From 1c45b3b54bf7a45bf311b1b65176e2836f00001b Mon Sep 17 00:00:00 2001 From: erik Date: Fri, 30 Apr 2010 22:07:39 +0000 Subject: [PATCH] --- .../AbstractAuthorizationRule.java | 57 ++++++++++++++ .../AbstractAuthorizationService.java | 66 ++++++++++++++++ .../AbstractOperationCondition.java | 54 +++++++++++++ .../authorization/AbstractPathCondition.java | 54 +++++++++++++ .../authorization/AbstractUserCondition.java | 56 ++++++++++++++ .../authorization/AnyUserCondition.java | 2 +- .../AuthorizationInitializer.java | 4 +- .../authorization/AuthorizationRule.java | 41 ++-------- .../authorization/AuthorizationService.java | 75 ++++++------------- .../DefaultAuthorizationService.java | 12 ++- .../authorization/GroupUserCondition.java | 2 +- .../authorization/IsaOperationCondition.java | 2 +- .../authorization/OperationCondition.java | 35 +-------- .../security/authorization/PathCondition.java | 35 +-------- .../authorization/RegexpPathCondition.java | 2 +- .../authorization/UrlAuthorizationRule.java | 17 +++-- .../security/authorization/UserCondition.java | 35 +-------- 17 files changed, 351 insertions(+), 198 deletions(-) create mode 100644 security/impl/src/main/java/org/wamblee/security/authorization/AbstractAuthorizationRule.java create mode 100644 security/impl/src/main/java/org/wamblee/security/authorization/AbstractAuthorizationService.java create mode 100644 security/impl/src/main/java/org/wamblee/security/authorization/AbstractOperationCondition.java create mode 100644 security/impl/src/main/java/org/wamblee/security/authorization/AbstractPathCondition.java create mode 100644 security/impl/src/main/java/org/wamblee/security/authorization/AbstractUserCondition.java diff --git a/security/impl/src/main/java/org/wamblee/security/authorization/AbstractAuthorizationRule.java b/security/impl/src/main/java/org/wamblee/security/authorization/AbstractAuthorizationRule.java new file mode 100644 index 00000000..b2baacce --- /dev/null +++ b/security/impl/src/main/java/org/wamblee/security/authorization/AbstractAuthorizationRule.java @@ -0,0 +1,57 @@ +/* + * Copyright 2005-2010 the original author or authors. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package org.wamblee.security.authorization; + +import javax.persistence.DiscriminatorColumn; +import javax.persistence.Entity; +import javax.persistence.GeneratedValue; +import javax.persistence.GenerationType; +import javax.persistence.Id; +import javax.persistence.Inheritance; +import javax.persistence.InheritanceType; +import javax.persistence.Table; +import javax.persistence.Version; + +import org.wamblee.usermgt.User; + +/** + * Represents an authorization rule to determine whether an operation is allowed + * on a resource. + * + * @author Erik Brakkee + */ +@Entity +@Table(name = "SEC_AUTH_RULE") +@Inheritance(strategy = InheritanceType.SINGLE_TABLE) +@DiscriminatorColumn(name = "TYPE") +public abstract class AbstractAuthorizationRule implements AuthorizationRule { + + @Id + @GeneratedValue(strategy = GenerationType.AUTO) + private Long primaryKey; + + @Version + private int version; + + public AbstractAuthorizationRule() { + // Empty + } + + public AbstractAuthorizationRule(AbstractAuthorizationRule aRule) { + primaryKey = aRule.primaryKey; + version = aRule.version; + } +} diff --git a/security/impl/src/main/java/org/wamblee/security/authorization/AbstractAuthorizationService.java b/security/impl/src/main/java/org/wamblee/security/authorization/AbstractAuthorizationService.java new file mode 100644 index 00000000..d8c1e527 --- /dev/null +++ b/security/impl/src/main/java/org/wamblee/security/authorization/AbstractAuthorizationService.java @@ -0,0 +1,66 @@ +/* + * Copyright 2005-2010 the original author or authors. