(no commit message)
authorerik <erik@77661180-640e-0410-b3a8-9f9b13e6d0e0>
Fri, 30 Apr 2010 22:07:39 +0000 (22:07 +0000)
committererik <erik@77661180-640e-0410-b3a8-9f9b13e6d0e0>
Fri, 30 Apr 2010 22:07:39 +0000 (22:07 +0000)
17 files changed:
security/impl/src/main/java/org/wamblee/security/authorization/AbstractAuthorizationRule.java [new file with mode: 0644]
security/impl/src/main/java/org/wamblee/security/authorization/AbstractAuthorizationService.java [new file with mode: 0644]
security/impl/src/main/java/org/wamblee/security/authorization/AbstractOperationCondition.java [new file with mode: 0644]
security/impl/src/main/java/org/wamblee/security/authorization/AbstractPathCondition.java [new file with mode: 0644]
security/impl/src/main/java/org/wamblee/security/authorization/AbstractUserCondition.java [new file with mode: 0644]
security/impl/src/main/java/org/wamblee/security/authorization/AnyUserCondition.java
security/impl/src/main/java/org/wamblee/security/authorization/AuthorizationInitializer.java
security/impl/src/main/java/org/wamblee/security/authorization/AuthorizationRule.java
security/impl/src/main/java/org/wamblee/security/authorization/AuthorizationService.java
security/impl/src/main/java/org/wamblee/security/authorization/DefaultAuthorizationService.java
security/impl/src/main/java/org/wamblee/security/authorization/GroupUserCondition.java
security/impl/src/main/java/org/wamblee/security/authorization/IsaOperationCondition.java
security/impl/src/main/java/org/wamblee/security/authorization/OperationCondition.java
security/impl/src/main/java/org/wamblee/security/authorization/PathCondition.java
security/impl/src/main/java/org/wamblee/security/authorization/RegexpPathCondition.java
security/impl/src/main/java/org/wamblee/security/authorization/UrlAuthorizationRule.java
security/impl/src/main/java/org/wamblee/security/authorization/UserCondition.java

