Overview  Package   Class  Use  Tree  Deprecated  Index  Help 
 PREV CLASS   NEXT CLASS FRAMES    NO FRAMES    
SUMMARY: NESTED | FIELD | CONSTR | METHOD DETAIL: FIELD | CONSTR | METHOD

com.jfw.authentication
Class Authorization

java.lang.Object
  extended by com.jfw.authentication.Authorization

public class Authorization
extends java.lang.Object

Used in the authorization phase.
The methods are logically divided in two categories:

  1. not static methods for authorize the use of a service by a user.
  2. static methods that act as utilities methods.

Example
 Authorization authorization = new Authorization();
 int authorizationResult = authorization.authorize(request, response, userData);
 
 if(authorizationResult == Authorization.AUTHORIZE_ALL)
   System.out.println("all users can execute the service");
 else if(authorizationResult == Authorization.AUTHORIZE_AUTHENTICATED)
   System.out.println("all authenticated users can execute the service");
 else if(authorizationResult == Authorization.AUTHORIZED_YES)
   System.out.println("user set in UserData can execute the service");
 else if(authorizationResult == Authorization.AUTHORIZED_NO)
   System.out.println("user set in UserData can not execute the service");
 else if(authorizationResult == Authorization.SERVICE_NOT_FOUND)
   System.out.println("service name not exist in database");

Field Summary
static int AUTHORIZE_ALL
          Value returned by method authorize(javax.servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse, com.jfw.authentication.UserData).
static int AUTHORIZE_AUTHENTICATED
          Value returned by method authorize(javax.servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse, com.jfw.authentication.UserData).
static int AUTHORIZED_NO
          Value returned by method authorize(javax.servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse, com.jfw.authentication.UserData).
static int AUTHORIZED_YES
          Value returned by method authorize(javax.servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse, com.jfw.authentication.UserData).
static java.lang.String SERVICE_FREE
          Value of database column SERVICE.SERVICE_FREE indicating that all users can use the service.
static java.lang.String SERVICE_FREE_AFTER_AUTHENTICATION
          Value of database column SERVICE.SERVICE_FREE indicating that all authenticated users can use the service.
static int SERVICE_NOT_FOUND
          Value returned by method authorize(javax.servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse, com.jfw.authentication.UserData).
static java.lang.String SERVICE_NOT_FREE
          Value of database column SERVICE.SERVICE_FREE indicating that only authenticated users can use the service and the service must be associated with the user id.
 
Constructor Summary
Authorization()
          Create an instance.
Authorization(java.lang.String connectionResourceName)
          Create an instance.
 
Method Summary
 int authorize(javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response, UserData userData)
          User authorization.
static int checkUserServicePermission(java.lang.String serviceName, UserData userData)
          Check in database if user can execute a service.
 
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
 

Field Detail

SERVICE_NOT_FREE

public static final java.lang.String SERVICE_NOT_FREE
Value of database column SERVICE.SERVICE_FREE indicating that only authenticated users can use the service and the service must be associated with the user id.

See Also:
Constant Field Values

SERVICE_FREE

public static final java.lang.String SERVICE_FREE
Value of database column SERVICE.SERVICE_FREE indicating that all users can use the service.

See Also:
Constant Field Values

SERVICE_FREE_AFTER_AUTHENTICATION

public static final java.lang.String SERVICE_FREE_AFTER_AUTHENTICATION
Value of database column SERVICE.SERVICE_FREE indicating that all authenticated users can use the service.

See Also:
Constant Field Values

AUTHORIZED_NO

public static final int AUTHORIZED_NO
Value returned by method authorize(javax.servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse, com.jfw.authentication.UserData).

See Also:
Constant Field Values

AUTHORIZED_YES

public static final int AUTHORIZED_YES
Value returned by method authorize(javax.servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse, com.jfw.authentication.UserData).

See Also:
Constant Field Values

AUTHORIZE_ALL

public static final int AUTHORIZE_ALL
Value returned by method authorize(javax.servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse, com.jfw.authentication.UserData).

See Also:
Constant Field Values

AUTHORIZE_AUTHENTICATED

public static final int AUTHORIZE_AUTHENTICATED
Value returned by method authorize(javax.servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse, com.jfw.authentication.UserData).

See Also:
Constant Field Values

SERVICE_NOT_FOUND

public static final int SERVICE_NOT_FOUND
Value returned by method authorize(javax.servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse, com.jfw.authentication.UserData).

See Also:
Constant Field Values
Constructor Detail

Authorization

public Authorization()
Create an instance. The default database resource, defined in jfw.properties, is used.

Authorization

public Authorization(java.lang.String connectionResourceName)
Create an instance. The database resource indicate by parameter connectionResourceName is used.

Parameters:
connectionResourceName - the database resource to use.
Method Detail

authorize

public int authorize(javax.servlet.http.HttpServletRequest request,
                     javax.servlet.http.HttpServletResponse response,
                     UserData userData)
              throws java.lang.Exception
User authorization.

Parameters:
request - an HttpServletRequest object.
response - an HttpServletResponse object.
userData - an UserData object or null if the user is not authenticated.
Returns:
  1. AUTHORIZED_NO: user can not execute the service.
  2. AUTHORIZED_YES: user can execute the service.
  3. AUTHORIZE_ALL: all users can execute the service.
  4. AUTHORIZE_AUTHENTICATED: all authenticated users can execute the service.
  5. SERVICE_NOT_FOUND: service name not exist in database.

The service name to check is taken from request URI: all chars after last "/". For example, if requested url is http://myserver/mywebapp/myaction.do then the service name to check is myaction.do.
Throws:
java.lang.Exception

checkUserServicePermission

public static int checkUserServicePermission(java.lang.String serviceName,
                                             UserData userData)
                                      throws java.lang.Exception
Check in database if user can execute a service.

Parameters:
serviceName - the service name (column SERVICE.SERVCE_NAME).
userData - an UserData object.
Returns:
  1. AUTHORIZED_NO: user can not execute the service.
  2. AUTHORIZED_YES: user can execute the service.
Throws:
java.lang.Exception
Overview  Package   Class  Use  Tree  Deprecated  Index  Help 
 PREV CLASS   NEXT CLASS FRAMES    NO FRAMES    
SUMMARY: NESTED | FIELD | CONSTR | METHOD DETAIL: FIELD | CONSTR | METHOD