org.wamblee.security.authorization
Class UrlAuthorizationRule

java.lang.Object
  org.wamblee.security.authorization.AbstractAuthorizationRule
      org.wamblee.security.authorization.UrlAuthorizationRule

All Implemented Interfaces:

AuthorizationRule

@Entity
public abstract class UrlAuthorizationRule
extends AbstractAuthorizationRule

Utility base class for implementation of authentication rules based on the

• The path of the resource. To obtain the path of a resource, subclasses must implement getResourcePath(Object). Whether a path is appropriate is determined by a AbstractPathCondition.
• The user identity with which the resource is accessed. Whether a user is appropriate is determined by a AbstractUserCondition.
• The operation that is requested. Whether the operation is appropriate is determined by a AbstractOperationCondition .

In case all three conditions match, the condition returns the configured result passed at construction (GRANTED or DENIED). If the resource is not of the specified type, the result is UNSUPPORTED_RESOURCE, otherwise, the result is UNDECIDED.

Constructor Summary

protected	UrlAuthorizationRule() For OR mapping.
protected	UrlAuthorizationRule(AuthorizationResult aResult, UserCondition aUserCondition, PathCondition aPathCondition, java.lang.Class aResourceClass, OperationCondition aOperationCondition) Constructs an authorization rule.
protected	UrlAuthorizationRule(java.lang.Class aResourceClass) For OR mapping.

Method Summary

protected java.lang.String	getAuthorizationResultString() Gets the authorization result for OR mapping.
OperationCondition	getOperationCondition()
PathCondition	getPathCondition()
protected java.lang.String	getResourceClassName()
protected abstract java.lang.String	getResourcePath(java.lang.Object aResource) Gets the path of the resource.
java.lang.Class[]	getSupportedTypes() Returns the supported object types for which this authorization rule applies.
UserCondition	getUserCondition()
AuthorizationResult	isAllowed(java.lang.Object aResource, Operation aOperation, java.lang.String aUser) Determines whether an operation is allowed on a certain resource.
protected AuthorizationResult	isAllowedWithPath(java.lang.String aPath, Operation aOperation, java.lang.String aUser) Determines if the operation is allowed on the resource.
protected void	setAuthorizationResultString(java.lang.String aResult) Sets the authorization result, for OR mapping.
protected void	setOperationCondition(OperationCondition aOperationCondition)
protected void	setPathCondition(PathCondition aPathCondition)
protected void	setResourceClassName(java.lang.String aResourceClass)
void	setUserAdministration(UserAdministration aAdmin) Sets the user admnistration to use.
protected void	setUserCondition(UserCondition aUserCondition)
java.lang.String	toString()

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, wait, wait, wait

Constructor Detail

UrlAuthorizationRule

protected UrlAuthorizationRule(AuthorizationResult aResult,
                               UserCondition aUserCondition,
                               PathCondition aPathCondition,
                               java.lang.Class aResourceClass,
                               OperationCondition aOperationCondition)

Constructs an authorization rule. IF the group and path match, then the provided result will be returned.

Parameters:

aResult - Result of the authorization when the path and group match.

aUserCondition - Condition to match users.

aPathCondition - Condition to match paths with.

aResourceClass - Supported resource class this is for.

aOperationCondition - Condition to match the operation with.

UrlAuthorizationRule

protected UrlAuthorizationRule(java.lang.Class aResourceClass)

For OR mapping.

UrlAuthorizationRule

protected UrlAuthorizationRule()

For OR mapping.

Method Detail

getSupportedTypes

public java.lang.Class[] getSupportedTypes()

Description copied from interface: AuthorizationRule

Returns the supported object types for which this authorization rule applies. This can be used by the authorization service for optimization.

Returns:

Array of supported types.

isAllowed

public AuthorizationResult isAllowed(java.lang.Object aResource,
                                     Operation aOperation,
                                     java.lang.String aUser)

Description copied from interface: AuthorizationRule

Determines whether an operation is allowed on a certain resource. The rule implementation must be prepared to deal with resources for which it does not apply. In those cases it should return AuthorizationResult.UNSUPPORTED_RESOURCE.

Parameters:

aResource - Resource.

aOperation - Operation.

aUser - Current user.

Returns:

Authorization result.

isAllowedWithPath

protected AuthorizationResult isAllowedWithPath(java.lang.String aPath,
                                                Operation aOperation,
                                                java.lang.String aUser)

Determines if the operation is allowed on the resource.

Parameters:

aPath - Path of the resource.

aOperation - Operation to be done.

aUser - Currently logged in user or null if no user is logged in.

Returns:

Authorization result,

getResourcePath

protected abstract java.lang.String getResourcePath(java.lang.Object aResource)

Gets the path of the resource.

Parameters:

aResource - Resource, guaranteed to be an instance of resourceClass.

Returns:

Path of the resource.

toString

public java.lang.String toString()

Overrides:

toString in class java.lang.Object

getAuthorizationResultString

protected java.lang.String getAuthorizationResultString()

Gets the authorization result for OR mapping.

Returns:

Result.

setAuthorizationResultString

protected void setAuthorizationResultString(java.lang.String aResult)

Sets the authorization result, for OR mapping.

Parameters:

aResult - Result.

getResourceClassName

protected java.lang.String getResourceClassName()

setResourceClassName

protected void setResourceClassName(java.lang.String aResourceClass)

getOperationCondition

public OperationCondition getOperationCondition()

Returns:

Returns the operationCondition.

setOperationCondition

protected void setOperationCondition(OperationCondition aOperationCondition)

Parameters:

aOperationCondition - The operationCondition to set.

getPathCondition

public PathCondition getPathCondition()

Returns:

Returns the pathCondition.

setPathCondition

protected void setPathCondition(PathCondition aPathCondition)

Parameters:

aPathCondition - The pathCondition to set.

getUserCondition

public UserCondition getUserCondition()

Returns:

Returns the userCondition.

setUserCondition

protected void setUserCondition(UserCondition aUserCondition)

Parameters:

aUserCondition - The userCondition to set.

setUserAdministration

public void setUserAdministration(UserAdministration aAdmin)

Description copied from interface: AuthorizationRule

Sets the user admnistration to use.

Parameters:

aAdmin - User administration.