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package org.wamblee.security.authorization; + +import javax.persistence.DiscriminatorColumn; +import javax.persistence.Entity; +import javax.persistence.GeneratedValue; +import javax.persistence.GenerationType; +import javax.persistence.Id; +import javax.persistence.Inheritance; +import javax.persistence.InheritanceType; +import javax.persistence.NamedQueries; +import javax.persistence.NamedQuery; +import javax.persistence.Table; +import javax.persistence.Version; + +import org.wamblee.usermgt.UserAccessor; + +/** + * Service to determine if access to a certain resource is allowed. + * + * @author Erik Brakkee + */ +@Entity +@Table(name = "SEC_AUTH_SVC") +@Inheritance(strategy = InheritanceType.SINGLE_TABLE) +@DiscriminatorColumn(name = "TYPE") +@NamedQueries( + @NamedQuery(name = AbstractAuthorizationService.QUERY_FIND_BY_NAME, + query = "select s from AbstractAuthorizationService s where s.name = :" + + AbstractAuthorizationService.NAME_PARAM) + ) +public abstract class AbstractAuthorizationService implements AuthorizationService { + + public static final String QUERY_FIND_BY_NAME = "AuthorizationService.findByName"; + public static final String NAME_PARAM = "name"; + + @Id + @GeneratedValue(strategy = GenerationType.AUTO) + private Long primaryKey; + + @Version + private int version; + + public AbstractAuthorizationService() { + // Empty. + } + + public AbstractAuthorizationService(AbstractAuthorizationService aSvc) { + primaryKey = aSvc.primaryKey; + version = aSvc.version; + } +} diff --git a/security/impl/src/main/java/org/wamblee/security/authorization/AbstractOperationCondition.java b/security/impl/src/main/java/org/wamblee/security/authorization/AbstractOperationCondition.java new file mode 100644 index 00000000..69048ebd --- /dev/null +++ b/security/impl/src/main/java/org/wamblee/security/authorization/AbstractOperationCondition.java @@ -0,0 +1,54 @@ +/* + * Copyright 2005-2010 the original author or authors. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package org.wamblee.security.authorization; + +import javax.persistence.DiscriminatorColumn; +import javax.persistence.Entity; +import javax.persistence.GeneratedValue; +import javax.persistence.GenerationType; +import javax.persistence.Id; +import javax.persistence.Inheritance; +import javax.persistence.InheritanceType; +import javax.persistence.Table; +import javax.persistence.Version; + +/** + * Checks if an operation matches a condition. + * + * @author Erik Brakkee + */ +@Entity +@Table(name = "SEC_OPERATION_CONDITION") +@Inheritance(strategy = InheritanceType.SINGLE_TABLE) +@DiscriminatorColumn(name = "TYPE") +public abstract class AbstractOperationCondition implements OperationCondition { + + @Id + @GeneratedValue(strategy = GenerationType.AUTO) + private Long primaryKey; + + @Version + private int version; + + public AbstractOperationCondition() { + // Empty + } + + public AbstractOperationCondition(AbstractOperationCondition aCondition) { + primaryKey = aCondition.primaryKey; + version = aCondition.version; + } +} diff --git a/security/impl/src/main/java/org/wamblee/security/authorization/AbstractPathCondition.java b/security/impl/src/main/java/org/wamblee/security/authorization/AbstractPathCondition.java new file mode 100644 index 00000000..6ec48017 --- /dev/null +++ b/security/impl/src/main/java/org/wamblee/security/authorization/AbstractPathCondition.java @@ -0,0 +1,54 @@ +/* + * Copyright 2005-2010 the original author or authors. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package org.wamblee.security.authorization; + +import javax.persistence.DiscriminatorColumn; +import javax.persistence.Entity; +import javax.persistence.GeneratedValue; +import javax.persistence.GenerationType; +import javax.persistence.Id; +import javax.persistence.Inheritance; +import javax.persistence.InheritanceType; +import javax.persistence.Table; +import javax.persistence.Version; + +/** + * Checks if a path satisfies a condition. + * + * @author Erik Brakkee + */ +@Entity +@Table(name = "SEC_PATH_CONDITION") +@Inheritance(strategy = InheritanceType.SINGLE_TABLE) +@DiscriminatorColumn(name = "TYPE") +public abstract class AbstractPathCondition implements PathCondition { + + @Id + @GeneratedValue(strategy = GenerationType.AUTO) + private Long primaryKey; + + @Version + private int version; + + public AbstractPathCondition() { + // Empty + } + + public AbstractPathCondition(AbstractPathCondition aCondition) { + primaryKey = aCondition.primaryKey; + version = aCondition.version; + } +} diff --git a/security/impl/src/main/java/org/wamblee/security/authorization/AbstractUserCondition.java b/security/impl/src/main/java/org/wamblee/security/authorization/AbstractUserCondition.java new file mode 100644 index 00000000..30e174f7 --- /dev/null +++ b/security/impl/src/main/java/org/wamblee/security/authorization/AbstractUserCondition.java @@ -0,0 +1,56 @@ +/* + * Copyright 2005-2010 the original author or authors. