2 * Copyright 2005-2010 the original author or authors.
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
8 * http://www.apache.org/licenses/LICENSE-2.0
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
16 package org.wamblee.security.authorization;
18 import javax.persistence.DiscriminatorColumn;
19 import javax.persistence.Entity;
20 import javax.persistence.GeneratedValue;
21 import javax.persistence.GenerationType;
22 import javax.persistence.Id;
23 import javax.persistence.Inheritance;
24 import javax.persistence.InheritanceType;
25 import javax.persistence.NamedQueries;
26 import javax.persistence.NamedQuery;
27 import javax.persistence.Table;
28 import javax.persistence.Version;
30 import org.wamblee.usermgt.UserAccessor;
33 * Service to determine if access to a certain resource is allowed.
35 * @author Erik Brakkee
38 @Table(name = "SEC_AUTH_SVC")
39 @Inheritance(strategy = InheritanceType.SINGLE_TABLE)
40 @DiscriminatorColumn(name = "TYPE")
42 @NamedQuery(name = AuthorizationService.QUERY_FIND_BY_NAME,
43 query = "select s from AuthorizationService s where s.name = :" +
44 AuthorizationService.NAME_PARAM)
46 public abstract class AuthorizationService {
48 public static final String QUERY_FIND_BY_NAME = "AuthorizationService.findByName";
49 public static final String NAME_PARAM = "name";
52 @GeneratedValue(strategy = GenerationType.AUTO)
53 private Long primaryKey;
58 public AuthorizationService() {
62 public AuthorizationService(AuthorizationService aSvc) {
63 primaryKey = aSvc.primaryKey;
64 version = aSvc.version;
68 * Checks whether an operation is allowed on a resource.
75 * @return Checks whether the operation is allowed on a resource.
77 public abstract boolean isAllowed(Object aResource, Operation aOperation);
79 public abstract <T> T check(T aResource, Operation aOperation);
82 * Gets the authorization rules.
86 public abstract AuthorizationRule[] getRules();
89 * Appends a new authorization rule to the end.
94 public abstract void appendRule(AuthorizationRule aRule);
100 * Index of the rule to remove.
102 public abstract void removeRule(int aIndex);
108 * Index of the position of the rule after insertion.
112 public abstract void insertRuleAfter(int aIndex, AuthorizationRule aRule);
115 * Sets the user accessor so that the authorization service can get access to the logged in
117 * @param aUserAccessor User accessor.
119 public abstract void setUserAccessor(UserAccessor aUserAccessor);