X-Git-Url: http://wamblee.org/gitweb/?a=blobdiff_plain;ds=sidebyside;f=security%2Fimpl%2Fsrc%2Fmain%2Fjava%2Forg%2Fwamblee%2Fsecurity%2Fauthorization%2FDefaultAuthorizationService.java;fp=security%2Fimpl%2Fsrc%2Fmain%2Fjava%2Forg%2Fwamblee%2Fsecurity%2Fauthorization%2FDefaultAuthorizationService.java;h=c5a8d8f2d1a360eb8fd2d2a1315c0507a56ca668;hb=5ea8f0e2af53562c1507e8fb5a3ede2af5c5de6c;hp=0000000000000000000000000000000000000000;hpb=b9eccdf9751b8e2e671e0792f885d05c6ed0f43c;p=utils diff --git a/security/impl/src/main/java/org/wamblee/security/authorization/DefaultAuthorizationService.java b/security/impl/src/main/java/org/wamblee/security/authorization/DefaultAuthorizationService.java new file mode 100644 index 00000000..c5a8d8f2 --- /dev/null +++ b/security/impl/src/main/java/org/wamblee/security/authorization/DefaultAuthorizationService.java @@ -0,0 +1,190 @@ +/* + * Copyright 2005-2010 the original author or authors. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package org.wamblee.security.authorization; + +import org.wamblee.persistence.AbstractPersistent; + +import org.wamblee.usermgt.User; +import org.wamblee.usermgt.UserAccessor; + +import java.util.ArrayList; +import java.util.List; + +/** + * Default implementation of an authorization service. To determine whether + * access to a resource is allowed, the service consults a number of + * authorization rules in a fixed order. The first rule that gives a result + * GRANTED or DENIED determines the result of the evaluation. Rules that return + * any other result are ignoed. If none of the rules match, than access is + * denied. + * + * @author Erik Brakkee + */ +public class DefaultAuthorizationService extends AbstractPersistent implements + AuthorizationService { + /** + * List of ordered authorization rules. + */ + private List rules; + + /** + * User accessor used to obtain the current user. + */ + private UserAccessor userAccessor; + + /** + * Name for this instance of the authorization service. + */ + private String name; + + /** + * Constructs the service. + * + * @param aAccessor + * User accessor. + * @param aName + * Name of this instance of the service. + */ + public DefaultAuthorizationService(UserAccessor aAccessor, String aName) { + rules = new ArrayList(); + userAccessor = aAccessor; + name = aName; + } + + /** + * Constructs the authorization service. + */ + public DefaultAuthorizationService() { + rules = new ArrayList(); + userAccessor = null; + name = null; + } + + /** + * Sets the user accessor. + * + * @param aUserAccessor + * User accessor. + */ + public void setUserAccessor(UserAccessor aUserAccessor) { + userAccessor = aUserAccessor; + } + + /* + * (non-Javadoc) + * + * @see + * org.wamblee.security.authorization.AuthorizationService#isAllowed(java + * .lang.Object, org.wamblee.security.authorization.Operation) + */ + public boolean isAllowed(Object aResource, Operation aOperation) { + User user = userAccessor.getCurrentUser(); + + for (AuthorizationRule rule : rules) { + switch (rule.isAllowed(aResource, aOperation, user)) { + case DENIED: + return false; + + case GRANTED: + return true; + } + } + + return false; + } + + /* + * (non-Javadoc) + * + * @see org.wamblee.security.authorization.AuthorizationService#check(T, + * org.wamblee.security.authorization.Operation) + */ + public T check(T aResource, Operation aOperation) { + if (!isAllowed(aResource, aOperation)) { + throw new AuthorizationException(aResource, aOperation); + } + + return aResource; + } + + protected String getName() { + return name; + } + + public void setName(String aName) { + name = aName; + } + + /* + * (non-Javadoc) + * + * @see org.wamblee.security.authorization.AuthorizationService#getRules() + */ + public AuthorizationRule[] getRules() { + return rules.toArray(new AuthorizationRule[0]); + } + + /* + * (non-Javadoc) + * + * @see + * org.wamblee.security.authorization.AuthorizationService#appendRule(org + * .wamblee.security.authorization.AuthorizationRule) + */ + public void appendRule(AuthorizationRule aRule) { + rules.add(aRule); + } + + /* + * (non-Javadoc) + * + * @see + * org.wamblee.security.authorization.AuthorizationService#insertRuleAfter + * (int, org.wamblee.security.authorization.AuthorizationRule) + */ + public void insertRuleAfter(int aIndex, AuthorizationRule aRule) { + rules.add(aIndex, aRule); + } + + /* + * (non-Javadoc) + * + * @see + * org.wamblee.security.authorization.AuthorizationService#removeRule(int) + */ + public void removeRule(int aIndex) { + rules.remove(aIndex); + } + + /** + * For OR mapping. + * + * @return The rules. + */ + protected List getMappedRules() { + return rules; + } + + /** + * For OR mapping. + * + * @param aRules + * The rules. + */ + protected void setMappedRules(List aRules) { + rules = aRules; + } +}