001    /*
002     * Copyright 2002-2005 the original author or authors.
003     *
004     * Licensed under the Apache License, Version 2.0 (the "License"); you may not
005     * use this file except in compliance with the License. You may obtain a copy of
006     * the License at
007     *
008     * http://www.apache.org/licenses/LICENSE-2.0
009     *
010     * Unless required by applicable law or agreed to in writing, software
011     * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
012     * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
013     * License for the specific language governing permissions and limitations under
014     * the License.
015     */
016    package org.springframework.richclient.security;
017    
018    import java.util.List;
019    
020    import org.springframework.richclient.core.Authorizable;
021    import org.springframework.security.AccessDecisionManager;
022    
023    /**
024     * A security controller is responsible for authorizing other {@link Authorizable}
025     * objects. Based on the current authentication and the configured access decision rules,
026     * the controlled objects will have their {@link Authorizable#setAuthorized(boolean)}
027     * method called accordingly.
028     * <p>
029     * The access decision manager is responsible for making the decision to authorize the
030     * controlled objects.
031     * 
032     * @author Larry Streepy
033     * 
034     */
035    public interface SecurityController extends AuthenticationAware {
036    
037        /**
038         * Set the access decision manager to use
039         * @param accessDecisionManager
040         */
041        public void setAccessDecisionManager(AccessDecisionManager accessDecisionManager);
042    
043        /**
044         * Get the access decision manager in use
045         * @return decision manager
046         */
047        public AccessDecisionManager getAccessDecisionManager();
048    
049        /**
050         * Set the objects that are to be controlled. Only beans that implement the
051         * {@link Authorized} interface are processed.
052         * @param secured List of objects to control
053         */
054        public void setControlledObjects(List secured);
055    
056        /**
057         * Add an object to our controlled set.
058         * @param object to control
059         */
060        public void addControlledObject(Authorizable object);
061    
062        /**
063         * Remove an object from our controlled set.
064         * @param object to remove
065         * @return object removed or null if not found
066         */
067        public Object removeControlledObject(Authorizable object);
068    }