So after all, my opinion is to have two methods:
Identity.hasPermission(Object object, Operation operation) throws
AuthorizationException;
Identity.hasPermission(ResourceIdentifier resourceIdentifier,
Operation operation) throws AuthorizationException;
+1, I think that having two methods is the best solution, with the
caveat that overloading like this doesn't cause issues with EL. The
Object parameter version of this method will most likely delegate to
the ResourceIdentifier method anyway, as a ResourceIdentifier will be
required for all lookups. By the way, we should make this as
transparent as possible - out of the box, DeltaSpike should provide a
ResourceIdentifier implementation for entity beans that will build a
unique identifier based on the class name and the primary key value.
Another alternative that we should support is allowing the user to
specify which ResourceIdentifier to use on the domain class itself:
@Entity
@Identifier(CustomerResourceIdentifier.class)
public class Customer
{
}
Yet another alternative that we should support is the packaging of
additional ResourceIdentifier implementations with an application,
that are automatically discovered and iterated through when the
permission check can't determine which ResourceIdentifier to use.
With that in mind, the ResourceIdentifier interface should look like
this:
public interface ResourceIdentifier
{
boolean canIdentify(Class targetClass);
String getIdentifier(Object resource);
}
The canIdentify() method will return true if the specified class is
one that this ResourceIdentifier is capable of generating identifier
strings for.
That will be nice. Another idea can be to have some interface, which
needs to be implemented by the Resource object and ResourceIdentifier
can use it then. Like:
public interface Resource
{
public ResourceIdentifier getIdentifier();
}
public class Customer implements Resource
{
private customerId;
// snippet
public ResourceIdentifier getIdentifier
{
return new ResourceIdentifier(Customer.class.getName(),
getCustomerId());
}
}
And then Identity like
public Identity
{
public hasPermission(Object resource, String action)
{
if (resource instanceof Resource)
{
return hasPermission((Resource)resource.getIdentifier(),
action);
}
else
{
// use other ways to map ResourceIdentifier from Object
}
}
public hasPermission(ResourceIdentifier resIdentifier, action)
{
// snipet
}
}
With this design, it would be easy to map ResourceIdentifier for various
type of objects. Of course, limitation is that Object needs to implement
the Resource interface. which can't be always done. So we will need
toher ways for ResourceIdentifier mapping anyway.
Thanks,
Marek