diff --git a/security/impl/src/main/java/org/wamblee/security/authorization/AbstractAuthorizationRule.java b/security/impl/src/main/java/org/wamblee/security/authorization/AbstractAuthorizationRule.java
new file mode 100644 (file)
index 0000000..b2baacc
--- /dev/null
@@ -0,0 +1,57 @@
+/*
+ * Copyright 2005-2010 the original author or authors.
+ * 
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ * 
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ * 
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */ 
+package org.wamblee.security.authorization;
+
+import javax.persistence.DiscriminatorColumn;
+import javax.persistence.Entity;
+import javax.persistence.GeneratedValue;
+import javax.persistence.GenerationType;
+import javax.persistence.Id;
+import javax.persistence.Inheritance;
+import javax.persistence.InheritanceType;
+import javax.persistence.Table;
+import javax.persistence.Version;
+
+import org.wamblee.usermgt.User;
+
+/**
+ * Represents an authorization rule to determine whether an operation is allowed
+ * on a resource.
+ * 
+ * @author Erik Brakkee
+ */
+@Entity
+@Table(name = "SEC_AUTH_RULE")
+@Inheritance(strategy = InheritanceType.SINGLE_TABLE)
+@DiscriminatorColumn(name = "TYPE")
+public abstract class AbstractAuthorizationRule implements AuthorizationRule {
+    
+    @Id
+    @GeneratedValue(strategy = GenerationType.AUTO)
+    private Long primaryKey;
+
+    @Version
+    private int version;
+    
+    public AbstractAuthorizationRule() { 
+        // Empty
+    }
+    
+    public AbstractAuthorizationRule(AbstractAuthorizationRule aRule) { 
+        primaryKey = aRule.primaryKey;
+        version = aRule.version;
+    }
+}
diff --git a/security/impl/src/main/java/org/wamblee/security/authorization/AbstractAuthorizationService.java b/security/impl/src/main/java/org/wamblee/security/authorization/AbstractAuthorizationService.java
new file mode 100644 (file)
index 0000000..d8c1e52
--- /dev/null
@@ -0,0 +1,66 @@
+/*
+ * Copyright 2005-2010 the original author or authors.
+ * 
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ * 
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ * 
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */ 
+package org.wamblee.security.authorization;
+
+import javax.persistence.DiscriminatorColumn;
+import javax.persistence.Entity;
+import javax.persistence.GeneratedValue;
+import javax.persistence.GenerationType;
+import javax.persistence.Id;
+import javax.persistence.Inheritance;
+import javax.persistence.InheritanceType;
+import javax.persistence.NamedQueries;
+import javax.persistence.NamedQuery;
+import javax.persistence.Table;
+import javax.persistence.Version;
+
+import org.wamblee.usermgt.UserAccessor;
+
+/**
+ * Service to determine if access to a certain resource is allowed.
+ * 
+ * @author Erik Brakkee
+ */
+@Entity
+@Table(name = "SEC_AUTH_SVC")
+@Inheritance(strategy = InheritanceType.SINGLE_TABLE)
+@DiscriminatorColumn(name = "TYPE")
+@NamedQueries( 
+    @NamedQuery(name = AbstractAuthorizationService.QUERY_FIND_BY_NAME, 
+        query = "select s from AbstractAuthorizationService s where s.name = :" +
+        AbstractAuthorizationService.NAME_PARAM)
+        )
+public abstract class AbstractAuthorizationService implements AuthorizationService {
+    public static final String QUERY_FIND_BY_NAME = "AuthorizationService.findByName";
+    public static final String NAME_PARAM = "name";
+    
+    @Id
+    @GeneratedValue(strategy = GenerationType.AUTO)
+    private Long primaryKey;
+
+    @Version
+    private int version;
+    
+    public AbstractAuthorizationService() { 
+        // Empty. 
+    }
+    
+    public AbstractAuthorizationService(AbstractAuthorizationService aSvc) { 
+        primaryKey = aSvc.primaryKey;
+        version = aSvc.version;
+    }
+}
diff --git a/security/impl/src/main/java/org/wamblee/security/authorization/AbstractOperationCondition.java b/security/impl/src/main/java/org/wamblee/security/authorization/AbstractOperationCondition.java
new file mode 100644 (file)
index 0000000..69048eb
--- /dev/null
@@ -0,0 +1,54 @@
+/*
+ * Copyright 2005-2010 the original author or authors.
+ * 
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ * 
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ * 
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */ 
+package org.wamblee.security.authorization;
+
+import javax.persistence.DiscriminatorColumn;
+import javax.persistence.Entity;
+import javax.persistence.GeneratedValue;
+import javax.persistence.GenerationType;
+import javax.persistence.Id;
+import javax.persistence.Inheritance;
+import javax.persistence.InheritanceType;
+import javax.persistence.Table;
+import javax.persistence.Version;
+
+/**
+ * Checks if an operation matches a condition.
+ * 
+ * @author Erik Brakkee
+ */
+@Entity
+@Table(name = "SEC_OPERATION_CONDITION")
+@Inheritance(strategy = InheritanceType.SINGLE_TABLE)
+@DiscriminatorColumn(name = "TYPE")
+public abstract class AbstractOperationCondition implements OperationCondition {
