[jboss-cvs] JBossAS SVN: r70014 - projects/security/security-spi/trunk/acl/src/main/org/jboss/security/acl.
jboss-cvs-commits at lists.jboss.org
jboss-cvs-commits at lists.jboss.org
Thu Feb 21 15:02:58 EST 2008
Author: sguilhen at redhat.com
Date: 2008-02-21 15:02:57 -0500 (Thu, 21 Feb 2008)
New Revision: 70014
Added:
projects/security/security-spi/trunk/acl/src/main/org/jboss/security/acl/ACLPersistenceStrategy.java
projects/security/security-spi/trunk/acl/src/main/org/jboss/security/acl/ACLRegistration.java
Modified:
projects/security/security-spi/trunk/acl/src/main/org/jboss/security/acl/ACLProvider.java
Log:
Introduced the ACLRegistration and ACLPersistenceStrategy interfaces, refactoring the ACLProvider to use the strategy to obtain the ACLs from a repository.
Added: projects/security/security-spi/trunk/acl/src/main/org/jboss/security/acl/ACLPersistenceStrategy.java
===================================================================
--- projects/security/security-spi/trunk/acl/src/main/org/jboss/security/acl/ACLPersistenceStrategy.java (rev 0)
+++ projects/security/security-spi/trunk/acl/src/main/org/jboss/security/acl/ACLPersistenceStrategy.java 2008-02-21 20:02:57 UTC (rev 70014)
@@ -0,0 +1,81 @@
+package org.jboss.security.acl;
+
+import java.util.Collection;
+
+import org.jboss.security.authorization.Resource;
+
+/**
+ * <p>
+ * This interface defines the methods that must be implemented by classes that manage the persistence of
+ * {@code ACL}s. It is used by the {@code ACLProvider} to obtain the {@code ACL}s that are used in the
+ * instance-based authorization checks.
+ * </p>
+ *
+ * @author <a href="mailto:sguilhen at redhat.com">Stefan Guilhen</a>
+ */
+public interface ACLPersistenceStrategy
+{
+
+ /**
+ * <p>
+ * Obtains a reference to the {@code ACL} associated to the given resource.
+ * </p>
+ *
+ * @param resource the {@code Resource} for which the associated ACL is wanted.
+ * @return a reference to the {@code ACL} associated with the resource, or null if no
+ * ACL could be found.
+ */
+ public ACL getACL(Resource resource);
+
+ /**
+ * <p>
+ * Creates a new {@code ACL} and associates it to the given resource.
+ * </p>
+ *
+ * @param resource the {@code Resource} for which an ACL is to be created.
+ * @return a reference to the created {@code ACL}.
+ */
+ public ACL createACL(Resource resource);
+
+ /**
+ * <p>
+ * Creates a new {@code ACL} with the specified entries and associates it to the given resource.
+ * </p>
+ *
+ * @param resource the {@code Resource} for which an ACL is to be created.
+ * @param entries a {@code Collection} containing the entries that must be added to the {@code ACL}.
+ * @return a reference to the created {@code ACL}.
+ */
+ public ACL createACL(Resource resource, Collection<ACLEntry> entries);
+
+ /**
+ * <p>
+ * Updates the given {@code ACL}. This usually means updating the repository where the ACLs are stored.
+ * </p>
+ *
+ * @param acl the {@code ACL} that needs to be updated.
+ * @return {@code true} if the ACL was updated; {@code false} otherwise.
+ */
+ public boolean updateACL(ACL acl);
+
+ /**
+ * <p>
+ * Removes the given {@code ACL}, breaking the existing association with the resource it relates to.
+ * </p>
+ *
+ * @param acl a reference to the {@code ACL} that is to be removed.
+ * @return {@code true} if the ACL was removed; {@code false} otherwise.
+ */
+ public boolean removeACL(ACL acl);
+
+ /**
+ * <p>
+ * Removes the {@code ACL} associated with the specified resource.
+ * </p>
+ *
+ * @param resource the {@code Resource} whose associated ACL is to be removed.
+ * @return {@code true} if the ACL was removed; {@code false} otherwise.
+ */
+ public boolean removeACL(Resource resource);
+
+}
Modified: projects/security/security-spi/trunk/acl/src/main/org/jboss/security/acl/ACLProvider.java
===================================================================
--- projects/security/security-spi/trunk/acl/src/main/org/jboss/security/acl/ACLProvider.java 2008-02-21 19:53:45 UTC (rev 70013)
+++ projects/security/security-spi/trunk/acl/src/main/org/jboss/security/acl/ACLProvider.java 2008-02-21 20:02:57 UTC (rev 70014)
@@ -21,7 +21,6 @@
*/
package org.jboss.security.acl;
-import java.util.Collection;
import java.util.Map;
import java.util.Set;
@@ -46,8 +45,8 @@
* @param sharedState Shared State
* @param options Options
*/
- public void initialize(Map<String,Object> sharedState, Map<String,Object> options);
-
+ public void initialize(Map<String, Object> sharedState, Map<String, Object> options);
+
/**
* <p>
* For a given Resource and an Identity, return all the entitlements
@@ -62,72 +61,45 @@
* @return
* @throws AuthorizationException
*/
- public <T> Set<T> getEntitlements(Class<T> clazz, Resource resource, Identity identity)
- throws AuthorizationException;
+ public <T> Set<T> getEntitlements(Class<T> clazz, Resource resource, Identity identity)
+ throws AuthorizationException;
/**
* <p>
- * Obtains a reference to the {@code ACL} associated to the given resource.
