/* * Copyright 2005-2010 the original author or authors. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. */ package org.wamblee.security.authorization; import javax.persistence.DiscriminatorColumn; import javax.persistence.Entity; import javax.persistence.GeneratedValue; import javax.persistence.GenerationType; import javax.persistence.Id; import javax.persistence.Inheritance; import javax.persistence.InheritanceType; import javax.persistence.NamedQueries; import javax.persistence.NamedQuery; import javax.persistence.Table; import javax.persistence.Version; import org.wamblee.usermgt.UserAccessor; /** * Service to determine if access to a certain resource is allowed. * * @author Erik Brakkee */ @Entity @Table(name = "SEC_AUTH_SVC") @Inheritance(strategy = InheritanceType.SINGLE_TABLE) @DiscriminatorColumn(name = "TYPE") @NamedQueries( @NamedQuery(name = AuthorizationService.QUERY_FIND_BY_NAME, query = "select s from AuthorizationService s where s.name = :" + AuthorizationService.NAME_PARAM) ) public abstract class AuthorizationService { public static final String QUERY_FIND_BY_NAME = "AuthorizationService.findByName"; public static final String NAME_PARAM = "name"; @Id @GeneratedValue(strategy = GenerationType.AUTO) private Long primaryKey; @Version private int version; public AuthorizationService() { // Empty. } public AuthorizationService(AuthorizationService aSvc) { primaryKey = aSvc.primaryKey; version = aSvc.version; } /** * Checks whether an operation is allowed on a resource. * * @param aResource * Resource. * @param aOperation * Operation. * * @return Checks whether the operation is allowed on a resource. */ public abstract boolean isAllowed(Object aResource, Operation aOperation); public abstract T check(T aResource, Operation aOperation); /** * Gets the authorization rules. * * @return Rules. */ public abstract AuthorizationRule[] getRules(); /** * Appends a new authorization rule to the end. * * @param aRule * Rule to append. */ public abstract void appendRule(AuthorizationRule aRule); /** * Removes a rule. * * @param aIndex * Index of the rule to remove. */ public abstract void removeRule(int aIndex); /** * Inserts a rule. * * @param aIndex * Index of the position of the rule after insertion. * @param aRule * Rule to insert. */ public abstract void insertRuleAfter(int aIndex, AuthorizationRule aRule); /** * Sets the user accessor so that the authorization service can get access to the logged in * user. * @param aUserAccessor User accessor. */ public abstract void setUserAccessor(UserAccessor aUserAccessor); }