+    
+    @Id
+    @GeneratedValue(strategy = GenerationType.AUTO)
+    private Long primaryKey;
+
+    @Version
+    private int version;
+    
+    public AbstractOperationCondition() { 
+        // Empty
+    }
+    
+    public AbstractOperationCondition(AbstractOperationCondition aCondition) { 
+        primaryKey = aCondition.primaryKey;
+        version = aCondition.version;
+    }
+}
diff --git a/security/impl/src/main/java/org/wamblee/security/authorization/AbstractPathCondition.java b/security/impl/src/main/java/org/wamblee/security/authorization/AbstractPathCondition.java
new file mode 100644 (file)
index 0000000..6ec4801
--- /dev/null
@@ -0,0 +1,54 @@
+/*
+ * Copyright 2005-2010 the original author or authors.
+ * 
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ * 
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ * 
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */ 
+package org.wamblee.security.authorization;
+
+import javax.persistence.DiscriminatorColumn;
+import javax.persistence.Entity;
+import javax.persistence.GeneratedValue;
+import javax.persistence.GenerationType;
+import javax.persistence.Id;
+import javax.persistence.Inheritance;
+import javax.persistence.InheritanceType;
+import javax.persistence.Table;
+import javax.persistence.Version;
+
+/**
+ * Checks if a path satisfies a condition.
+ * 
+ * @author Erik Brakkee
+ */
+@Entity
+@Table(name = "SEC_PATH_CONDITION")
+@Inheritance(strategy = InheritanceType.SINGLE_TABLE)
+@DiscriminatorColumn(name = "TYPE")
+public abstract class AbstractPathCondition implements PathCondition {
+    
+    @Id
+    @GeneratedValue(strategy = GenerationType.AUTO)
+    private Long primaryKey;
+
+    @Version
+    private int version;
+    
+    public AbstractPathCondition() { 
+        // Empty
+    }
+    
+    public AbstractPathCondition(AbstractPathCondition aCondition) { 
+        primaryKey = aCondition.primaryKey;
+        version = aCondition.version;
+    }
+}
diff --git a/security/impl/src/main/java/org/wamblee/security/authorization/AbstractUserCondition.java b/security/impl/src/main/java/org/wamblee/security/authorization/AbstractUserCondition.java
new file mode 100644 (file)
index 0000000..30e174f
--- /dev/null
@@ -0,0 +1,56 @@
+/*
+ * Copyright 2005-2010 the original author or authors.
+ * 
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ * 
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ * 
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */ 
+package org.wamblee.security.authorization;
+
+import javax.persistence.DiscriminatorColumn;
+import javax.persistence.Entity;
+import javax.persistence.GeneratedValue;
+import javax.persistence.GenerationType;
+import javax.persistence.Id;
+import javax.persistence.Inheritance;
+import javax.persistence.InheritanceType;
+import javax.persistence.Table;
+import javax.persistence.Version;
+
+import org.wamblee.usermgt.User;
+
+/**
+ * Condition used to match a user against a specified set of users.
+ * 
+ * @author Erik Brakkee
+ */
+@Entity
+@Table(name = "SEC_USER_CONDITION")
+@Inheritance(strategy = InheritanceType.SINGLE_TABLE)
+@DiscriminatorColumn(name = "TYPE")
+public abstract class AbstractUserCondition implements UserCondition {
+    
+    @Id
+    @GeneratedValue(strategy = GenerationType.AUTO)
+    private Long primaryKey;
+
+    @Version
+    private int version;
+    
+    public AbstractUserCondition() { 
+        // Empty.
+    }
+    
+    public AbstractUserCondition(AbstractUserCondition aCondition) { 
+        primaryKey = aCondition.primaryKey;
+        version = aCondition.version;
+    }
+}
index 137d6dbdad7c594ea7c352baa565289f9411b145..c33eced369d533689c5c8079153d4bf1cb1801b8 100644 (file)
@@ -28,7 +28,7 @@ import org.wamblee.usermgt.User;
  */
 @Entity
 @DiscriminatorValue("ANYUSER")
-public class AnyUserCondition extends UserCondition {
+public class AnyUserCondition extends AbstractUserCondition {
     /**
      * Constructs the condition.
      * 
index 6332f4c6f6fdccf52a74aa09c6211ccccc096558..4ec00cddbe636ca656b0a51acbecb4d4899c9bcc 100644 (file)
@@ -34,9 +34,9 @@ public class AuthorizationInitializer {
      *            Default rules for initialization.
      */
     public AuthorizationInitializer(AuthorizationService aService,
-        AuthorizationRule[] aRules) {
+        AbstractAuthorizationRule[] aRules) {
         if (aService.getRules().length == 0) {
-            for (AuthorizationRule rule : aRules) {
+            for (AbstractAuthorizationRule rule : aRules) {
                 LOGGER.info("Appending authorization rule " + rule);
                 aService.appendRule(rule);
             }
index a4654cb0c237b43faa24c8e31885daa0260edf87..812021b10dcdda7dbea27fee762f31a2a41f104d 100644 (file)
  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
  * See the License for the specific language governing permissions and
  * limitations under the License.
- */ 
+ */
 package org.wamblee.security.authorization;
 
