X-Git-Url: http://wamblee.org/gitweb/?a=blobdiff_plain;ds=sidebyside;f=security%2Fimpl%2Fsrc%2Fmain%2Fjava%2Forg%2Fwamblee%2Fsecurity%2Fauthorization%2FAuthorizationRule.java;fp=security%2Fimpl%2Fsrc%2Fmain%2Fjava%2Forg%2Fwamblee%2Fsecurity%2Fauthorization%2FAuthorizationRule.java;h=d968c836476f787e414c8a3df243d9e037cfce99;hb=5ea8f0e2af53562c1507e8fb5a3ede2af5c5de6c;hp=0000000000000000000000000000000000000000;hpb=b9eccdf9751b8e2e671e0792f885d05c6ed0f43c;p=utils

diff --git a/security/impl/src/main/java/org/wamblee/security/authorization/AuthorizationRule.java b/security/impl/src/main/java/org/wamblee/security/authorization/AuthorizationRule.java
new file mode 100644
index 00000000..d968c836
--- /dev/null
+++ b/security/impl/src/main/java/org/wamblee/security/authorization/AuthorizationRule.java
@@ -0,0 +1,54 @@
+/*
+ * Copyright 2005-2010 the original author or authors.
+ * 
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ * 
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ * 
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */ 
+package org.wamblee.security.authorization;
+
+import org.wamblee.persistence.Persistent;
+
+import org.wamblee.usermgt.User;
+
+/**
+ * Represents an authorization rule to determine whether an operation is allowed
+ * on a resource.
+ * 
+ * @author Erik Brakkee
+ */
+public interface AuthorizationRule extends Persistent {
+    /**
+     * Returns the supported object types for which this authorization rule
+     * applies. This can be used by the authorization service for optimization.
+     * 
+     * @return Array of supported types.
+     */
+    Class[] getSupportedTypes();
+
+    /**
+     * Determines whether an operation is allowed on a certain resource. The
+     * rule implementation must be prepared to deal with resources for which it
+     * does not apply. In those cases it should return
+     * {@link AuthorizationResult#UNSUPPORTED_RESOURCE}.
+     * 
+     * @param aResource
+     *            Resource.
+     * @param aOperation
+     *            Operation.
+     * @param aUser
+     *            Current user.
+     * 
+     * @return Authorization result.
+     */
+    AuthorizationResult isAllowed(Object aResource, Operation aOperation,
+        User aUser);
+}