A permission...

The source code is available here!

In Ori, a permission is composed of two String. This is important, because you will never see any object representing a permission in Ori.The first String represents a module, while the second String represents the action you want to perform in this module.

Translated to code this will look like: 

boolean result = token.hasPermission("Secret", "read");

So with this code we check if the user (token - see later) has the permission to perform the "read" action in the "Secret" module.

Why two String?



It brings an interesting feature. If you grant a permission (see later) that look like [ "secret" , Ori.ANY ], the user will be able to perform any action in the "secret" module. On the other hand if the permission look like [ Ori.ANY , "read" ], the user will be able to perform the "read" action in any module.

Create a domain

First of all, you need to create a comain, unfortunately that comes with some coding. 

IDomain domain = Ori.createDomain(
		userRoleListProvider,
		rolePermissionListProvider,
		userPermissionListProvider,
		passwordEncoder, 
		adminLogin,
		adminEncodedPassword);

Let's see all parameter one by one.

Implement IUserRoleListProvider

Why should I?

This interface is used to authenticate the user and return an array of String that contains the user's role. (If you don't need role based permissions, you can skip this interface!)

How do I?

This can be done by implementing ori.IUserRoleListProvider.

You have to implement the getUserRoleList function which provides the user's roles (you must also ensure that the encoded password is valid!) 

class UserRoleListProvider implements IUserRoleListProvider
{
	public IUserRoleList getUserRoleList()
	{
		UserRoleList result = new UserRoleList();
			
		result.addRoleToUser(LOGIN_A, "administrator");
		result.addRoleToUser(LOGIN_A, "user");
			
		result.addRoleToUser(LOGIN_B, "user");
			
		result.addRoleToUser(LOGIN_C, "user");
			
		return result;
	}
}

Implement IRolePermissionListProvider

Why should I?

This interface is used to declare all role and permission associated to these role! (If you don't need role based permissions, you can skip this interface!)

How do I?

This can done by implementing an ori.data.IPermissionList.

The getRoleList function can be easily implemented, by creating a ori.impl.PermissionList, and using it's addPermission function. The role's name is the key! 

class RolePermissionListProvider implements IRolePermissionListProvider
{
	public IPermissionList getRoleList()
	{
		PermissionList pl = new PermissionList();
			
		pl.addPermission("administrator", "Public", "read");
		pl.addPermission("administrator", "Public", "write");
		pl.addPermission("administrator", "Secret", "read");
		pl.addPermission("administrator", "Secret", "write");

		pl.addPermission("user", "Public", "read");
		pl.addPermission("user", "Public", "write");

		return pl;
	}
}

Implement IUserPermissionListProvider

Why should I?

This interface is used to grant permissions to a user. (If you don't need user based permissions, you can skip this interface!)

How do I?

This can be done by implementing ori.IUserModuleListProvider.

The implementation of the getUserList function can be made in the same fashion than with IRolePermissionListProvider, with the help of the ori.impl.PermissionList class addPermission funcion. The user login is the key! 

class UserPermissionListProvider implements IUserPermissionListProvider
{
	public IPermissionList getUserPermissionList()
	{
		PermissionList pl = new PermissionList();
		pl.addPermission(LOGIN_C,"Secret","read");
		return pl;
	}
}

Implement IPasswordEncoder

This can be done by implementing ori.IPasswordEncoder.

You have to implement the encode function which encode your password. There is an implementation: ori.impl.encoder.MD5HexaEncoder, it converts the password in MD5 and then converts it to hexa. So if your password is "test", the result will be "098f6bcd4621d373cade4e832627b4f6" (which is kind of database friendly). You can test it with the ori.impl.encoder.Encoder swing tool. The password won't be encoded if you don't implement it and you pass null! 

IPasswordEncoder passwordEncoder = new MD5HexaEncoder();

Declare a superuser

You can declare a superuser/root/admin user by giving it's login and it's encoded password (so you can store it in a config file) . A user with the same login, won't be able to login! Can be null (so there won't be such a user)! This implicit user has the [ Ori.ANY , Ori.ANY ] permission.

Use Ori

Once you have your domain, you can start using it.

Login into your domain

IToken token = domain.login(LOGIN_A, PASSWORD_A);

Check the user's permission

boolean result = token.hasPermission("secret", "read");

Logout the user

token.invalidate();

Destroy you domain!

domain.destroy();

That's all! See the whole source code!