-import javax.persistence.DiscriminatorColumn;
-import javax.persistence.Entity;
-import javax.persistence.GeneratedValue;
-import javax.persistence.GenerationType;
-import javax.persistence.Id;
-import javax.persistence.Inheritance;
-import javax.persistence.InheritanceType;
-import javax.persistence.Table;
-import javax.persistence.Version;
-
 import org.wamblee.usermgt.User;
 
 /**
@@ -33,28 +23,8 @@ import org.wamblee.usermgt.User;
  * 
  * @author Erik Brakkee
  */
-@Entity
-@Table(name = "SEC_AUTH_RULE")
-@Inheritance(strategy = InheritanceType.SINGLE_TABLE)
-@DiscriminatorColumn(name = "TYPE")
-public abstract class AuthorizationRule {
-    
-    @Id
-    @GeneratedValue(strategy = GenerationType.AUTO)
-    private Long primaryKey;
+public interface AuthorizationRule {
 
-    @Version
-    private int version;
-    
-    public AuthorizationRule() { 
-        // Empty
-    }
-    
-    public AuthorizationRule(AuthorizationRule aRule) { 
-        primaryKey = aRule.primaryKey;
-        version = aRule.version;
-    }
-    
     /**
      * Returns the supported object types for which this authorization rule
      * applies. This can be used by the authorization service for optimization.
@@ -78,6 +48,7 @@ public abstract class AuthorizationRule {
      * 
      * @return Authorization result.
      */
-    public abstract AuthorizationResult isAllowed(Object aResource, Operation aOperation,
-        User aUser);
-}
+    public abstract AuthorizationResult isAllowed(Object aResource,
+        Operation aOperation, User aUser);
+
+}
\ No newline at end of file
index 13f4a105a085e9435f51f2688967c5daa2a1ab1e..7a0816a9713d2cbb97637bc5a3aef99a1bb79726 100644 (file)
  */ 
 package org.wamblee.security.authorization;
 
-import javax.persistence.DiscriminatorColumn;
-import javax.persistence.Entity;
-import javax.persistence.GeneratedValue;
-import javax.persistence.GenerationType;
-import javax.persistence.Id;
-import javax.persistence.Inheritance;
-import javax.persistence.InheritanceType;
-import javax.persistence.NamedQueries;
-import javax.persistence.NamedQuery;
-import javax.persistence.Table;
-import javax.persistence.Version;
-
 import org.wamblee.usermgt.UserAccessor;
 
 /**
@@ -34,36 +22,8 @@ import org.wamblee.usermgt.UserAccessor;
  * 
  * @author Erik Brakkee
  */
-@Entity
-@Table(name = "SEC_AUTH_SVC")
-@Inheritance(strategy = InheritanceType.SINGLE_TABLE)
-@DiscriminatorColumn(name = "TYPE")
-@NamedQueries( 
-    @NamedQuery(name = AuthorizationService.QUERY_FIND_BY_NAME, 
-        query = "select s from AuthorizationService s where s.name = :" +
-        AuthorizationService.NAME_PARAM)
-        )
-public abstract class AuthorizationService {
-    public static final String QUERY_FIND_BY_NAME = "AuthorizationService.findByName";
-    public static final String NAME_PARAM = "name";
-    
-    @Id
-    @GeneratedValue(strategy = GenerationType.AUTO)
-    private Long primaryKey;
+public interface AuthorizationService {
 
-    @Version
-    private int version;
-    
-    public AuthorizationService() { 
-        // Empty. 
-    }
-    
-    public AuthorizationService(AuthorizationService aSvc) { 
-        primaryKey = aSvc.primaryKey;
-        version = aSvc.version;
-    }
-    
     /**
      * Checks whether an operation is allowed on a resource.
      * 
@@ -74,16 +34,24 @@ public abstract class AuthorizationService {
      * 
      * @return Checks whether the operation is allowed on a resource.
      */
-    public abstract boolean isAllowed(Object aResource, Operation aOperation);
+    boolean isAllowed(Object aResource, Operation aOperation);
 
-    public abstract <T> T check(T aResource, Operation aOperation);
+    /**
+     * Checks if the given operation is allowed on the resource. 
+     * @param <T> Type of resource
+     * @param aResource Resource.
+     * @param aOperation Operation.
+     * @return Resource passed in in case access is allowed
+     * @throws AuthorizationException In case access is denied. 
+     */
+    <T> T check(T aResource, Operation aOperation);
 
     /**
      * Gets the authorization rules.
      * 
      * @return Rules.
      */
-    public abstract AuthorizationRule[] getRules();
+    AuthorizationRule[] getRules();
 
     /**
      * Appends a new authorization rule to the end.
@@ -91,7 +59,7 @@ public abstract class AuthorizationService {
      * @param aRule
      *            Rule to append.
      */
-    public abstract void appendRule(AuthorizationRule aRule);
+    void appendRule(AuthorizationRule aRule);
 
