git://wamblee.org / utils / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
history | raw | HEAD
Removed DOCUMENT ME comments that were generated and applied source code
[utils] / security / src / main / java / org / wamblee / security / authorization / UrlAuthorizationRule.java
1 /*
2  * Copyright 2005 the original author or authors.
3  *
4  * Licensed under the Apache License, Version 2.0 (the "License");
5  * you may not use this file except in compliance with the License.
6  * You may obtain a copy of the License at
7  *
8  *      http://www.apache.org/licenses/LICENSE-2.0
9  *
10  * Unless required by applicable law or agreed to in writing, software
11  * distributed under the License is distributed on an "AS IS" BASIS,
12  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13  * See the License for the specific language governing permissions and
14  * limitations under the License.
15  */
16 package org.wamblee.security.authorization;
17
18 import org.apache.log4j.Logger;
19
20 import org.wamblee.persistence.AbstractPersistent;
21 import static org.wamblee.security.authorization.AuthorizationResult.DENIED;
22 import static org.wamblee.security.authorization.AuthorizationResult.GRANTED;
23 import static org.wamblee.security.authorization.AuthorizationResult.UNDECIDED;
24 import static org.wamblee.security.authorization.AuthorizationResult.UNSUPPORTED_RESOURCE;
25
26 import org.wamblee.usermgt.User;
27
28 /**
29  * Utility base class for implementation of authentication rules based on the
30  * <ul>
31  * <li>The path of the resource. To obtain the path of a resource, subclasses
32  * must implement {@link #getResourcePath(Object)}. Whether a path is
33  * appropriate is determined by a
34  * {@link org.wamblee.security.authorization.PathCondition}.</li>
35  * <li>The user identity with which the resource is accessed. Whether a user is
36  * appropriate is determined by a
37  * {@link org.wamblee.security.authorization.UserCondition}.</li>
38  * <li>The operation that is requested. Whether the operation is appropriate is
39  * determined by a {@link org.wamblee.security.authorization.OperationCondition}
40  * .</li>
41  * </ul>
42  * In case all three conditions match, the condition returns the configured
43  * result passed at construction (GRANTED or DENIED). If the resource is not of
44  * the specified type, the result is UNSUPPORTED_RESOURCE, otherwise, the result
45  * is UNDECIDED.
46  */
47 public abstract class UrlAuthorizationRule extends AbstractPersistent implements
48     AuthorizationRule {
49     private static final Logger LOGGER = Logger
50         .getLogger(UrlAuthorizationRule.class);
51
52     /**
53      * Result that the rule will return in case there is a match.
54      */
55     private AuthorizationResult result;
56
57     /**
58      * A condition which specifies which users the rule is for.
59      */
60     private UserCondition userCondition;
61
62     /**
63      * Path the rule applies for.
64      */
65     private PathCondition pathCondition;
66
67     /**
68      * Resource class that the rule applies for.
69      */
70     private Class resourceClass;
71
72     /**
73      * Operation that this rule is for.
74      */
75     private OperationCondition operationCondition;
76
77     /**
78      * Constructs an authorization rule. IF the group and path match, then the
79      * provided result will be returned.
80      * 
81      * @param aResult
82      *            Result of the authorization when the path and group match.
83      * @param aUserCondition
84      *            Condition to match users.
85      * @param aPathCondition
86      *            Condition to match paths with.
87      * @param aResourceClass
88      *            Supported resource class this is for.
89      * @param aOperationCondition
90      *            Condition to match the operation with.
91      */
92     protected UrlAuthorizationRule(AuthorizationResult aResult,
93         UserCondition aUserCondition, PathCondition aPathCondition,
94         Class aResourceClass, OperationCondition aOperationCondition) {
95         if (!aResult.equals(GRANTED) && !aResult.equals(DENIED)) {
96             throw new IllegalArgumentException(
97                 "Only GRANTED or DENIED may be used: " + aResult);
98         }
99
100         result = aResult;
101         userCondition = aUserCondition;
102         pathCondition = aPathCondition;
103         resourceClass = aResourceClass;
104         operationCondition = aOperationCondition;
105     }
106
107     /**
108      * For OR mapping.
109      * 
110      */
111     protected UrlAuthorizationRule(Class aResourceClass) {
112         result = null;
113         userCondition = null;
114         pathCondition = null;
115         resourceClass = aResourceClass;
116         operationCondition = null;
117     }
118
119     /**
120      * For OR mapping.
