2 * Copyright 2005 the original author or authors.
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
8 * http://www.apache.org/licenses/LICENSE-2.0
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
16 package org.wamblee.security.authorization;
18 import org.apache.log4j.Logger;
20 import org.wamblee.persistence.AbstractPersistent;
21 import static org.wamblee.security.authorization.AuthorizationResult.DENIED;
22 import static org.wamblee.security.authorization.AuthorizationResult.GRANTED;
23 import static org.wamblee.security.authorization.AuthorizationResult.UNDECIDED;
24 import static org.wamblee.security.authorization.AuthorizationResult.UNSUPPORTED_RESOURCE;
26 import org.wamblee.usermgt.User;
30 * Utility base class for implementation of authentication rules based on
33 * <li>The path of the resource. To obtain the path of a resource,
34 * subclasses must implement {@link #getResourcePath(Object)}. Whether a
35 * path is appropriate is determined by a {@link
36 * org.wamblee.security.authorization.PathCondition}.</li>
37 * <li>The user identity with which the resource is accessed.
38 * Whether a user is appropriate is determined by a {@link
39 * org.wamblee.security.authorization.UserCondition}.</li>
40 * <li>The operation that is requested. Whether the operation is
41 * appropriate is determined by a {@link
42 * org.wamblee.security.authorization.OperationCondition}.</li>
44 * In case all three conditions match, the condition returns the
45 * configured result passed at construction (GRANTED or DENIED). If the
46 * resource is not of the specified type, the result is UNSUPPORTED_RESOURCE,
47 * otherwise, the result is UNDECIDED.
49 public abstract class UrlAuthorizationRule extends AbstractPersistent
50 implements AuthorizationRule {
54 private static final Logger LOGGER = Logger.getLogger(UrlAuthorizationRule.class);
57 * Result that the rule will return in case there is a match.
59 private AuthorizationResult result;
62 * A condition which specifies which users the rule is for.
64 private UserCondition userCondition;
67 * Path the rule applies for.
69 private PathCondition pathCondition;
72 * Resource class that the rule applies for.
74 private Class resourceClass;
77 * Operation that this rule is for.
79 private OperationCondition operationCondition;
82 * Constructs an authorization rule.
83 * IF the group and path match, then the provided result will be returned.
84 * @param aResult Result of the authorization when the path and group match.
85 * @param aUserCondition Condition to match users.
86 * @param aPathCondition Condition to match paths with.
87 * @param aResourceClass Supported resource class this is for.
88 * @param aOperationCondition Condition to match the operation with.
90 protected UrlAuthorizationRule(AuthorizationResult aResult,
91 UserCondition aUserCondition, PathCondition aPathCondition,
92 Class aResourceClass, OperationCondition aOperationCondition) {
93 if (!aResult.equals(GRANTED) && !aResult.equals(DENIED)) {
94 throw new IllegalArgumentException(
95 "Only GRANTED or DENIED may be used: " + aResult);
99 userCondition = aUserCondition;
100 pathCondition = aPathCondition;
101 resourceClass = aResourceClass;
102 operationCondition = aOperationCondition;
109 protected UrlAuthorizationRule(Class aResourceClass) {
111 userCondition = null;
112 pathCondition = null;
113 resourceClass = aResourceClass;
114 operationCondition = null;
121 protected UrlAuthorizationRule() {
123 userCondition = null;
124 pathCondition = null;
125 resourceClass = null;
126 operationCondition = null;
132 * @see org.wamblee.security.authorization.AuthorizationRule#getSupportedTypes()
137 * @return DOCUMENT ME!
139 public Class[] getSupportedTypes() {
140 return new Class[] { resourceClass };
146 * @see org.wamblee.security.authorization.AuthorizationRule#isAllowed(java.lang.Object,
147 * org.wamblee.security.authorization.Operation)
152 * @param aResource DOCUMENT ME!
153 * @param anOperation DOCUMENT ME!
154 * @param aUser DOCUMENT ME!
156 * @return DOCUMENT ME!
158 public AuthorizationResult isAllowed(Object aResource,
159 Operation anOperation, User aUser) {
160 if (!resourceClass.isInstance(aResource)) {
161 return UNSUPPORTED_RESOURCE;
164 String path = getResourcePath(aResource);
166 return isAllowed(path, anOperation, aUser);
170 * Determines if the operation is allowed on the resource.
172 * @param aPath Path of the resource.
173 * @param aOperation Operation to be done.
174 * @param aUser Currently logged in user or null if no user is logged in.
176 * @return Authorization result,
178 protected AuthorizationResult isAllowed(String aPath, Operation aOperation,
180 if (!pathCondition.matches(aPath)) {
184 if (!operationCondition.matches(aOperation)) {
188 if (!userCondition.matches(aUser)) {
196 * Gets the path of the resource.
198 * @param aResource Resource, guaranteed to be an instance of {@link
201 * @return Path of the resource.
203 protected abstract String getResourcePath(Object aResource);
206 * @see java.lang.Object#toString()
211 * @return DOCUMENT ME!
214 public String toString() {
215 return "UrlAUthorizationRule(result = " + result + ", pathCondition = "
216 + pathCondition + ", userCondition = " + userCondition
217 + ", resourceClass = " + resourceClass + ")";
221 * Gets the authorization result for OR mapping.
225 protected String getAuthorizationResultString() {
226 if (result == null) {
230 return result.toString();
234 * Sets the authorization result, for OR mapping.
236 * @param aResult Result.
238 protected void setAuthorizationResultString(String aResult) {
239 result = AuthorizationResult.valueOf(aResult);
245 * @return DOCUMENT ME!
247 protected String getResourceClassName() {
248 if (resourceClass == null) {
252 return resourceClass.getName();
258 * @param aResourceClass DOCUMENT ME!
260 * @throws IllegalArgumentException DOCUMENT ME!
262 protected void setResourceClassName(String aResourceClass) {
264 resourceClass = Class.forName(aResourceClass);
265 } catch (ClassNotFoundException e) {
266 LOGGER.error("Cannot find resource class '" + aResourceClass + "'",
268 throw new IllegalArgumentException(e.getMessage(), e);
275 * @return Returns the operationCondition.
277 public OperationCondition getOperationCondition() {
278 return operationCondition;
284 * @param aOperationCondition The operationCondition to set.
286 protected void setOperationCondition(OperationCondition aOperationCondition) {
287 operationCondition = aOperationCondition;
293 * @return Returns the pathCondition.
295 public PathCondition getPathCondition() {
296 return pathCondition;
302 * @param aPathCondition The pathCondition to set.
304 protected void setPathCondition(PathCondition aPathCondition) {
305 pathCondition = aPathCondition;
311 * @return Returns the userCondition.
313 public UserCondition getUserCondition() {
314 return userCondition;
320 * @param aUserCondition The userCondition to set.
322 protected void setUserCondition(UserCondition aUserCondition) {
323 userCondition = aUserCondition;