J F W

HOW TO : CORE

authorization process

The authorization process is based on the database schema you can find at here and the authorization logic must be implemented in the main project action.

Let's now see the classes offered by the framework for authorizing a user to use an action.

com.jfw.authentication. Authorization

To check if a user can use an action, all you have to do is to use this class as in the next example:

Authorization authorization = new Authorization(); int authorizationResult = authorization.authorize(request, response, userData);

The method authorize returns an integer that can have one of the next values:

1. AUTHORIZED_NO: user can not execute the service.
2. AUTHORIZED_YES: user can execute the service.
3. AUTHORIZE_ALL: all users can execute the service.
4. AUTHORIZE_AUTHENTICATED: all authenticated users can execute the service.
5. SERVICE_NOT_FOUND: service name not exist in database in table SERVICE.

The return value is based on the return values of classes ServicesDB and UserServiceDB.
You can use the return value as you prefer in the implementation of method isAuthorized in your main action.

com.jfw.authentication. ServicesDB

This class is used for checking if the service is registered in table SERVICE and for getting his data. For the
authorization process the value of column SERVICE.service_free is the most important. The previous column can have these values:

1. SERVICE_FREE: this value indicates that all users, even if they are not authenticated, can use the action.
2. SERVICE_FREE_AFTER_AUTHENTICATION: only authenticated users can use the action.
3. SERVICE_NOT_FREE: only authenticated users can use the action and an entry in table must exist USER_SERVICE.

com.jfw.authentication. UserServiceDB

This class is used to check if a particular user can execute a particular action.
Here is an example of use:

HashMap data = new HashMap(); data.put(UserServiceDB.SERVICE_NAME_KEY, serviceName); data.put(UserServiceDB.USER_ID_KEY, userData.getUserId()); HashMap outputdata = new HashMap(); UserServiceDB userServiceDB = new UserServiceDB(); userServiceDB.setData(data); userServiceDB.execute(outputdata); String resultStr = (String)outputdata.get(UserServiceDB.RESULT_KEY); if(UserServiceDB.RESULT_OK_KEY.equals(resultStr)) result = AUTHORIZED_YES; else result = AUTHORIZED_NO;