Replace AuthorizationBuilder by AuthorizationChecker

pac4j-core/src/test/java/org/pac4j/core/authorization/FakeAuthorizer.java → pac4j-core/src/main/java/org/pac4j/core/authorization/AuthorizationChecker.java

@@ -18,15 +18,18 @@
 import org.pac4j.core.context.WebContext;
 import org.pac4j.core.profile.UserProfile;
 
+import java.util.List;
+import java.util.Map;
+
 /**
- * Fake authorizer (never authorizerd).
+ * The way to check authorizations.
  *
  * @author Jerome Leleu
  * @since 1.8.0
  */
-public class FakeAuthorizer implements Authorizer {
+public interface AuthorizationChecker {
+
+    boolean isAuthorized(WebContext context, UserProfile profile, String authorizerName, Map<String, Authorizer> authorizersMap);
 
-    public boolean isAuthorized(final WebContext context, final UserProfile profile) {
-        return false;
-    }
+    boolean isAuthorized(WebContext context, UserProfile profile, List<Authorizer> authorizers);
 }

pac4j-core/src/main/java/org/pac4j/core/authorization/DefaultAuthorizationChecker.java

@@ -0,0 +1,67 @@
+/*
+  Copyright 2012 - 2015 pac4j organization
+
+   Licensed under the Apache License, Version 2.0 (the "License");
+   you may not use this file except in compliance with the License.
+   You may obtain a copy of the License at
+
+       http://www.apache.org/licenses/LICENSE-2.0
+
+   Unless required by applicable law or agreed to in writing, software
+   distributed under the License is distributed on an "AS IS" BASIS,
+   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+   See the License for the specific language governing permissions and
+   limitations under the License.
+ */
+package org.pac4j.core.authorization;
+
+import org.pac4j.core.context.Pac4jConstants;
+import org.pac4j.core.context.WebContext;
+import org.pac4j.core.profile.UserProfile;
+import org.pac4j.core.util.CommonHelper;
+
+import java.util.ArrayList;
+import java.util.List;
+import java.util.Map;
+
+/**
+ * Default way to check the authorizations.
+ *
+ * @author Jerome Leleu
+ * @since 1.8.0
+ */
+public class DefaultAuthorizationChecker implements AuthorizationChecker {
+
+    public boolean isAuthorized(final WebContext context, final UserProfile profile, final String authorizerName, final Map<String, Authorizer> authorizersMap) {
+        final List<Authorizer> authorizers = new ArrayList<>();
+        // if we have an authorizer name (which may be a list of authorizer names)
+        if (CommonHelper.isNotBlank(authorizerName)) {
+            // we must have authorizers
+            CommonHelper.assertNotNull("authorizersMap", authorizers);
+            final String[] names = authorizerName.split(Pac4jConstants.ELEMENT_SEPRATOR);
+            final int nb = names.length;
+            for (int i = 0; i < nb; i++) {
+                final String name = names[i];
+                final Authorizer result = authorizersMap.get(name);
+                // we must have an authorizer defined for this name
+                CommonHelper.assertNotNull("authorizersMap['" + name + "']", result);
+                authorizers.add(result);
+            }
+        }
+        return isAuthorized(context, profile, authorizers);
+    }
+
+    public boolean isAuthorized(final WebContext context, final UserProfile profile, final List<Authorizer> authorizers) {
+        // authorizations check comes after authentication and profile must not be null
+        CommonHelper.assertNotNull("profile", profile);
+        if (authorizers != null && authorizers.size() > 0) {
+            // check authorizations using authorizers: all must be satisfied
+            for (Authorizer authorizer : authorizers) {
+                if (!authorizer.isAuthorized(context, profile)) {
+                    return false;
+                }
+            }
+        }
+        return true;
+    }
+}

pac4j-core/src/main/java/org/pac4j/core/authorization/DefaultAuthorizerBuilder.java

@@ -15,46 +15,21 @@
  */
 package org.pac4j.core.authorization;
 
-import org.pac4j.core.context.WebContext;
+import org.pac4j.core.context.Pac4jConstants;
 import org.pac4j.core.util.CommonHelper;
 
 import java.util.Map;
 
 /**
- * Build the authorizer based on regular parameters.
+ * Will be removed before the release of pac4j v1.8.
  *
- * @author Jerome Leleu
- * @since 1.8.0
+ * @deprecated
  */
-public class DefaultAuthorizerBuilder implements AuthorizerBuilder {
+@Deprecated
+public class DefaultAuthorizerBuilder {
 
     private static final Authorizer DEFAULT_AUTHORIZER = new IsAuthenticatedAuthorizer();
 