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package org.wamblee.security.authorization; + +import javax.persistence.DiscriminatorColumn; +import javax.persistence.Entity; +import javax.persistence.GeneratedValue; +import javax.persistence.GenerationType; +import javax.persistence.Id; +import javax.persistence.Inheritance; +import javax.persistence.InheritanceType; +import javax.persistence.Table; +import javax.persistence.Version; + +import org.wamblee.usermgt.User; + +/** + * Condition used to match a user against a specified set of users. + * + * @author Erik Brakkee + */ +@Entity +@Table(name = "SEC_USER_CONDITION") +@Inheritance(strategy = InheritanceType.SINGLE_TABLE) +@DiscriminatorColumn(name = "TYPE") +public abstract class AbstractUserCondition implements UserCondition { + + @Id + @GeneratedValue(strategy = GenerationType.AUTO) + private Long primaryKey; + + @Version + private int version; + + public AbstractUserCondition() { + // Empty. + } + + public AbstractUserCondition(AbstractUserCondition aCondition) { + primaryKey = aCondition.primaryKey; + version = aCondition.version; + } +} diff --git a/security/impl/src/main/java/org/wamblee/security/authorization/AnyUserCondition.java b/security/impl/src/main/java/org/wamblee/security/authorization/AnyUserCondition.java index 137d6dbd..c33eced3 100644 --- a/security/impl/src/main/java/org/wamblee/security/authorization/AnyUserCondition.java +++ b/security/impl/src/main/java/org/wamblee/security/authorization/AnyUserCondition.java @@ -28,7 +28,7 @@ import org.wamblee.usermgt.User; */ @Entity @DiscriminatorValue("ANYUSER") -public class AnyUserCondition extends UserCondition { +public class AnyUserCondition extends AbstractUserCondition { /** * Constructs the condition. * diff --git a/security/impl/src/main/java/org/wamblee/security/authorization/AuthorizationInitializer.java b/security/impl/src/main/java/org/wamblee/security/authorization/AuthorizationInitializer.java index 6332f4c6..4ec00cdd 100644 --- a/security/impl/src/main/java/org/wamblee/security/authorization/AuthorizationInitializer.java +++ b/security/impl/src/main/java/org/wamblee/security/authorization/AuthorizationInitializer.java @@ -34,9 +34,9 @@ public class AuthorizationInitializer { * Default rules for initialization. */ public AuthorizationInitializer(AuthorizationService aService, - AuthorizationRule[] aRules) { + AbstractAuthorizationRule[] aRules) { if (aService.getRules().length == 0) { - for (AuthorizationRule rule : aRules) { + for (AbstractAuthorizationRule rule : aRules) { LOGGER.info("Appending authorization rule " + rule); aService.appendRule(rule); } diff --git a/security/impl/src/main/java/org/wamblee/security/authorization/AuthorizationRule.java b/security/impl/src/main/java/org/wamblee/security/authorization/AuthorizationRule.java index a4654cb0..812021b1 100644 --- a/security/impl/src/main/java/org/wamblee/security/authorization/AuthorizationRule.java +++ b/security/impl/src/main/java/org/wamblee/security/authorization/AuthorizationRule.java @@ -12,19 +12,9 @@ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. - */ + */ package org.wamblee.security.authorization; -import javax.persistence.DiscriminatorColumn; -import javax.persistence.Entity; -import javax.persistence.GeneratedValue; -import javax.persistence.GenerationType; -import javax.persistence.Id; -import javax.persistence.Inheritance; -import javax.persistence.InheritanceType; -import javax.persistence.Table; -import javax.persistence.Version; - import org.wamblee.usermgt.User; /** @@ -33,28 +23,8 @@ import org.wamblee.usermgt.User; * * @author Erik Brakkee */ -@Entity -@Table(name = "SEC_AUTH_RULE") -@Inheritance(strategy = InheritanceType.SINGLE_TABLE) -@DiscriminatorColumn(name = "TYPE") -public abstract class AuthorizationRule { - - @Id - @GeneratedValue(strategy = GenerationType.AUTO) - private Long primaryKey; +public interface AuthorizationRule { - @Version - private int version; - - public AuthorizationRule() { - // Empty - } - - public AuthorizationRule(AuthorizationRule