     /**
      * Removes a rule.
@@ -99,7 +67,7 @@ public abstract class AuthorizationService {
      * @param aIndex
      *            Index of the rule to remove.
      */
-    public abstract void removeRule(int aIndex);
+    void removeRule(int aIndex);
 
     /**
      * Inserts a rule.
@@ -109,12 +77,15 @@ public abstract class AuthorizationService {
      * @param aRule
      *            Rule to insert.
      */
-    public abstract void insertRuleAfter(int aIndex, AuthorizationRule aRule);
+    void insertRuleAfter(int aIndex, AuthorizationRule aRule);
 
     /**
-     * Sets the user accessor so that the authorization service can get access to the logged in 
-     * user. 
-     * @param aUserAccessor User accessor.
+     * Sets the user accessor so that the authorization service can get access
+     * to the logged in user.
+     * 
+     * @param aUserAccessor
+     *            User accessor.
      */
-    public abstract void setUserAccessor(UserAccessor aUserAccessor);
-}
+    void setUserAccessor(UserAccessor aUserAccessor);
+
+}
\ No newline at end of file
index a086ab477844e3b0cec84900a4138b9446d9f4bf..8ee411780d9fb0726776e14b2246999600f58701 100644 (file)
@@ -18,8 +18,13 @@ package org.wamblee.security.authorization;
 import java.util.ArrayList;
 import java.util.List;
 
+import javax.persistence.CascadeType;
 import javax.persistence.DiscriminatorValue;
 import javax.persistence.Entity;
+import javax.persistence.ManyToMany;
+import javax.persistence.OneToMany;
+import javax.persistence.OrderColumn;
+import javax.persistence.Transient;
 
 import org.wamblee.usermgt.User;
 import org.wamblee.usermgt.UserAccessor;
@@ -36,17 +41,20 @@ import org.wamblee.usermgt.UserAccessor;
  */
 @Entity
 @DiscriminatorValue("DEFAULT")
-public class DefaultAuthorizationService extends AuthorizationService {
+public class DefaultAuthorizationService extends AbstractAuthorizationService {
     
     
     /**
      * List of ordered authorization rules.
      */
+    @OneToMany(cascade = CascadeType.ALL, orphanRemoval = true, targetEntity = AbstractAuthorizationRule.class)
+    @OrderColumn(name = "RULE_INDEX")
     private List<AuthorizationRule> rules;
 
     /**
      * User accessor used to obtain the current user.
      */
+    @Transient
     private UserAccessor userAccessor;
 
     /**
@@ -139,7 +147,7 @@ public class DefaultAuthorizationService extends AuthorizationService {
      * @see org.wamblee.security.authorization.AuthorizationService#getRules()
      */
     public AuthorizationRule[] getRules() {
-        return rules.toArray(new AuthorizationRule[0]);
+        return rules.toArray(new AbstractAuthorizationRule[0]);
     }
 
     /*
index 78367db118b7d89a3913e39c16bc721ac6ac355e..5c3315b341507029d425c1551266cf4d41984b88 100644 (file)
@@ -30,7 +30,7 @@ import org.wamblee.usermgt.User;
  */
 @Entity
 @DiscriminatorValue("GROUP")
-public class GroupUserCondition extends UserCondition {
+public class GroupUserCondition extends AbstractUserCondition {
     /**
      * Group the user must be in.
      */
index 9d2b6cb7f00c6d483591fa3f666c2769d53b7b14..b42f5d0ea114d382677f3bade9420573f7faf327 100644 (file)
@@ -27,7 +27,7 @@ import javax.persistence.Entity;
 @Entity
 @DiscriminatorValue("ISA")
 @Access(AccessType.PROPERTY)
-public class IsaOperationCondition extends OperationCondition {
+public class IsaOperationCondition extends AbstractOperationCondition {
     /**
      * Operation that the other operation must be a subclass of.
      */
index 34d026dc14938e84ed4c1439c1dbb9580d4c8d93..06ef988bbf90e10168079c76b4e0013666bab429 100644 (file)
  */ 
 package org.wamblee.security.authorization;
 
