.
83 public abstract AuthorizationResult isAllowed(Object aResource, Operation aOperation,