aRule) { - primaryKey = aRule.primaryKey; - version = aRule.version; - } - /** * Returns the supported object types for which this authorization rule * applies. This can be used by the authorization service for optimization. @@ -78,6 +48,7 @@ public abstract class AuthorizationRule { * * @return Authorization result. */ - public abstract AuthorizationResult isAllowed(Object aResource, Operation aOperation, - User aUser); -} + public abstract AuthorizationResult isAllowed(Object aResource, + Operation aOperation, User aUser); + +} \ No newline at end of file diff --git a/security/impl/src/main/java/org/wamblee/security/authorization/AuthorizationService.java b/security/impl/src/main/java/org/wamblee/security/authorization/AuthorizationService.java index 13f4a105..7a0816a9 100644 --- a/security/impl/src/main/java/org/wamblee/security/authorization/AuthorizationService.java +++ b/security/impl/src/main/java/org/wamblee/security/authorization/AuthorizationService.java @@ -15,18 +15,6 @@ */ package org.wamblee.security.authorization; -import javax.persistence.DiscriminatorColumn; -import javax.persistence.Entity; -import javax.persistence.GeneratedValue; -import javax.persistence.GenerationType; -import javax.persistence.Id; -import javax.persistence.Inheritance; -import javax.persistence.InheritanceType; -import javax.persistence.NamedQueries; -import javax.persistence.NamedQuery; -import javax.persistence.Table; -import javax.persistence.Version; - import org.wamblee.usermgt.UserAccessor; /** @@ -34,36 +22,8 @@ import org.wamblee.usermgt.UserAccessor; * * @author Erik Brakkee */ -@Entity -@Table(name = "SEC_AUTH_SVC") -@Inheritance(strategy = InheritanceType.SINGLE_TABLE) -@DiscriminatorColumn(name = "TYPE") -@NamedQueries( - @NamedQuery(name = AuthorizationService.QUERY_FIND_BY_NAME, - query = "select s from AuthorizationService s where s.name = :" + - AuthorizationService.NAME_PARAM) - ) -public abstract class AuthorizationService { - - public static final String QUERY_FIND_BY_NAME = "AuthorizationService.findByName"; - public static final String NAME_PARAM = "name"; - - @Id - @GeneratedValue(strategy = GenerationType.AUTO) - private Long primaryKey; +public interface AuthorizationService { - @Version - private int version; - - public AuthorizationService() { - // Empty. - } - - public AuthorizationService(AuthorizationService aSvc) { - primaryKey = aSvc.primaryKey; - version = aSvc.version; - } - /** * Checks whether an operation is allowed on a resource. * @@ -74,16 +34,24 @@ public abstract class AuthorizationService { * * @return Checks whether the operation is allowed on a resource. */ - public abstract boolean isAllowed(Object aResource, Operation aOperation); + boolean isAllowed(Object aResource, Operation aOperation); - public abstract T check(T aResource, Operation aOperation); + /** + * Checks if the given operation is allowed on the resource. + * @param Type of resource + * @param aResource Resource. + * @param aOperation Operation. + * @return Resource passed in in case access is allowed + * @throws AuthorizationException In case access is denied. + */ + T check(T aResource, Operation aOperation); /** * Gets the authorization rules. * * @return Rules. */ - public abstract AuthorizationRule[] getRules(); + AuthorizationRule[] getRules(); /** * Appends a new authorization rule to the end. @@ -91,7 +59,7 @@ public abstract class AuthorizationService { * @param aRule * Rule to append. */ - public abstract void appendRule(AuthorizationRule aRule); + void appendRule(AuthorizationRule aRule); /** * Removes a rule. @@ -99,7 +67,7 @@ public abstract class AuthorizationService { * @param aIndex * Index of the rule to remove. */ - public abstract void removeRule(int aIndex); + void removeRule(int aIndex); /** * Inserts a rule. @@ -109,12 +77,15 @@ public abstract class AuthorizationService { * @param aRule * Rule to insert. */ - public abstract void insertRuleAfter(int aIndex, AuthorizationRule aRule); + void insertRuleAfter(int aIndex, AuthorizationRule aRule); /** - * Sets the user accessor so that the authorization service can get access to the logged in - * user. - * @param aUserAccessor User accessor. + * Sets the user accessor so that the authorization service can get access + * to the