-import javax.persistence.DiscriminatorColumn;
-import javax.persistence.Entity;
-import javax.persistence.GeneratedValue;
-import javax.persistence.GenerationType;
-import javax.persistence.Id;
-import javax.persistence.Inheritance;
-import javax.persistence.InheritanceType;
-import javax.persistence.Table;
-import javax.persistence.Version;
-
 /**
  * Checks if an operation matches a condition.
  * 
  * @author Erik Brakkee
  */
-@Entity
-@Table(name = "SEC_OPERATION_CONDITION")
-@Inheritance(strategy = InheritanceType.SINGLE_TABLE)
-@DiscriminatorColumn(name = "TYPE")
-public abstract class OperationCondition {
-    
-    @Id
-    @GeneratedValue(strategy = GenerationType.AUTO)
-    private Long primaryKey;
+public interface OperationCondition {
 
-    @Version
-    private int version;
-    
-    public OperationCondition() { 
-        // Empty
-    }
-    
-    public OperationCondition(OperationCondition aCondition) { 
-        primaryKey = aCondition.primaryKey;
-        version = aCondition.version;
-    }
-    
     /**
      * Determines if the operation matches.
      * 
@@ -61,4 +31,5 @@ public abstract class OperationCondition {
      * @return True iff the operation matches.
      */
     public abstract boolean matches(Operation aOperation);
-}
+
+}
\ No newline at end of file
index 51b97f5f2a0cf2c7ffcbd4d32ab8d4b3028e5695..0fd91916791ac1812538db4a9db81b73d645bb22 100644 (file)
  */ 
 package org.wamblee.security.authorization;
 
-import javax.persistence.DiscriminatorColumn;
-import javax.persistence.Entity;
-import javax.persistence.GeneratedValue;
-import javax.persistence.GenerationType;
-import javax.persistence.Id;
-import javax.persistence.Inheritance;
-import javax.persistence.InheritanceType;
-import javax.persistence.Table;
-import javax.persistence.Version;
-
 /**
  * Checks if a path satisfies a condition.
  * 
  * @author Erik Brakkee
  */
-@Entity
-@Table(name = "SEC_PATH_CONDITION")
-@Inheritance(strategy = InheritanceType.SINGLE_TABLE)
-@DiscriminatorColumn(name = "TYPE")
-public abstract class PathCondition {
-    
-    @Id
-    @GeneratedValue(strategy = GenerationType.AUTO)
-    private Long primaryKey;
+public interface PathCondition {
 
-    @Version
-    private int version;
-    
-    public PathCondition() { 
-        // Empty
-    }
-    
-    public PathCondition(PathCondition aCondition) { 
-        primaryKey = aCondition.primaryKey;
-        version = aCondition.version;
-    }
-    
     /**
      * Checks if the path matches the condition.
      * 
@@ -61,4 +31,5 @@ public abstract class PathCondition {
      * @return True iff the path matches.
      */
     public abstract boolean matches(String aPath);
-}
+
+}
\ No newline at end of file
index fe58cfc72d23e91f7423ccc5e4593e0a27caec33..e40d4acab50370b50c1334cef8adacc4f3e780ea 100644 (file)
@@ -25,7 +25,7 @@ import javax.persistence.Entity;
  */
 @Entity
 @DiscriminatorValue("REGEXP")
-public class RegexpPathCondition extends PathCondition {
+public class RegexpPathCondition extends AbstractPathCondition {
     /**
      * String the path must start with.
      */
index c2834935a473d3967228cad0379e02fc582468b1..17bdc348ae8263b97c7ca000d6da2b0414ebe476 100644 (file)
@@ -17,10 +17,12 @@ package org.wamblee.security.authorization;
 
 import static org.wamblee.security.authorization.AuthorizationResult.*;
 