-    public static final String ROLE_SEPARATOR = ",";
-
-    public Authorizer build(final WebContext context, final Authorizer authorizer, final String authorizerName, final Map<String, Authorizer> authorizers) {
-        // we already have an authorizer
-        if (authorizer != null) {
-            return authorizer;
-        }
-        // we have an authorizer name
-        if (CommonHelper.isNotBlank(authorizerName)) {
-            // we must have authorizers
-            CommonHelper.assertNotNull("authorizers", authorizers);
-            final Authorizer result = authorizers.get(authorizerName);
-            // we must have an authorizer defined for this name
-            CommonHelper.assertNotNull("authorizers['" + authorizerName + "']", result);
-            return result;
-        }
-        return DEFAULT_AUTHORIZER;
-    }
-
-    /**
-     * Will be removed before the release of pac4j v1.8.
-     *
-     * @deprecated
-     */
-    @Deprecated
     public static Authorizer build(final Authorizer authorizer, final String authorizerName, final Map<String, Authorizer> authorizers,
                                    final String requireAnyRole, final String requireAllRoles) {
         // we already have an authorizer
@@ -72,11 +47,11 @@ public static Authorizer build(final Authorizer authorizer, final String authori
         }
         // we have a requireAnyRole value
         if (CommonHelper.isNotBlank(requireAnyRole)) {
-            return new RequireAnyRoleAuthorizer(requireAnyRole.split(ROLE_SEPARATOR));
+            return new RequireAnyRoleAuthorizer(requireAnyRole.split(Pac4jConstants.ELEMENT_SEPRATOR));
         }
         // we have a requireAllRoles value
         if (CommonHelper.isNotBlank(requireAllRoles)) {
-            return new RequireAllRolesAuthorizer(requireAllRoles.split(ROLE_SEPARATOR));
+            return new RequireAllRolesAuthorizer(requireAllRoles.split(Pac4jConstants.ELEMENT_SEPRATOR));
         }
         return DEFAULT_AUTHORIZER;
     }

pac4j-core/src/main/java/org/pac4j/core/authorization/IsAuthenticatedAuthorizer.java

@@ -19,12 +19,14 @@
 import org.pac4j.core.profile.UserProfile;
 
 /**
- * Checks if the user is authenticated.
+ * Will be removed before pac4j v1.8 release.
  *
+ * @deprecated
  * @param <U> the user profile
  * @author Jerome Leleu
  * @since 1.8.0
  */
+@Deprecated
 public class IsAuthenticatedAuthorizer<U extends UserProfile> implements Authorizer<U> {
 
     /**

pac4j-core/src/main/java/org/pac4j/core/client/DefaultClientFinder.java

@@ -15,6 +15,7 @@
  */
 package org.pac4j.core.client;
 
+import org.pac4j.core.context.Pac4jConstants;
 import org.pac4j.core.context.WebContext;
 import org.pac4j.core.util.CommonHelper;
 
@@ -29,14 +30,12 @@
  */
 public class DefaultClientFinder implements ClientFinder {
 
-    public static final String CLIENT_NAME_SEPARATOR = ",";
-
     public Client find(final Clients clients, final WebContext context, final String clientName) {
         // no name -> no client
         if (CommonHelper.isBlank(clientName)) {
             return null;
         }
-        final List<String> names = Arrays.asList(clientName.split(CLIENT_NAME_SEPARATOR));
+        final List<String> names = Arrays.asList(clientName.split(Pac4jConstants.ELEMENT_SEPRATOR));
         // if a client_name parameter is provided on the request, get the client and check if it is allowed
         final String clientNameOnRequest = context.getRequestParameter(clients.getClientNameParameter());
         if (clientNameOnRequest != null) {

pac4j-core/src/main/java/org/pac4j/core/context/Pac4jConstants.java

@@ -100,15 +100,18 @@ public interface Pac4jConstants {
     /* The default url, the root path */
     String DEFAULT_URL_VALUE = "/";
 
-    /** The url parameter */
+    /* The url parameter */
     String URL = "url";
 
-    /** The logout pattern for url */
+    /* The element (client or authorizer) separator */
+    String ELEMENT_SEPRATOR = ",";
+
+    /* The logout pattern for url */
     String LOGOUT_URL_PATTERN = "logoutUrlPattern";
 
-    /** The default value for the logout url pattern, meaning only relative urls are allowed */
+    /* The default value for the logout url pattern, meaning only relative urls are allowed */
     String DEFAULT_LOGOUT_URL_PATTERN_VALUE = "/.*";
 
-    /** The config factory parameter */
+    /* The config factory parameter */
     String CONFIG_FACTORY = "configFactory";
 }