2 * Copyright 2005-2010 the original author or authors.
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
8 * http://www.apache.org/licenses/LICENSE-2.0
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
16 package org.wamblee.security.authorization;
18 import java.util.ArrayList;
19 import java.util.List;
21 import javax.persistence.DiscriminatorValue;
22 import javax.persistence.Entity;
24 import org.wamblee.usermgt.User;
25 import org.wamblee.usermgt.UserAccessor;
28 * Default implementation of an authorization service. To determine whether
29 * access to a resource is allowed, the service consults a number of
30 * authorization rules in a fixed order. The first rule that gives a result
31 * GRANTED or DENIED determines the result of the evaluation. Rules that return
32 * any other result are ignoed. If none of the rules match, than access is
35 * @author Erik Brakkee
38 @DiscriminatorValue("DEFAULT")
39 public class DefaultAuthorizationService extends AuthorizationService {
43 * List of ordered authorization rules.
45 private List<AuthorizationRule> rules;
48 * User accessor used to obtain the current user.
50 private UserAccessor userAccessor;
53 * Name for this instance of the authorization service.
58 * Constructs the service.
63 * Name of this instance of the service.
65 public DefaultAuthorizationService(UserAccessor aAccessor, String aName) {
66 rules = new ArrayList<AuthorizationRule>();
67 userAccessor = aAccessor;
72 * Constructs the authorization service.
74 public DefaultAuthorizationService() {
75 rules = new ArrayList<AuthorizationRule>();
81 * Sets the user accessor.
83 * @param aUserAccessor
87 public void setUserAccessor(UserAccessor aUserAccessor) {
88 userAccessor = aUserAccessor;
95 * org.wamblee.security.authorization.AuthorizationService#isAllowed(java
96 * .lang.Object, org.wamblee.security.authorization.Operation)
98 public boolean isAllowed(Object aResource, Operation aOperation) {
99 User user = userAccessor.getCurrentUser();
101 for (AuthorizationRule rule : rules) {
102 switch (rule.isAllowed(aResource, aOperation, user)) {
117 * @see org.wamblee.security.authorization.AuthorizationService#check(T,
118 * org.wamblee.security.authorization.Operation)
120 public <T> T check(T aResource, Operation aOperation) {
121 if (!isAllowed(aResource, aOperation)) {
122 throw new AuthorizationException(aResource, aOperation);
128 protected String getName() {
132 public void setName(String aName) {
139 * @see org.wamblee.security.authorization.AuthorizationService#getRules()
141 public AuthorizationRule[] getRules() {
142 return rules.toArray(new AuthorizationRule[0]);
149 * org.wamblee.security.authorization.AuthorizationService#appendRule(org
150 * .wamblee.security.authorization.AuthorizationRule)
152 public void appendRule(AuthorizationRule aRule) {
160 * org.wamblee.security.authorization.AuthorizationService#insertRuleAfter
161 * (int, org.wamblee.security.authorization.AuthorizationRule)
163 public void insertRuleAfter(int aIndex, AuthorizationRule aRule) {
164 rules.add(aIndex, aRule);
171 * org.wamblee.security.authorization.AuthorizationService#removeRule(int)
173 public void removeRule(int aIndex) {
174 rules.remove(aIndex);
182 protected List<AuthorizationRule> getMappedRules() {
192 protected void setMappedRules(List<AuthorizationRule> aRules) {