org.wamblee.security.authorization

Class DefaultAuthorizationService

java.lang.Object

org.wamblee.security.authorization.AbstractAuthorizationService

org.wamblee.security.authorization.DefaultAuthorizationService

All Implemented Interfaces:

AuthorizationService

@Entity
public class DefaultAuthorizationService
extends AbstractAuthorizationService

Default implementation of an authorization service. To determine whether access to a resource is allowed, the service consults a number of authorization rules in a fixed order. The first rule that gives a result GRANTED or DENIED determines the result of the evaluation. Rules that return any other result are ignoed. If none of the rules match, than access is denied.

Author:

Erik Brakkee

Field Summary

Fields inherited from class org.wamblee.security.authorization.AbstractAuthorizationService

NAME_PARAM, QUERY_FIND_BY_NAME

Constructor Summary

Constructors

Constructor and Description
DefaultAuthorizationService() Constructs the authorization service.
DefaultAuthorizationService(UserAccessor aAccessor, UserAdministration aUserAdmin, String aName) Constructs the service.

Method Summary

Modifier and Type	Method and Description
void	appendRule(AuthorizationRule aRule) Appends a new authorization rule to the end.
<T> T	check(T aResource, Operation aOperation) Checks if the given operation is allowed on the resource.
protected List<AuthorizationRule>	getMappedRules() For OR mapping.
AuthorizationRule[]	getRules() Gets the authorization rules.
void	insertRuleAfter(int aIndex, AuthorizationRule aRule) Inserts a rule.
boolean	isAllowed(Object aResource, Operation aOperation) Checks whether an operation is allowed on a resource.
void	removeRule(int aIndex) Removes a rule.
protected void	setMappedRules(List<AuthorizationRule> aRules) For OR mapping.
void	setUserAccessor(UserAccessor aUserAccessor) Sets the user accessor so that the authorization service can get access to the logged in user.
void	setUserAdministration(UserAdministration aUserAdmin) Sets the user administration so that the authorization service can check information for the the current user.

Methods inherited from class org.wamblee.security.authorization.AbstractAuthorizationService

getName

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Detail

DefaultAuthorizationService

public DefaultAuthorizationService(UserAccessor aAccessor,
                                   UserAdministration aUserAdmin,
                                   String aName)

Constructs the service.

Parameters:

aAccessor - User accessor.

aUserAdmin - User administration.

aName - Name of this instance of the service.

DefaultAuthorizationService

public DefaultAuthorizationService()

Constructs the authorization service.

Method Detail

setUserAccessor

public void setUserAccessor(UserAccessor aUserAccessor)

Description copied from interface: AuthorizationService

Sets the user accessor so that the authorization service can get access to the logged in user.

Parameters:

aUserAccessor - User accessor.

setUserAdministration

public void setUserAdministration(UserAdministration aUserAdmin)

Description copied from interface: AuthorizationService

Sets the user administration so that the authorization service can check information for the the current user.

Parameters:

aUserAdmin - User administration.

isAllowed

public boolean isAllowed(Object aResource,
                         Operation aOperation)

Description copied from interface: AuthorizationService

Checks whether an operation is allowed on a resource.

Parameters:

aResource - Resource.

aOperation - Operation.

Returns:

Checks whether the operation is allowed on a resource.

check

public <T> T check(T aResource,
                   Operation aOperation)

Description copied from interface: AuthorizationService

Checks if the given operation is allowed on the resource.

Type Parameters:

T - Type of resource

Parameters:

aResource - Resource.

aOperation - Operation.

Returns:

Resource passed in in case access is allowed

getRules

public AuthorizationRule[] getRules()

Description copied from interface: AuthorizationService

Gets the authorization rules.

Returns:

Rules.

appendRule

public void appendRule(AuthorizationRule aRule)

Description copied from interface: AuthorizationService

Appends a new authorization rule to the end.

Parameters:

aRule - Rule to append.

insertRuleAfter

public void insertRuleAfter(int aIndex,
                            AuthorizationRule aRule)

Description copied from interface: AuthorizationService

Inserts a rule.

Parameters:

aIndex - Index of the position of the rule after insertion.

aRule - Rule to insert.

removeRule

public void removeRule(int aIndex)

Description copied from interface: AuthorizationService

Removes a rule.

Parameters:

aIndex - Index of the rule to remove.

getMappedRules

protected List<AuthorizationRule> getMappedRules()

For OR mapping.

Returns:

The rules.

setMappedRules

protected void setMappedRules(List<AuthorizationRule> aRules)

For OR mapping.

Parameters:

aRules - The rules.