X-Git-Url: http://wamblee.org/gitweb/?a=blobdiff_plain;f=security%2Fimpl%2Fsrc%2Fmain%2Fjava%2Forg%2Fwamblee%2Fsecurity%2Fauthorization%2FUrlAuthorizationRule.java;h=3ed810df9a0a10699acc182f862d7c361c8508e1;hb=20b609f290912dd2a186ff7240a1c0be93731cca;hp=c2834935a473d3967228cad0379e02fc582468b1;hpb=5bbd2c6e9dcf47e312122a3205c78b676a724e07;p=utils
diff --git a/security/impl/src/main/java/org/wamblee/security/authorization/UrlAuthorizationRule.java b/security/impl/src/main/java/org/wamblee/security/authorization/UrlAuthorizationRule.java
index c2834935..3ed810df 100644
--- a/security/impl/src/main/java/org/wamblee/security/authorization/UrlAuthorizationRule.java
+++ b/security/impl/src/main/java/org/wamblee/security/authorization/UrlAuthorizationRule.java
@@ -17,17 +17,21 @@ package org.wamblee.security.authorization;
import static org.wamblee.security.authorization.AuthorizationResult.*;
+import javax.enterprise.inject.Typed;
import javax.persistence.Access;
import javax.persistence.AccessType;
import javax.persistence.CascadeType;
import javax.persistence.Column;
+import javax.persistence.DiscriminatorValue;
import javax.persistence.Entity;
import javax.persistence.JoinColumn;
import javax.persistence.ManyToOne;
+import javax.persistence.OneToOne;
import javax.persistence.Transient;
import org.apache.log4j.Logger;
-import org.wamblee.usermgt.User;
+import org.wamblee.security.authentication.User;
+import org.wamblee.security.authentication.UserAdministration;
/**
* Utility base class for implementation of authentication rules based on the
@@ -35,12 +39,12 @@ import org.wamblee.usermgt.User;
*
The path of the resource. To obtain the path of a resource, subclasses
* must implement {@link #getResourcePath(Object)}. Whether a path is
* appropriate is determined by a
- * {@link org.wamblee.security.authorization.PathCondition}.
+ * {@link org.wamblee.security.authorization.AbstractPathCondition}.
* The user identity with which the resource is accessed. Whether a user is
* appropriate is determined by a
- * {@link org.wamblee.security.authorization.UserCondition}.
+ * {@link org.wamblee.security.authorization.AbstractUserCondition}.
* The operation that is requested. Whether the operation is appropriate is
- * determined by a {@link org.wamblee.security.authorization.OperationCondition}
+ * determined by a {@link org.wamblee.security.authorization.AbstractOperationCondition}
* .
*
* In case all three conditions match, the condition returns the configured
@@ -50,7 +54,7 @@ import org.wamblee.usermgt.User;
*/
@Entity
@Access(AccessType.PROPERTY)
-public abstract class UrlAuthorizationRule extends AuthorizationRule {
+public abstract class UrlAuthorizationRule extends AbstractAuthorizationRule {
private static final Logger LOGGER = Logger
.getLogger(UrlAuthorizationRule.class);
@@ -77,6 +81,7 @@ public abstract class UrlAuthorizationRule extends AuthorizationRule {
/**
* Operation that this rule is for.
*/
+
private OperationCondition operationCondition;
/**
@@ -152,14 +157,14 @@ public abstract class UrlAuthorizationRule extends AuthorizationRule {
* .Object, org.wamblee.security.authorization.Operation)
*/
public AuthorizationResult isAllowed(Object aResource,
- Operation aOperation, User aUser) {
+ Operation aOperation, String aUser) {
if (!resourceClass.isInstance(aResource)) {
return UNSUPPORTED_RESOURCE;
}
String path = getResourcePath(aResource);
- return isAllowed(path, aOperation, aUser);
+ return isAllowedWithPath(path, aOperation, aUser);
}
/**
@@ -174,8 +179,8 @@ public abstract class UrlAuthorizationRule extends AuthorizationRule {
*
* @return Authorization result,
*/
- protected AuthorizationResult isAllowed(String aPath, Operation aOperation,
- User aUser) {
+ protected AuthorizationResult isAllowedWithPath(String aPath, Operation aOperation,
+ String aUser) {
if (!pathCondition.matches(aPath)) {
return UNDECIDED;
}
@@ -261,7 +266,7 @@ public abstract class UrlAuthorizationRule extends AuthorizationRule {
*
* @return Returns the operationCondition.
*/
- @ManyToOne(cascade = CascadeType.ALL)
+ @OneToOne(cascade = CascadeType.ALL, targetEntity = AbstractOperationCondition.class, orphanRemoval = true)
@JoinColumn(name = "OPER_COND_PK")
public OperationCondition getOperationCondition() {
return operationCondition;
@@ -280,7 +285,7 @@ public abstract class UrlAuthorizationRule extends AuthorizationRule {
*
* @return Returns the pathCondition.
*/
- @ManyToOne(cascade = CascadeType.ALL)
+ @OneToOne(cascade = CascadeType.ALL, targetEntity = AbstractPathCondition.class, orphanRemoval = true)
@JoinColumn(name = "PATH_COND_PK")
public PathCondition getPathCondition() {
return pathCondition;
@@ -299,7 +304,7 @@ public abstract class UrlAuthorizationRule extends AuthorizationRule {
*
* @return Returns the userCondition.
*/
- @ManyToOne(cascade = CascadeType.ALL)
+ @OneToOne(cascade = CascadeType.ALL, targetEntity = AbstractUserCondition.class, orphanRemoval = true)
@JoinColumn(name = "USER_COND_PK")
public UserCondition getUserCondition() {
return userCondition;
@@ -313,4 +318,10 @@ public abstract class UrlAuthorizationRule extends AuthorizationRule {
protected void setUserCondition(UserCondition aUserCondition) {
userCondition = aUserCondition;
}
+
+ @Override
+ public void setUserAdministration(UserAdministration aAdmin) {
+ userCondition.setUserAdmin(aAdmin);
+ }
+
}