/*
* Copyright 2005 the original author or authors.
- *
+ *
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
- *
+ *
* http://www.apache.org/licenses/LICENSE-2.0
- *
+ *
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
- */
-
+ */
package org.wamblee.security.authorization;
-import java.util.ArrayList;
-import java.util.List;
-
import org.wamblee.persistence.AbstractPersistent;
+
import org.wamblee.usermgt.User;
import org.wamblee.usermgt.UserAccessor;
+import java.util.ArrayList;
+import java.util.List;
+
/**
- * Default implementation of an authorization service.
- * To determine whether access to a resource is allowed, the service consults a number
- * of authorization rules in a fixed order. The first rule that gives a result GRANTED or
- * DENIED determines the result of the evaluation. Rules that return any other result are
- * ignoed. If none of the rules match, than access is denied.
- *
+ * Default implementation of an authorization service. To determine whether
+ * access to a resource is allowed, the service consults a number of
+ * authorization rules in a fixed order. The first rule that gives a result
+ * GRANTED or DENIED determines the result of the evaluation. Rules that return
+ * any other result are ignoed. If none of the rules match, than access is
+ * denied.
+ *
* @author Erik Brakkee
*/
-public class DefaultAuthorizationService extends AbstractPersistent implements AuthorizationService {
-
+public class DefaultAuthorizationService extends AbstractPersistent implements
+ AuthorizationService {
/**
- * List of ordered authorization rules.
+ * List of ordered authorization rules.
*/
- private List<AuthorizationRule> rules;
-
+ private List<AuthorizationRule> rules;
+
/**
- * User accessor used to obtain the current user.
+ * User accessor used to obtain the current user.
*/
- private UserAccessor userAccessor;
-
+ private UserAccessor userAccessor;
+
/**
- * Name for this instance of the authorization service.
+ * Name for this instance of the authorization service.
*/
private String name;
-
+
/**
- * Constructs the service.
- * @param aAccessor User accessor.
- * @param aName Name of this instance of the service.
+ * Constructs the service.
+ *
+ * @param aAccessor
+ * User accessor.
+ * @param aName
+ * Name of this instance of the service.
*/
public DefaultAuthorizationService(UserAccessor aAccessor, String aName) {
rules = new ArrayList<AuthorizationRule>();
userAccessor = aAccessor;
- name = aName;
+ name = aName;
}
-
+
/**
- * Constructs the authorization service.
+ * Constructs the authorization service.
*/
public DefaultAuthorizationService() {
rules = new ArrayList<AuthorizationRule>();
userAccessor = null;
- name = null;
+ name = null;
}
-
+
/**
- * Sets the user accessor.
- * @param aUserAccessor User accessor.
+ * Sets the user accessor.
+ *
+ * @param aUserAccessor
+ * User accessor.
*/
- public void setUserAccessor(UserAccessor aUserAccessor) {
- userAccessor = aUserAccessor;
+ public void setUserAccessor(UserAccessor aUserAccessor) {
+ userAccessor = aUserAccessor;
}
- /* (non-Javadoc)
- * @see org.wamblee.security.authorization.AuthorizationService#isAllowed(java.lang.Object, org.wamblee.security.authorization.Operation)
+ /*
+ * (non-Javadoc)
+ *
+ * @see
+ * org.wamblee.security.authorization.AuthorizationService#isAllowed(java
+ * .lang.Object, org.wamblee.security.authorization.Operation)
*/
public boolean isAllowed(Object aResource, Operation aOperation) {
- User user = userAccessor.getCurrentUser();
- for (AuthorizationRule rule: rules) {
- switch ( rule.isAllowed(aResource, aOperation, user)) {
- case DENIED: { return false; }
- case GRANTED: { return true; }
+ User user = userAccessor.getCurrentUser();
+
+ for (AuthorizationRule rule : rules) {
+ switch (rule.isAllowed(aResource, aOperation, user)) {
+ case DENIED:
+ return false;
+
+ case GRANTED:
+ return true;
}
}
- return false;
+
+ return false;
}
-
- /* (non-Javadoc)
- * @see org.wamblee.security.authorization.AuthorizationService#check(T, org.wamblee.security.authorization.Operation)
+
+ /*
+ * (non-Javadoc)
+ *
+ * @see org.wamblee.security.authorization.AuthorizationService#check(T,
+ * org.wamblee.security.authorization.Operation)
*/
public <T> T check(T aResource, Operation aOperation) {
- if ( !isAllowed(aResource, aOperation)) {
+ if (!isAllowed(aResource, aOperation)) {
throw new AuthorizationException(aResource, aOperation);
}
+
return aResource;
}
-
- protected String getName() {
- return name;
+
+ protected String getName() {
+ return name;
}
-
- public void setName(String aName) {
- name = aName;
+
+ public void setName(String aName) {
+ name = aName;
}
-
- /* (non-Javadoc)
+
+ /*
+ * (non-Javadoc)
+ *
* @see org.wamblee.security.authorization.AuthorizationService#getRules()
*/
public AuthorizationRule[] getRules() {
- return rules.toArray(new AuthorizationRule[0]);
+ return rules.toArray(new AuthorizationRule[0]);
}
-
- /* (non-Javadoc)
- * @see org.wamblee.security.authorization.AuthorizationService#appendRule(org.wamblee.security.authorization.AuthorizationRule)
+
+ /*
+ * (non-Javadoc)
+ *
+ * @see
+ * org.wamblee.security.authorization.AuthorizationService#appendRule(org
+ * .wamblee.security.authorization.AuthorizationRule)
*/
public void appendRule(AuthorizationRule aRule) {
- rules.add(aRule);
+ rules.add(aRule);
}
- /* (non-Javadoc)
- * @see org.wamblee.security.authorization.AuthorizationService#insertRuleAfter(int, org.wamblee.security.authorization.AuthorizationRule)
+ /*
+ * (non-Javadoc)
+ *
+ * @see
+ * org.wamblee.security.authorization.AuthorizationService#insertRuleAfter
+ * (int, org.wamblee.security.authorization.AuthorizationRule)
*/
public void insertRuleAfter(int aIndex, AuthorizationRule aRule) {
- rules.add(aIndex, aRule);
+ rules.add(aIndex, aRule);
}
-
- /* (non-Javadoc)
- * @see org.wamblee.security.authorization.AuthorizationService#removeRule(int)
+
+ /*
+ * (non-Javadoc)
+ *
+ * @see
+ * org.wamblee.security.authorization.AuthorizationService#removeRule(int)
*/
public void removeRule(int aIndex) {
- rules.remove(aIndex);
+ rules.remove(aIndex);
}
-
+
/**
- * For OR mapping.
- * @return The rules.
+ * For OR mapping.
+ *
+ * @return The rules.
*/
protected List<AuthorizationRule> getMappedRules() {
- return rules;
+ return rules;
}
-
+
/**
* For OR mapping.
- * @param aRules The rules.
+ *
+ * @param aRules
+ * The rules.
*/
- protected void setMappedRules(List<AuthorizationRule> aRules) {
- rules = aRules;
+ protected void setMappedRules(List<AuthorizationRule> aRules) {
+ rules = aRules;
}
}
git://wamblee.org / utils / blobdiff