* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
- */
+ */
package org.wamblee.security.authorization;
-import javax.persistence.DiscriminatorColumn;
-import javax.persistence.Entity;
-import javax.persistence.GeneratedValue;
-import javax.persistence.GenerationType;
-import javax.persistence.Id;
-import javax.persistence.Inheritance;
-import javax.persistence.InheritanceType;
-import javax.persistence.NamedQueries;
-import javax.persistence.NamedQuery;
-import javax.persistence.Table;
-import javax.persistence.Version;
-
-import org.wamblee.usermgt.UserAccessor;
+import org.wamblee.security.authentication.UserAccessor;
/**
* Service to determine if access to a certain resource is allowed.
*
* @author Erik Brakkee
*/
-@Entity
-@Table(name = "SEC_AUTH_SVC")
-@Inheritance(strategy = InheritanceType.SINGLE_TABLE)
-@DiscriminatorColumn(name = "TYPE")
-@NamedQueries(
- @NamedQuery(name = AuthorizationService.QUERY_FIND_BY_NAME,
- query = "select s from AuthorizationService s where s.name = :" +
- AuthorizationService.NAME_PARAM)
- )
-public abstract class AuthorizationService {
-
- public static final String QUERY_FIND_BY_NAME = "AuthorizationService.findByName";
- public static final String NAME_PARAM = "name";
-
- @Id
- @GeneratedValue(strategy = GenerationType.AUTO)
- private Long primaryKey;
+public interface AuthorizationService {
- @Version
- private int version;
-
- public AuthorizationService() {
- // Empty.
- }
-
- public AuthorizationService(AuthorizationService aSvc) {
- primaryKey = aSvc.primaryKey;
- version = aSvc.version;
- }
-
/**
* Checks whether an operation is allowed on a resource.
*
*
* @return Checks whether the operation is allowed on a resource.
*/
- public abstract boolean isAllowed(Object aResource, Operation aOperation);
+ boolean isAllowed(Object aResource, Operation aOperation);
- public abstract <T> T check(T aResource, Operation aOperation);
+ /**
+ * Checks if the given operation is allowed on the resource.
+ *
+ * @param <T>
+ * Type of resource
+ * @param aResource
+ * Resource.
+ * @param aOperation
+ * Operation.
+ * @return Resource passed in in case access is allowed
+ * @throws AuthorizationException
+ * In case access is denied.
+ */
+ <T> T check(T aResource, Operation aOperation);
/**
* Gets the authorization rules.
*
* @return Rules.
*/
- public abstract AuthorizationRule[] getRules();
+ AuthorizationRule[] getRules();
/**
* Appends a new authorization rule to the end.
* @param aRule
* Rule to append.
*/
- public abstract void appendRule(AuthorizationRule aRule);
+ void appendRule(AuthorizationRule aRule);
/**
* Removes a rule.
* @param aIndex
* Index of the rule to remove.
*/
- public abstract void removeRule(int aIndex);
+ void removeRule(int aIndex);
/**
* Inserts a rule.
* @param aRule
* Rule to insert.
*/
- public abstract void insertRuleAfter(int aIndex, AuthorizationRule aRule);
+ void insertRuleAfter(int aIndex, AuthorizationRule aRule);
/**
- * Sets the user accessor so that the authorization service can get access to the logged in
- * user.
- * @param aUserAccessor User accessor.
+ * Sets the user accessor so that the authorization service can get access
+ * to the logged in user.
+ *
+ * @param aUserAccessor
+ * User accessor.
*/
- public abstract void setUserAccessor(UserAccessor aUserAccessor);
-}
+ void setUserAccessor(UserAccessor aUserAccessor);
+
+}
\ No newline at end of file