MethodAuthorizer.java

/**
 * Copyright 2005-2014 Restlet
 * 
 * The contents of this file are subject to the terms of one of the following
 * open source licenses: Apache 2.0 or or EPL 1.0 (the "Licenses"). You can
 * select the license that you prefer but you may not use this file except in
 * compliance with one of these Licenses.
 * 
 * You can obtain a copy of the Apache 2.0 license at
 * http://www.opensource.org/licenses/apache-2.0
 * 
 * You can obtain a copy of the EPL 1.0 license at
 * http://www.opensource.org/licenses/eclipse-1.0
 * 
 * See the Licenses for the specific language governing permissions and
 * limitations under the Licenses.
 * 
 * Alternatively, you can obtain a royalty free commercial license with less
 * limitations, transferable or non-transferable, directly at
 * http://restlet.com/products/restlet-framework
 * 
 * Restlet is a registered trademark of Restlet S.A.S.
 */

package org.restlet.security;

import java.util.List;
import java.util.concurrent.CopyOnWriteArrayList;

import org.restlet.Request;
import org.restlet.Response;
import org.restlet.data.Method;

/**
 * Authorizer based on authorized methods. Note that this authorizer makes the
 * difference between authenticated and anonymous users.
 * 
 * @author Jerome Louvel
 */
public class MethodAuthorizer extends Authorizer {

    /** The modifiable list of methods authorized for anonymous users. */
    private List<Method> anonymousMethods;

    /** The modifiable list of methods authorized for authenticated users. */
    private List<Method> authenticatedMethods;

    /**
     * Default constructor.
     */
    public MethodAuthorizer() {
        this(null);
    }

    /**
     * Constructor.
     * 
     * @param identifier
     *            The identifier unique within an application.
     */
    public MethodAuthorizer(String identifier) {
        super(identifier);

        this.anonymousMethods = new CopyOnWriteArrayList<Method>();
        this.authenticatedMethods = new CopyOnWriteArrayList<Method>();
    }

    /**
     * Authorizes the request only if its method is one of the authorized
     * methods.
     * 
     * @param request
     *            The request sent.
     * @param response
     *            The response to update.
     * @return True if the authorization succeeded.
     */
    @Override
    public boolean authorize(Request request, Response response) {
        boolean authorized = false;

        if (request.getClientInfo().isAuthenticated()) {
            // Verify if the request method is one of the forbidden methods
            for (Method authenticatedMethod : getAuthenticatedMethods()) {
                authorized = authorized
                        || request.getMethod().equals(authenticatedMethod);
            }
        } else {
            // Verify if the request method is one of the authorized methods
            for (Method authorizedMethod : getAnonymousMethods()) {
                authorized = authorized
                        || request.getMethod().equals(authorizedMethod);
            }
        }

        return authorized;
    }

    /**
     * Returns the modifiable list of methods authorized for anonymous users.
     * 
     * @return The modifiable list of methods authorized for anonymous users.
     */
    public List<Method> getAnonymousMethods() {
        return anonymousMethods;
    }

    /**
     * Returns the modifiable list of methods authorized for authenticated
     * users.
     * 
     * @return The modifiable list of methods authorized for authenticated
     *         users.
     */
    public List<Method> getAuthenticatedMethods() {
        return authenticatedMethods;
    }

    /**
     * Sets the modifiable list of methods authorized for anonymous users. This
     * method clears the current list and adds all entries in the parameter
     * list.
     * 
     * @param anonymousMethods
     *            A list of methods authorized for anonymous users.
     */
    public void setAnonymousMethods(List<Method> anonymousMethods) {
        synchronized (getAnonymousMethods()) {
            if (anonymousMethods != getAnonymousMethods()) {
                getAnonymousMethods().clear();

                if (anonymousMethods != null) {
                    getAnonymousMethods().addAll(anonymousMethods);
                }
            }
        }
    }

    /**
     * Sets the modifiable list of methods authorized for authenticated users.
     * This method clears the current list and adds all entries in the parameter
     * list.
     * 
     * @param authenticatedMethods
     *            A list of methods authorized for authenticated users.
     */
    public void setAuthenticatedMethods(List<Method> authenticatedMethods) {
        synchronized (getAuthenticatedMethods()) {
            if (authenticatedMethods != getAuthenticatedMethods()) {
                getAuthenticatedMethods().clear();

                if (authenticatedMethods != null) {
                    getAuthenticatedMethods().addAll(authenticatedMethods);
                }
            }
        }
    }

}