logged in user. + * + * @param aUserAccessor + * User accessor. */ - public abstract void setUserAccessor(UserAccessor aUserAccessor); -} + void setUserAccessor(UserAccessor aUserAccessor); + +} \ No newline at end of file diff --git a/security/impl/src/main/java/org/wamblee/security/authorization/DefaultAuthorizationService.java b/security/impl/src/main/java/org/wamblee/security/authorization/DefaultAuthorizationService.java index a086ab47..8ee41178 100644 --- a/security/impl/src/main/java/org/wamblee/security/authorization/DefaultAuthorizationService.java +++ b/security/impl/src/main/java/org/wamblee/security/authorization/DefaultAuthorizationService.java @@ -18,8 +18,13 @@ package org.wamblee.security.authorization; import java.util.ArrayList; import java.util.List; +import javax.persistence.CascadeType; import javax.persistence.DiscriminatorValue; import javax.persistence.Entity; +import javax.persistence.ManyToMany; +import javax.persistence.OneToMany; +import javax.persistence.OrderColumn; +import javax.persistence.Transient; import org.wamblee.usermgt.User; import org.wamblee.usermgt.UserAccessor; @@ -36,17 +41,20 @@ import org.wamblee.usermgt.UserAccessor; */ @Entity @DiscriminatorValue("DEFAULT") -public class DefaultAuthorizationService extends AuthorizationService { +public class DefaultAuthorizationService extends AbstractAuthorizationService { /** * List of ordered authorization rules. */ + @OneToMany(cascade = CascadeType.ALL, orphanRemoval = true, targetEntity = AbstractAuthorizationRule.class) + @OrderColumn(name = "RULE_INDEX") private List rules; /** * User accessor used to obtain the current user. */ + @Transient private UserAccessor userAccessor; /** @@ -139,7 +147,7 @@ public class DefaultAuthorizationService extends AuthorizationService { * @see org.wamblee.security.authorization.AuthorizationService#getRules() */ public AuthorizationRule[] getRules() { - return rules.toArray(new AuthorizationRule[0]); + return rules.toArray(new AbstractAuthorizationRule[0]); } /* diff --git a/security/impl/src/main/java/org/wamblee/security/authorization/GroupUserCondition.java b/security/impl/src/main/java/org/wamblee/security/authorization/GroupUserCondition.java index 78367db1..5c3315b3 100644 --- a/security/impl/src/main/java/org/wamblee/security/authorization/GroupUserCondition.java +++ b/security/impl/src/main/java/org/wamblee/security/authorization/GroupUserCondition.java @@ -30,7 +30,7 @@ import org.wamblee.usermgt.User; */ @Entity @DiscriminatorValue("GROUP") -public class GroupUserCondition extends UserCondition { +public class GroupUserCondition extends AbstractUserCondition { /** * Group the user must be in. */ diff --git a/security/impl/src/main/java/org/wamblee/security/authorization/IsaOperationCondition.java b/security/impl/src/main/java/org/wamblee/security/authorization/IsaOperationCondition.java index 9d2b6cb7..b42f5d0e 100644 --- a/security/impl/src/main/java/org/wamblee/security/authorization/IsaOperationCondition.java +++ b/security/impl/src/main/java/org/wamblee/security/authorization/IsaOperationCondition.java @@ -27,7 +27,7 @@ import javax.persistence.Entity; @Entity @DiscriminatorValue("ISA") @Access(AccessType.PROPERTY) -public class IsaOperationCondition extends OperationCondition { +public class IsaOperationCondition extends AbstractOperationCondition { /** * Operation that the other operation must be a subclass of. */ diff --git a/security/impl/src/main/java/org/wamblee/security/authorization/OperationCondition.java b/security/impl/src/main/java/org/wamblee/security/authorization/OperationCondition.java index 34d026dc..06ef988b 100644 --- a/security/impl/src/main/java/org/wamblee/security/authorization/OperationCondition.java +++ b/security/impl/src/main/java/org/wamblee/security/authorization/OperationCondition.java @@ -15,43 +15,13 @@ */ package org.wamblee.security.authorization; -import javax.persistence.DiscriminatorColumn; -import javax.persistence.Entity; -import javax.persistence.GeneratedValue; -import javax.persistence.GenerationType; -import javax.persistence.Id; -import javax.persistence.Inheritance; -import javax.persistence.InheritanceType; -import javax.persistence.Table; -import javax.persistence.Version; - /** * Checks if an operation matches