+ * Checks if the given identity has the permissions needed to access the specified resource. This
+ * involves finding the {@code ACL} associated with the resource and consulting the {@code ACL} to
+ * determine if access should be granted or not to the identity.
* </p>
*
- * @param resource the {@code Resource} for which the associated ACL is wanted.
- * @return a reference to the {@code ACL} associated with the resource, or null if no
- * ACL could be found.
+ * @param resource the {@code Resource} being accessed.
+ * @param identity the {@code Identity} trying to access the resource.
+ * @param permission the permissions needed to access the resource.
+ * @return {@code true} if the identity has enough permissions to access the resource; {@code false}
+ * otherwise.
+ * @throws AuthorizationException if no {@code ACL} can be found for the specified resource.
*/
- public ACL getACL(Resource resource);
+ public boolean isAccessGranted(Resource resource, Identity identity, ACLPermission permission)
+ throws AuthorizationException;
/**
* <p>
- * Creates a new {@code ACL} and associates it to the given resource.
+ * Obtains the {@code ACLPersistenceStrategy} associated with this provider.
* </p>
*
- * @param resource the {@code Resource} for which an ACL is to be created.
- * @return a reference to the created {@code ACL}.
+ * @return a reference to the {@code ACLPersistenceStrategy} used by this provider.
*/
- public ACL createACL(Resource resource);
+ public ACLPersistenceStrategy getPersistenceStrategy();
/**
* <p>
- * Creates a new {@code ACL} with the specified entries and associates it to the given resource.
+ * Sets the persistence strategy to be used by this provider.
* </p>
*
- * @param resource the {@code Resource} for which an ACL is to be created.
- * @param entries a {@code Collection} containing the entries that must be added to the {@code ACL}.
- * @return a reference to the created {@code ACL}.
+ * @param strategy a reference to the {@code ACLPersistenceStrategy} to be used.
*/
- public ACL createACL(Resource resource, Collection<ACLEntry> entries);
+ public void setPersistenceStrategy(ACLPersistenceStrategy strategy);
/**
- * <p>
- * Updates the given {@code ACL}. This usually means updating the repository where the ACLs are stored.
- * </p>
- *
- * @param acl the {@code ACL} that needs to be updated.
- * @return {@code true} if the ACL was updated; {@code false} otherwise.
- */
- public boolean updateACL(ACL acl);
-
- /**
- * <p>
- * Removes the given {@code ACL}, breaking the existing association with the resource it relates to.
- * </p>
- *
- * @param acl a reference to the {@code ACL} that is to be removed.
- * @return {@code true} if the ACL was removed; {@code false} otherwise.
- */
- public boolean removeACL(ACL acl);
-
- /**
- * <p>
- * Removes the {@code ACL} associated with the specified resource.
- * </p>
- *
- * @param resource the {@code Resource} whose associated ACL is to be removed.
- * @return {@code true} if the ACL was removed; {@code false} otherwise.
- */
- public boolean removeACL(Resource resource);
-
- /**
* Give an opportunity for the provider to finalize the
* operations
* @return
Added: projects/security/security-spi/trunk/acl/src/main/org/jboss/security/acl/ACLRegistration.java
===================================================================
--- projects/security/security-spi/trunk/acl/src/main/org/jboss/security/acl/ACLRegistration.java (rev 0)
+++ projects/security/security-spi/trunk/acl/src/main/org/jboss/security/acl/ACLRegistration.java 2008-02-21 20:02:57 UTC (rev 70014)
@@ -0,0 +1,45 @@
+package org.jboss.security.acl;
+
+import java.util.Collection;
+
+import org.jboss.security.authorization.Resource;
+
+/**
+ * <p>
+ * Interface to register {@code ACL}s.
+ * </p>
+ *
+ * @author <a href="mailto:sguilhen at redhat.com">Stefan Guilhen</a>
+ */
+public interface ACLRegistration
+{
+
+ /**
+ * <p>
+ * Registers an {@code ACL} associated with the specified {@code Resource}. This usually means interacting
+ * with a {@code ACLPersistenceStrategy} to persist the created {@code ACL}.
+ * </p>
+ *
+ * @param resource the {@code Resource} for which an {@code ACL} is to be registered.
+ */
+ public void registerACL(Resource resource);
+
+ /**
+ * <p>
+ * Registers an {@code ACL} associated with the specified {@code Resource} using the supplied entries.
+ * </p>
+ *
+ * @param resource the {@code Resource} for which an {@code ACL} is to be registered.
+ * @param entries the entries of the {@code ACL} being registered.
+ */
+ public void registerACL(Resource resource, Collection<ACLEntry> entries);
+
+ /**
+ * <p>
+ * Deregisters the {@code ACL} associated with the specified resource.
+ * </p>
+ *
+ * @param resource the {@code Resource} for which an {@code ACL} is to be deregistered.
+ */
+ public void deRegisterACL(Resource resource);
+}
More information about the jboss-cvs-commits
mailing list