org.wamblee.security.authorization
Class UrlAuthorizationRule

java.lang.Object
  org.wamblee.persistence.AbstractPersistent
      org.wamblee.security.authorization.UrlAuthorizationRule

All Implemented Interfaces:

Persistent, AuthorizationRule

public abstract class UrlAuthorizationRule
extends AbstractPersistent
implements AuthorizationRule

Utility base class for implementation of authentication rules based on the

• The path of the resource. To obtain the path of a resource, subclasses must implement getResourcePath(Object). Whether a path is appropriate is determined by a PathCondition.
• The user identity with which the resource is accessed. Whether a user is appropriate is determined by a UserCondition.
• The operation that is requested. Whether the operation is appropriate is determined by a OperationCondition.

In case all three conditions match, the condition returns the configured result passed at construction (GRANTED or DENIED). If the resource is not of the specified type, the result is UNSUPPORTED_RESOURCE, otherwise, the result is UNDECIDED.

Constructor Summary

protected	UrlAuthorizationRule() For OR mapping.
protected	UrlAuthorizationRule(AuthorizationResult aResult, UserCondition aUserCondition, PathCondition aPathCondition, java.lang.Class aResourceClass, OperationCondition aOperationCondition) Constructs an authorization rule.
protected	UrlAuthorizationRule(java.lang.Class aResourceClass) For OR mapping.

Method Summary

protected java.lang.String	getAuthorizationResultString() Gets the authorization result for OR mapping.
OperationCondition	getOperationCondition()
PathCondition	getPathCondition()
protected java.lang.String	getResourceClassName()
protected abstract java.lang.String	getResourcePath(java.lang.Object aResource) Gets the path of the resource.
java.lang.Class[]	getSupportedTypes() Returns the supported object types for which this authorization rule applies.
UserCondition	getUserCondition()
AuthorizationResult	isAllowed(java.lang.Object aResource, Operation anOperation, User aUser) Determines whether an operation is allowed on a certain resource.
protected AuthorizationResult	isAllowed(java.lang.String aPath, Operation aOperation, User aUser) Determines if the operation is allowed on the resource.
protected void	setAuthorizationResultString(java.lang.String aResult) Sets the authorization result, for OR mapping.
protected void	setOperationCondition(OperationCondition aOperationCondition)
protected void	setPathCondition(PathCondition aPathCondition)
protected void	setResourceClassName(java.lang.String aResourceClass)
protected void	setUserCondition(UserCondition aUserCondition)
java.lang.String	toString()

Methods inherited from class org.wamblee.persistence.AbstractPersistent

getPersistedVersion, getPrimaryKey, setPersistedVersion, setPrimaryKey

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, wait, wait, wait

Methods inherited from interface org.wamblee.persistence.Persistent

getPersistedVersion, getPrimaryKey, setPersistedVersion, setPrimaryKey

Constructor Detail

UrlAuthorizationRule

protected UrlAuthorizationRule(AuthorizationResult aResult,
                               UserCondition aUserCondition,
                               PathCondition aPathCondition,
                               java.lang.Class aResourceClass,
                               OperationCondition aOperationCondition)

Constructs an authorization rule. IF the group and path match, then the provided result will be returned.

Parameters:

aResult - Result of the authorization when the path and group match.

aUserCondition - Condition to match users.

aPathCondition - Condition to match paths with.

aResourceClass - Supported resource class this is for.

aOperationCondition - Condition to match the operation with.

UrlAuthorizationRule

protected UrlAuthorizationRule(java.lang.Class aResourceClass)

For OR mapping.

UrlAuthorizationRule

protected UrlAuthorizationRule()

For OR mapping.

Method Detail

getSupportedTypes

public java.lang.Class[] getSupportedTypes()

Description copied from interface: AuthorizationRule

Returns the supported object types for which this authorization rule applies. This can be used by the authorization service for optimization.

Specified by:

getSupportedTypes in interface AuthorizationRule

Returns:

Array of supported types.

isAllowed

public AuthorizationResult isAllowed(java.lang.Object aResource,
                                     Operation anOperation,
                                     User aUser)

Description copied from interface: AuthorizationRule

Determines whether an operation is allowed on a certain resource. The rule implementation must be prepared to deal with resources for which it does not apply. In those cases it should return AuthorizationResult.UNSUPPORTED_RESOURCE.

Specified by:

isAllowed in interface AuthorizationRule

Parameters:

aResource - Resource.

anOperation - Operation.

aUser - Current user.

Returns:

Authorization result.

isAllowed

protected AuthorizationResult isAllowed(java.lang.String aPath,
                                        Operation aOperation,
                                        User aUser)

Determines if the operation is allowed on the resource.

Parameters:

aPath - Path of the resource.

aOperation - Operation to be done.

aUser - Currently logged in user or null if no user is logged in.

Returns:

Authorization result,

getResourcePath

protected abstract java.lang.String getResourcePath(java.lang.Object aResource)

Gets the path of the resource.

Parameters:

aResource - Resource, guaranteed to be an instance of _resourceClass.

Returns:

Path of the resource.

toString

public java.lang.String toString()

Overrides:

toString in class java.lang.Object

getAuthorizationResultString

protected java.lang.String getAuthorizationResultString()

Gets the authorization result for OR mapping.

Returns:

Result.

setAuthorizationResultString

protected void setAuthorizationResultString(java.lang.String aResult)

Sets the authorization result, for OR mapping.

Parameters:

aResult - Result.

getResourceClassName

protected java.lang.String getResourceClassName()

setResourceClassName

protected void setResourceClassName(java.lang.String aResourceClass)

getOperationCondition

public OperationCondition getOperationCondition()

Returns:

Returns the _operationCondition.

setOperationCondition

protected void setOperationCondition(OperationCondition aOperationCondition)

Parameters:

aOperationCondition - The _operationCondition to set.

getPathCondition

public PathCondition getPathCondition()

Returns:

Returns the _pathCondition.

setPathCondition

protected void setPathCondition(PathCondition aPathCondition)

Parameters:

aPathCondition - The _pathCondition to set.

getUserCondition

public UserCondition getUserCondition()

Returns:

Returns the _userCondition.

setUserCondition

protected void setUserCondition(UserCondition aUserCondition)

Parameters:

aUserCondition - The _userCondition to set.