a condition. * * @author Erik Brakkee */ -@Entity -@Table(name = "SEC_OPERATION_CONDITION") -@Inheritance(strategy = InheritanceType.SINGLE_TABLE) -@DiscriminatorColumn(name = "TYPE") -public abstract class OperationCondition { - - @Id - @GeneratedValue(strategy = GenerationType.AUTO) - private Long primaryKey; +public interface OperationCondition { - @Version - private int version; - - public OperationCondition() { - // Empty - } - - public OperationCondition(OperationCondition aCondition) { - primaryKey = aCondition.primaryKey; - version = aCondition.version; - } - /** * Determines if the operation matches. * @@ -61,4 +31,5 @@ public abstract class OperationCondition { * @return True iff the operation matches. */ public abstract boolean matches(Operation aOperation); -} + +} \ No newline at end of file diff --git a/security/impl/src/main/java/org/wamblee/security/authorization/PathCondition.java b/security/impl/src/main/java/org/wamblee/security/authorization/PathCondition.java index 51b97f5f..0fd91916 100644 --- a/security/impl/src/main/java/org/wamblee/security/authorization/PathCondition.java +++ b/security/impl/src/main/java/org/wamblee/security/authorization/PathCondition.java @@ -15,43 +15,13 @@ */ package org.wamblee.security.authorization; -import javax.persistence.DiscriminatorColumn; -import javax.persistence.Entity; -import javax.persistence.GeneratedValue; -import javax.persistence.GenerationType; -import javax.persistence.Id; -import javax.persistence.Inheritance; -import javax.persistence.InheritanceType; -import javax.persistence.Table; -import javax.persistence.Version; - /** * Checks if a path satisfies a condition. * * @author Erik Brakkee */ -@Entity -@Table(name = "SEC_PATH_CONDITION") -@Inheritance(strategy = InheritanceType.SINGLE_TABLE) -@DiscriminatorColumn(name = "TYPE") -public abstract class PathCondition { - - @Id - @GeneratedValue(strategy = GenerationType.AUTO) - private Long primaryKey; +public interface PathCondition { - @Version - private int version; - - public PathCondition() { - // Empty - } - - public PathCondition(PathCondition aCondition) { - primaryKey = aCondition.primaryKey; - version = aCondition.version; - } - /** * Checks if the path matches the condition. * @@ -61,4 +31,5 @@ public abstract class PathCondition { * @return True iff the path matches. */ public abstract boolean matches(String aPath); -} + +} \ No newline at end of file diff --git a/security/impl/src/main/java/org/wamblee/security/authorization/RegexpPathCondition.java b/security/impl/src/main/java/org/wamblee/security/authorization/RegexpPathCondition.java index fe58cfc7..e40d4aca 100644 --- a/security/impl/src/main/java/org/wamblee/security/authorization/RegexpPathCondition.java +++ b/security/impl/src/main/java/org/wamblee/security/authorization/RegexpPathCondition.java @@ -25,7 +25,7 @@ import javax.persistence.Entity; */ @Entity @DiscriminatorValue("REGEXP") -public class RegexpPathCondition extends PathCondition { +public class RegexpPathCondition extends AbstractPathCondition { /** * String the path must start with. */ diff --git a/security/impl/src/main/java/org/wamblee/security/authorization/UrlAuthorizationRule.java b/security/impl/src/main/java/org/wamblee/security/authorization/UrlAuthorizationRule.java index c2834935..17bdc348 100644 --- a/security/impl/src/main/java/org/wamblee/security/authorization/UrlAuthorizationRule.java +++ b/security/impl/src/main/java/org/wamblee/security/authorization/UrlAuthorizationRule.java @@ -17,10 +17,12 @@ package org.wamblee.security.authorization; import static org.wamblee.security.authorization.AuthorizationResult.*; +import javax.enterprise.inject.Typed; import javax.persistence.Access; import javax.persistence.AccessType; import javax.persistence.CascadeType; import javax.persistence.Column; +import javax.persistence.DiscriminatorValue; import javax.persistence.Entity; import javax.persistence.JoinColumn; import javax.persistence.ManyToOne; @@ -35,12 +37,12 @@ import org.wamblee.usermgt.User; *
  • The path of the resource. To obtain the path of a resource, subclasses * must implement {@link #getResourcePath(Object)}. Whether a path is * appropriate is determined by a - * {@link org.wamblee.security.authorization.PathCondition}.
