X-Git-Url: http://wamblee.org/gitweb/?a=blobdiff_plain;f=security%2Fimpl%2Fsrc%2Fmain%2Fjava%2Forg%2Fwamblee%2Fsecurity%2Fauthorization%2FDefaultAuthorizationService.java;h=a142712e395b999198fcd89d08ec065b2c64c221;hb=e8b988e92306a4aea2f047af1b48588147288831;hp=048d66cc924ed2b27a0606ad5ba290f7e5c07339;hpb=a11c373e6ef35e7fe540c95a94903ed848800612;p=utils diff --git a/security/impl/src/main/java/org/wamblee/security/authorization/DefaultAuthorizationService.java b/security/impl/src/main/java/org/wamblee/security/authorization/DefaultAuthorizationService.java index 048d66cc..a142712e 100644 --- a/security/impl/src/main/java/org/wamblee/security/authorization/DefaultAuthorizationService.java +++ b/security/impl/src/main/java/org/wamblee/security/authorization/DefaultAuthorizationService.java @@ -12,17 +12,24 @@ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. - */ + */ package org.wamblee.security.authorization; - -import org.wamblee.security.AbstractPersistent; -import org.wamblee.usermgt.User; -import org.wamblee.usermgt.UserAccessor; - import java.util.ArrayList; import java.util.List; +import javax.persistence.CascadeType; +import javax.persistence.DiscriminatorValue; +import javax.persistence.Entity; +import javax.persistence.JoinColumn; +import javax.persistence.JoinTable; +import javax.persistence.OneToMany; +import javax.persistence.OrderColumn; +import javax.persistence.Transient; + +import org.wamblee.security.authentication.UserAccessor; +import org.wamblee.security.authentication.UserAdministration; + /** * Default implementation of an authorization service. To determine whether * access to a resource is allowed, the service consults a number of @@ -33,35 +40,43 @@ import java.util.List; * * @author Erik Brakkee */ -public class DefaultAuthorizationService extends AbstractPersistent implements - AuthorizationService { +@Entity +@DiscriminatorValue("DEFAULT") +public class DefaultAuthorizationService extends AbstractAuthorizationService { + /** * List of ordered authorization rules. */ + @OneToMany(cascade = CascadeType.ALL, orphanRemoval = true, targetEntity = AbstractAuthorizationRule.class) + @JoinTable(name = "SEC_AUTH_SVC_RULE", joinColumns = { @JoinColumn(name = "SVC_ID") }, inverseJoinColumns = { @JoinColumn(name = "RULE_ID") }) + @OrderColumn(name = "RULE_INDEX") private List rules; /** * User accessor used to obtain the current user. */ + @Transient private UserAccessor userAccessor; - /** - * Name for this instance of the authorization service. - */ - private String name; + @Transient + private UserAdministration userAdmin; /** * Constructs the service. * * @param aAccessor * User accessor. + * @param aUserAdmin + * User administration. * @param aName * Name of this instance of the service. */ - public DefaultAuthorizationService(UserAccessor aAccessor, String aName) { + public DefaultAuthorizationService(UserAccessor aAccessor, + UserAdministration aUserAdmin, String aName) { + super(aName); rules = new ArrayList(); userAccessor = aAccessor; - name = aName; + userAdmin = aUserAdmin; } /** @@ -70,19 +85,22 @@ public class DefaultAuthorizationService extends AbstractPersistent implements public DefaultAuthorizationService() { rules = new ArrayList(); userAccessor = null; - name = null; + userAdmin = null; } - /** - * Sets the user accessor. - * - * @param aUserAccessor - * User accessor. - */ + @Override public void setUserAccessor(UserAccessor aUserAccessor) { userAccessor = aUserAccessor; } + @Override + public void setUserAdministration(UserAdministration aUserAdmin) { + userAdmin = aUserAdmin; + for (AuthorizationRule rule : rules) { + rule.setUserAdministration(userAdmin); + } + } + /* * (non-Javadoc) * @@ -91,7 +109,7 @@ public class DefaultAuthorizationService extends AbstractPersistent implements * .lang.Object, org.wamblee.security.authorization.Operation) */ public boolean isAllowed(Object aResource, Operation aOperation) { - User user = userAccessor.getCurrentUser(); + String user = userAccessor.getCurrentUser(); for (AuthorizationRule rule : rules) { switch (rule.isAllowed(aResource, aOperation, user)) { @@ -120,21 +138,13 @@ public class DefaultAuthorizationService extends AbstractPersistent implements return aResource; } - protected String getName() { - return name; - } - - public void setName(String aName) { - name = aName; - } - /* * (non-Javadoc) * * @see org.wamblee.security.authorization.AuthorizationService#getRules() */ public AuthorizationRule[] getRules() { - return rules.toArray(new AuthorizationRule[0]); + return rules.toArray(new AbstractAuthorizationRule[0]); } /* @@ -145,6 +155,7 @@ public class DefaultAuthorizationService extends AbstractPersistent implements * .wamblee.security.authorization.AuthorizationRule) */ public void appendRule(AuthorizationRule aRule) { + aRule.setUserAdministration(userAdmin); rules.add(aRule); } @@ -156,6 +167,7 @@ public class DefaultAuthorizationService extends AbstractPersistent implements * (int, org.wamblee.security.authorization.AuthorizationRule) */ public void insertRuleAfter(int aIndex, AuthorizationRule aRule) { + aRule.setUserAdministration(userAdmin); rules.add(aIndex, aRule); } @@ -186,5 +198,8 @@ public class DefaultAuthorizationService extends AbstractPersistent implements */ protected void setMappedRules(List aRules) { rules = aRules; + for (AuthorizationRule rule : rules) { + rule.setUserAdministration(userAdmin); + } } }