2 * Copyright 2005 the original author or authors.
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
8 * http://www.apache.org/licenses/LICENSE-2.0
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
17 package org.wamblee.security.authorization;
19 import java.util.ArrayList;
20 import java.util.List;
22 import org.wamblee.persistence.AbstractPersistent;
23 import org.wamblee.usermgt.User;
24 import org.wamblee.usermgt.UserAccessor;
27 * Default implementation of an authorization service.
28 * To determine whether access to a resource is allowed, the service consults a number
29 * of authorization rules in a fixed order. The first rule that gives a result GRANTED or
30 * DENIED determines the result of the evaluation. Rules that return any other result are
31 * ignoed. If none of the rules match, than access is denied.
33 public class DefaultAuthorizationService extends AbstractPersistent implements AuthorizationService {
36 * List of ordered authorization rules.
38 private List<AuthorizationRule> _rules;
41 * User accessor used to obtain the current user.
43 private UserAccessor _userAccessor;
46 * Name for this instance of the authorization service.
51 * Constructs the service.
52 * @param aAccessor User accessor.
53 * @param aName Name of this instance of the service.
55 public DefaultAuthorizationService(UserAccessor aAccessor, String aName) {
56 _rules = new ArrayList<AuthorizationRule>();
57 _userAccessor = aAccessor;
62 * Constructs the authorization service.
64 public DefaultAuthorizationService() {
65 _rules = new ArrayList<AuthorizationRule>();
71 * Sets the user accessor.
72 * @param aUserAccessor User accessor.
74 public void setUserAccessor(UserAccessor aUserAccessor) {
75 _userAccessor = aUserAccessor;
79 * @see org.wamblee.security.authorization.AuthorizationService#isAllowed(java.lang.Object, org.wamblee.security.authorization.Operation)
81 public boolean isAllowed(Object aResource, Operation aOperation) {
82 User user = _userAccessor.getCurrentUser();
83 for (AuthorizationRule rule: _rules) {
84 switch ( rule.isAllowed(aResource, aOperation, user)) {
85 case DENIED: { return false; }
86 case GRANTED: { return true; }
93 * @see org.wamblee.security.authorization.AuthorizationService#check(T, org.wamblee.security.authorization.Operation)
95 public <T> T check(T aResource, Operation aOperation) {
96 if ( !isAllowed(aResource, aOperation)) {
97 throw new AuthorizationException(aResource, aOperation);
102 protected String getName() {
106 public void setName(String aName) {
111 * @see org.wamblee.security.authorization.AuthorizationService#getRules()
113 public AuthorizationRule[] getRules() {
114 return _rules.toArray(new AuthorizationRule[0]);
118 * @see org.wamblee.security.authorization.AuthorizationService#appendRule(org.wamblee.security.authorization.AuthorizationRule)
120 public void appendRule(AuthorizationRule aRule) {
125 * @see org.wamblee.security.authorization.AuthorizationService#insertRuleAfter(int, org.wamblee.security.authorization.AuthorizationRule)
127 public void insertRuleAfter(int aIndex, AuthorizationRule aRule) {
128 _rules.add(aIndex, aRule);
132 * @see org.wamblee.security.authorization.AuthorizationService#removeRule(int)
134 public void removeRule(int aIndex) {
135 _rules.remove(aIndex);
142 protected List<AuthorizationRule> getMappedRules() {
148 * @param aRules The rules.
150 protected void setMappedRules(List<AuthorizationRule> aRules) {