  • + * {@link org.wamblee.security.authorization.AbstractPathCondition}. *
  • The user identity with which the resource is accessed. Whether a user is * appropriate is determined by a - * {@link org.wamblee.security.authorization.UserCondition}.
  • + * {@link org.wamblee.security.authorization.AbstractUserCondition}. *
  • The operation that is requested. Whether the operation is appropriate is - * determined by a {@link org.wamblee.security.authorization.OperationCondition} + * determined by a {@link org.wamblee.security.authorization.AbstractOperationCondition} * .
  • * * In case all three conditions match, the condition returns the configured @@ -50,7 +52,7 @@ import org.wamblee.usermgt.User; */ @Entity @Access(AccessType.PROPERTY) -public abstract class UrlAuthorizationRule extends AuthorizationRule { +public abstract class UrlAuthorizationRule extends AbstractAuthorizationRule { private static final Logger LOGGER = Logger .getLogger(UrlAuthorizationRule.class); @@ -77,6 +79,7 @@ public abstract class UrlAuthorizationRule extends AuthorizationRule { /** * Operation that this rule is for. */ + private OperationCondition operationCondition; /** @@ -261,7 +264,7 @@ public abstract class UrlAuthorizationRule extends AuthorizationRule { * * @return Returns the operationCondition. */ - @ManyToOne(cascade = CascadeType.ALL) + @ManyToOne(cascade = CascadeType.ALL, targetEntity = AbstractOperationCondition.class) @JoinColumn(name = "OPER_COND_PK") public OperationCondition getOperationCondition() { return operationCondition; @@ -280,7 +283,7 @@ public abstract class UrlAuthorizationRule extends AuthorizationRule { * * @return Returns the pathCondition. */ - @ManyToOne(cascade = CascadeType.ALL) + @ManyToOne(cascade = CascadeType.ALL, targetEntity = AbstractPathCondition.class) @JoinColumn(name = "PATH_COND_PK") public PathCondition getPathCondition() { return pathCondition; @@ -299,7 +302,7 @@ public abstract class UrlAuthorizationRule extends AuthorizationRule { * * @return Returns the userCondition. */ - @ManyToOne(cascade = CascadeType.ALL) + @ManyToOne(cascade = CascadeType.ALL, targetEntity = AbstractUserCondition.class) @JoinColumn(name = "USER_COND_PK") public UserCondition getUserCondition() { return userCondition; diff --git a/security/impl/src/main/java/org/wamblee/security/authorization/UserCondition.java b/security/impl/src/main/java/org/wamblee/security/authorization/UserCondition.java index 8b6eee94..7ce55cf9 100644 --- a/security/impl/src/main/java/org/wamblee/security/authorization/UserCondition.java +++ b/security/impl/src/main/java/org/wamblee/security/authorization/UserCondition.java @@ -15,16 +15,6 @@ */ package org.wamblee.security.authorization; -import javax.persistence.DiscriminatorColumn; -import javax.persistence.Entity; -import javax.persistence.GeneratedValue; -import javax.persistence.GenerationType; -import javax.persistence.Id; -import javax.persistence.Inheritance; -import javax.persistence.InheritanceType; -import javax.persistence.Table; -import javax.persistence.Version; - import org.wamblee.usermgt.User; /** @@ -32,28 +22,8 @@ import org.wamblee.usermgt.User; * * @author Erik Brakkee */ -@Entity -@Table(name = "SEC_USER_CONDITION") -@Inheritance(strategy = InheritanceType.SINGLE_TABLE) -@DiscriminatorColumn(name = "TYPE") -public abstract class UserCondition { - - @Id - @GeneratedValue(strategy = GenerationType.AUTO) - private Long primaryKey; +public interface UserCondition { - @Version - private int version; - - public UserCondition() { - // Empty. - } - - public UserCondition(UserCondition aCondition) { - primaryKey = aCondition.primaryKey; - version = aCondition.version; - } - /** * Determines if the condition matches. * @@ -63,4 +33,5 @@ public abstract class UserCondition { * @return True if the condition matches, false otherwise. */ public abstract boolean matches(User aUser); -} + +} \ No newline at end of file -- 2.31.1