2 * Copyright 2005 the original author or authors.
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
8 * http://www.apache.org/licenses/LICENSE-2.0
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
16 package org.wamblee.security.authorization;
18 import org.wamblee.persistence.AbstractPersistent;
20 import org.wamblee.usermgt.User;
21 import org.wamblee.usermgt.UserAccessor;
23 import java.util.ArrayList;
24 import java.util.List;
28 * Default implementation of an authorization service. To determine
29 * whether access to a resource is allowed, the service consults a number of
30 * authorization rules in a fixed order. The first rule that gives a result
31 * GRANTED or DENIED determines the result of the evaluation. Rules that
32 * return any other result are ignoed. If none of the rules match, than
35 * @author Erik Brakkee
37 public class DefaultAuthorizationService extends AbstractPersistent
38 implements AuthorizationService {
40 * List of ordered authorization rules.
42 private List<AuthorizationRule> rules;
45 * User accessor used to obtain the current user.
47 private UserAccessor userAccessor;
50 * Name for this instance of the authorization service.
55 * Constructs the service.
56 * @param aAccessor User accessor.
57 * @param aName Name of this instance of the service.
59 public DefaultAuthorizationService(UserAccessor aAccessor, String aName) {
60 rules = new ArrayList<AuthorizationRule>();
61 userAccessor = aAccessor;
66 * Constructs the authorization service.
68 public DefaultAuthorizationService() {
69 rules = new ArrayList<AuthorizationRule>();
75 * Sets the user accessor.
77 * @param aUserAccessor User accessor.
79 public void setUserAccessor(UserAccessor aUserAccessor) {
80 userAccessor = aUserAccessor;
84 * @see org.wamblee.security.authorization.AuthorizationService#isAllowed(java.lang.Object, org.wamblee.security.authorization.Operation)
89 * @param aResource DOCUMENT ME!
90 * @param aOperation DOCUMENT ME!
92 * @return DOCUMENT ME!
94 public boolean isAllowed(Object aResource, Operation aOperation) {
95 User user = userAccessor.getCurrentUser();
97 for (AuthorizationRule rule : rules) {
98 switch (rule.isAllowed(aResource, aOperation, user)) {
111 * @see org.wamblee.security.authorization.AuthorizationService#check(T, org.wamblee.security.authorization.Operation)
116 * @param <T> DOCUMENT ME!
117 * @param aResource DOCUMENT ME!
118 * @param aOperation DOCUMENT ME!
120 * @return DOCUMENT ME!
122 * @throws AuthorizationException DOCUMENT ME!
124 public <T> T check(T aResource, Operation aOperation) {
125 if (!isAllowed(aResource, aOperation)) {
126 throw new AuthorizationException(aResource, aOperation);
135 * @return DOCUMENT ME!
137 protected String getName() {
144 * @param aName DOCUMENT ME!
146 public void setName(String aName) {
151 * @see org.wamblee.security.authorization.AuthorizationService#getRules()
156 * @return DOCUMENT ME!
158 public AuthorizationRule[] getRules() {
159 return rules.toArray(new AuthorizationRule[0]);
163 * @see org.wamblee.security.authorization.AuthorizationService#appendRule(org.wamblee.security.authorization.AuthorizationRule)
168 * @param aRule DOCUMENT ME!
170 public void appendRule(AuthorizationRule aRule) {
175 * @see org.wamblee.security.authorization.AuthorizationService#insertRuleAfter(int, org.wamblee.security.authorization.AuthorizationRule)
180 * @param aIndex DOCUMENT ME!
181 * @param aRule DOCUMENT ME!
183 public void insertRuleAfter(int aIndex, AuthorizationRule aRule) {
184 rules.add(aIndex, aRule);
188 * @see org.wamblee.security.authorization.AuthorizationService#removeRule(int)
193 * @param aIndex DOCUMENT ME!
195 public void removeRule(int aIndex) {
196 rules.remove(aIndex);
204 protected List<AuthorizationRule> getMappedRules() {
211 * @param aRules The rules.
213 protected void setMappedRules(List<AuthorizationRule> aRules) {