+import javax.enterprise.inject.Typed;
 import javax.persistence.Access;
 import javax.persistence.AccessType;
 import javax.persistence.CascadeType;
 import javax.persistence.Column;
+import javax.persistence.DiscriminatorValue;
 import javax.persistence.Entity;
 import javax.persistence.JoinColumn;
 import javax.persistence.ManyToOne;
@@ -35,12 +37,12 @@ import org.wamblee.usermgt.User;
  * <li>The path of the resource. To obtain the path of a resource, subclasses
  * must implement {@link #getResourcePath(Object)}. Whether a path is
  * appropriate is determined by a
- * {@link org.wamblee.security.authorization.PathCondition}.</li>
+ * {@link org.wamblee.security.authorization.AbstractPathCondition}.</li>
  * <li>The user identity with which the resource is accessed. Whether a user is
  * appropriate is determined by a
- * {@link org.wamblee.security.authorization.UserCondition}.</li>
+ * {@link org.wamblee.security.authorization.AbstractUserCondition}.</li>
  * <li>The operation that is requested. Whether the operation is appropriate is
- * determined by a {@link org.wamblee.security.authorization.OperationCondition}
+ * determined by a {@link org.wamblee.security.authorization.AbstractOperationCondition}
  * .</li>
  * </ul>
  * In case all three conditions match, the condition returns the configured
@@ -50,7 +52,7 @@ import org.wamblee.usermgt.User;
  */
 @Entity
 @Access(AccessType.PROPERTY)
-public abstract class UrlAuthorizationRule extends AuthorizationRule {
+public abstract class UrlAuthorizationRule extends AbstractAuthorizationRule {
     private static final Logger LOGGER = Logger
         .getLogger(UrlAuthorizationRule.class);
 
@@ -77,6 +79,7 @@ public abstract class UrlAuthorizationRule extends AuthorizationRule {
     /**
      * Operation that this rule is for.
      */
+    
     private OperationCondition operationCondition;
 
     /**
@@ -261,7 +264,7 @@ public abstract class UrlAuthorizationRule extends AuthorizationRule {
      * 
      * @return Returns the operationCondition.
      */
-    @ManyToOne(cascade = CascadeType.ALL)
+    @ManyToOne(cascade = CascadeType.ALL, targetEntity = AbstractOperationCondition.class)
     @JoinColumn(name = "OPER_COND_PK")
     public OperationCondition getOperationCondition() {
         return operationCondition;
@@ -280,7 +283,7 @@ public abstract class UrlAuthorizationRule extends AuthorizationRule {
      * 
      * @return Returns the pathCondition.
      */
-    @ManyToOne(cascade = CascadeType.ALL)
+    @ManyToOne(cascade = CascadeType.ALL, targetEntity = AbstractPathCondition.class)
     @JoinColumn(name = "PATH_COND_PK")
     public PathCondition getPathCondition() {
         return pathCondition;
@@ -299,7 +302,7 @@ public abstract class UrlAuthorizationRule extends AuthorizationRule {
      * 
      * @return Returns the userCondition.
      */
-    @ManyToOne(cascade = CascadeType.ALL)
+    @ManyToOne(cascade = CascadeType.ALL, targetEntity = AbstractUserCondition.class)
     @JoinColumn(name = "USER_COND_PK")
     public UserCondition getUserCondition() {
         return userCondition;
index 8b6eee9433bdabb29a463b55ab81a22c7ef422dc..7ce55cf96f8acf9bce93bc8a09d3e9af3e5a8315 100644 (file)
  */ 
 package org.wamblee.security.authorization;
 
-import javax.persistence.DiscriminatorColumn;
-import javax.persistence.Entity;
-import javax.persistence.GeneratedValue;
-import javax.persistence.GenerationType;
-import javax.persistence.Id;
-import javax.persistence.Inheritance;
-import javax.persistence.InheritanceType;
-import javax.persistence.Table;
-import javax.persistence.Version;
-
 import org.wamblee.usermgt.User;
 
 /**
@@ -32,28 +22,8 @@ import org.wamblee.usermgt.User;
  * 
  * @author Erik Brakkee
  */
-@Entity
-@Table(name = "SEC_USER_CONDITION")
-@Inheritance(strategy = InheritanceType.SINGLE_TABLE)
-@DiscriminatorColumn(name = "TYPE")
-public abstract class UserCondition {
-    
-    @Id
-    @GeneratedValue(strategy = GenerationType.AUTO)
-    private Long primaryKey;
+public interface UserCondition {
 
-    @Version
-    private int version;
-    
-    public UserCondition() { 
-        // Empty.
-    }
-    
-    public UserCondition(UserCondition aCondition) { 
-        primaryKey = aCondition.primaryKey;
-        version = aCondition.version;
-    }
-    
     /**
      * Determines if the condition matches.
      * 
@@ -63,4 +33,5 @@ public abstract class UserCondition {
      * @return True if the condition matches, false otherwise.
      */
     public abstract boolean matches(User aUser);
-}
+
+}
\ No newline at end of file