121      * 
122      */
123     protected UrlAuthorizationRule() {
124         result = null;
125         userCondition = null;
126         pathCondition = null;
127         resourceClass = null;
128         operationCondition = null;
129     }
130
131     /*
132      * (non-Javadoc)
133      * 
134      * @see
135      * org.wamblee.security.authorization.AuthorizationRule#getSupportedTypes()
136      */
137     public Class[] getSupportedTypes() {
138         return new Class[] { resourceClass };
139     }
140
141     /*
142      * (non-Javadoc)
143      * 
144      * @see
145      * org.wamblee.security.authorization.AuthorizationRule#isAllowed(java.lang
146      * .Object, org.wamblee.security.authorization.Operation)
147      */
148     public AuthorizationResult isAllowed(Object aResource,
149         Operation anOperation, User aUser) {
150         if (!resourceClass.isInstance(aResource)) {
151             return UNSUPPORTED_RESOURCE;
152         }
153
154         String path = getResourcePath(aResource);
155
156         return isAllowed(path, anOperation, aUser);
157     }
158
159     /**
160      * Determines if the operation is allowed on the resource.
161      * 
162      * @param aPath
163      *            Path of the resource.
164      * @param aOperation
165      *            Operation to be done.
166      * @param aUser
167      *            Currently logged in user or null if no user is logged in.
168      * 
169      * @return Authorization result,
170      */
171     protected AuthorizationResult isAllowed(String aPath, Operation aOperation,
172         User aUser) {
173         if (!pathCondition.matches(aPath)) {
174             return UNDECIDED;
175         }
176
177         if (!operationCondition.matches(aOperation)) {
178             return UNDECIDED;
179         }
180
181         if (!userCondition.matches(aUser)) {
182             return UNDECIDED;
183         }
184
185         return result;
186     }
187
188     /**
189      * Gets the path of the resource.
190      * 
191      * @param aResource
192      *            Resource, guaranteed to be an instance of
193      *            {@link #resourceClass}.
194      * 
195      * @return Path of the resource.
196      */
197     protected abstract String getResourcePath(Object aResource);
198
199     /*
200      * (non-Javadoc)
201      * 
202      * @see java.lang.Object#toString()
203      */
204     @Override
205     public String toString() {
206         return "UrlAUthorizationRule(result = " + result +
207             ", pathCondition = " + pathCondition + ", userCondition = " +
208             userCondition + ", resourceClass = " + resourceClass + ")";
209     }
210
211     /**
212      * Gets the authorization result for OR mapping.
213      * 
214      * @return Result.
215      */
216     protected String getAuthorizationResultString() {
217         if (result == null) {
218             return null;
219         }
220
221         return result.toString();
222     }
223
224     /**
225      * Sets the authorization result, for OR mapping.
226      * 
227      * @param aResult
228      *            Result.
229      */
230     protected void setAuthorizationResultString(String aResult) {
231         result = AuthorizationResult.valueOf(aResult);
232     }
233
234     protected String getResourceClassName() {
235         if (resourceClass == null) {
236             return "";
237         }
238
239         return resourceClass.getName();
240     }
241
242     protected void setResourceClassName(String aResourceClass) {
243         try {
244             resourceClass = Class.forName(aResourceClass);
245         } catch (ClassNotFoundException e) {
246             LOGGER.error("Cannot find resource class '" + aResourceClass + "'",
247                 e);
248             throw new IllegalArgumentException(e.getMessage(), e);
249         }
250     }
251
252     /**
253      * 
254      * @return Returns the operationCondition.
255      */
256     public OperationCondition getOperationCondition() {
257         return operationCondition;
258     }
259
260     /**
261      * 
262      * @param aOperationCondition
263      *            The operationCondition to set.
264      */
265     protected void setOperationCondition(OperationCondition aOperationCondition) {
266         operationCondition = aOperationCondition;
267     }
268
269     /**
270      * 
271      * @return Returns the pathCondition.
272      */
273     public PathCondition getPathCondition() {
274         return pathCondition;
275     }
276
277     /**
278      * 
279      * @param aPathCondition
280      *            The pathCondition to set.
281      */
282     protected void setPathCondition(PathCondition aPathCondition) {
283         pathCondition = aPathCondition;
284     }
285
286     /**
287      * 
288      * @return Returns the userCondition.
289      */
290     public UserCondition getUserCondition() {
291         return userCondition;
292     }
293
294     /**
295      * 
296      * @param aUserCondition
297      *            The userCondition to set.
298      */
299     protected void setUserCondition(UserCondition aUserCondition) {
300         userCondition = aUserCondition;
301     }
302 }
http://utils.wamblee.org