X-Git-Url: http://wamblee.org/gitweb/?a=blobdiff_plain;f=security%2Fsrc%2Fmain%2Fjava%2Forg%2Fwamblee%2Fsecurity%2Fauthorization%2FDefaultAuthorizationService.java;h=419f701eee3b51a852925a1061fae922ac352ee5;hb=8de36ff0206c996baf3ee4adc3e2293b12ff5f39;hp=b3dc524d40273c8cb5f5c1a66f721ca4771028fc;hpb=532f7219273021ef3652e0abe1326b7aeed1f30a;p=utils diff --git a/security/src/main/java/org/wamblee/security/authorization/DefaultAuthorizationService.java b/security/src/main/java/org/wamblee/security/authorization/DefaultAuthorizationService.java index b3dc524d..419f701e 100644 --- a/security/src/main/java/org/wamblee/security/authorization/DefaultAuthorizationService.java +++ b/security/src/main/java/org/wamblee/security/authorization/DefaultAuthorizationService.java @@ -1,155 +1,190 @@ /* * Copyright 2005 the original author or authors. - * + * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at - * + * * http://www.apache.org/licenses/LICENSE-2.0 - * + * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. - */ - + */ package org.wamblee.security.authorization; -import java.util.ArrayList; -import java.util.List; - import org.wamblee.persistence.AbstractPersistent; + import org.wamblee.usermgt.User; import org.wamblee.usermgt.UserAccessor; +import java.util.ArrayList; +import java.util.List; + /** - * Default implementation of an authorization service. - * To determine whether access to a resource is allowed, the service consults a number - * of authorization rules in a fixed order. The first rule that gives a result GRANTED or - * DENIED determines the result of the evaluation. Rules that return any other result are - * ignoed. If none of the rules match, than access is denied. - * + * Default implementation of an authorization service. To determine whether + * access to a resource is allowed, the service consults a number of + * authorization rules in a fixed order. The first rule that gives a result + * GRANTED or DENIED determines the result of the evaluation. Rules that return + * any other result are ignoed. If none of the rules match, than access is + * denied. + * * @author Erik Brakkee */ -public class DefaultAuthorizationService extends AbstractPersistent implements AuthorizationService { - +public class DefaultAuthorizationService extends AbstractPersistent implements + AuthorizationService { /** - * List of ordered authorization rules. + * List of ordered authorization rules. */ - private List _rules; - + private List rules; + /** - * User accessor used to obtain the current user. + * User accessor used to obtain the current user. */ - private UserAccessor _userAccessor; - + private UserAccessor userAccessor; + /** - * Name for this instance of the authorization service. + * Name for this instance of the authorization service. */ - private String _name; - + private String name; + /** - * Constructs the service. - * @param aAccessor User accessor. - * @param aName Name of this instance of the service. + * Constructs the service. + * + * @param aAccessor + * User accessor. + * @param aName + * Name of this instance of the service. */ public DefaultAuthorizationService(UserAccessor aAccessor, String aName) { - _rules = new ArrayList(); - _userAccessor = aAccessor; - _name = aName; + rules = new ArrayList(); + userAccessor = aAccessor; + name = aName; } - + /** - * Constructs the authorization service. + * Constructs the authorization service. */ public DefaultAuthorizationService() { - _rules = new ArrayList(); - _userAccessor = null; - _name = null; + rules = new ArrayList(); + userAccessor = null; + name = null; } - + /** - * Sets the user accessor. - * @param aUserAccessor User accessor. + * Sets the user accessor. + * + * @param aUserAccessor + * User accessor. */ - public void setUserAccessor(UserAccessor aUserAccessor) { - _userAccessor = aUserAccessor; + public void setUserAccessor(UserAccessor aUserAccessor) { + userAccessor = aUserAccessor; } - /* (non-Javadoc) - * @see org.wamblee.security.authorization.AuthorizationService#isAllowed(java.lang.Object, org.wamblee.security.authorization.Operation) + /* + * (non-Javadoc) + * + * @see + * org.wamblee.security.authorization.AuthorizationService#isAllowed(java + * .lang.Object, org.wamblee.security.authorization.Operation) */ public boolean isAllowed(Object aResource, Operation aOperation) { - User user = _userAccessor.getCurrentUser(); - for (AuthorizationRule rule: _rules) { - switch ( rule.isAllowed(aResource, aOperation, user)) { - case DENIED: { return false; } - case GRANTED: { return true; } + User user = userAccessor.getCurrentUser(); + + for (AuthorizationRule rule : rules) { + switch (rule.isAllowed(aResource, aOperation, user)) { + case DENIED: + return false; + + case GRANTED: + return true; } } - return false; + + return false; } - - /* (non-Javadoc) - * @see org.wamblee.security.authorization.AuthorizationService#check(T, org.wamblee.security.authorization.Operation) + + /* + * (non-Javadoc) + * + * @see org.wamblee.security.authorization.AuthorizationService#check(T, + * org.wamblee.security.authorization.Operation) */ public T check(T aResource, Operation aOperation) { - if ( !isAllowed(aResource, aOperation)) { + if (!isAllowed(aResource, aOperation)) { throw new AuthorizationException(aResource, aOperation); } + return aResource; } - - protected String getName() { - return _name; + + protected String getName() { + return name; } - - public void setName(String aName) { - _name = aName; + + public void setName(String aName) { + name = aName; } - - /* (non-Javadoc) + + /* + * (non-Javadoc) + * * @see org.wamblee.security.authorization.AuthorizationService#getRules() */ public AuthorizationRule[] getRules() { - return _rules.toArray(new AuthorizationRule[0]); + return rules.toArray(new AuthorizationRule[0]); } - - /* (non-Javadoc) - * @see org.wamblee.security.authorization.AuthorizationService#appendRule(org.wamblee.security.authorization.AuthorizationRule) + + /* + * (non-Javadoc) + * + * @see + * org.wamblee.security.authorization.AuthorizationService#appendRule(org + * .wamblee.security.authorization.AuthorizationRule) */ public void appendRule(AuthorizationRule aRule) { - _rules.add(aRule); + rules.add(aRule); } - /* (non-Javadoc) - * @see org.wamblee.security.authorization.AuthorizationService#insertRuleAfter(int, org.wamblee.security.authorization.AuthorizationRule) + /* + * (non-Javadoc) + * + * @see + * org.wamblee.security.authorization.AuthorizationService#insertRuleAfter + * (int, org.wamblee.security.authorization.AuthorizationRule) */ public void insertRuleAfter(int aIndex, AuthorizationRule aRule) { - _rules.add(aIndex, aRule); + rules.add(aIndex, aRule); } - - /* (non-Javadoc) - * @see org.wamblee.security.authorization.AuthorizationService#removeRule(int) + + /* + * (non-Javadoc) + * + * @see + * org.wamblee.security.authorization.AuthorizationService#removeRule(int) */ public void removeRule(int aIndex) { - _rules.remove(aIndex); + rules.remove(aIndex); } - + /** - * For OR mapping. - * @return The rules. + * For OR mapping. + * + * @return The rules. */ protected List getMappedRules() { - return _rules; + return rules; } - + /** * For OR mapping. - * @param aRules The rules. + * + * @param aRules + * The rules. */ - protected void setMappedRules(List aRules) { - _rules = aRules; + protected void setMappedRules(List aRules) { + rules = aRules; } }