Basic Authorization

When using the Jmine platform there are two kinds of entities:

PersistableBusinessObject

Entities that directly extend jmine.tec.persist.bussobj.PersistableBusinessObject are not authorizable. Persistence operations on those entities will be sent to database when the transaction is commited.

AuthPersistableBusinessObject

Entities that extend jmine.tec.persist.bussobj.AuthPersistableBusinessObject on the other hand are authorizable. Persistence operations on those entities will be sent to the cold partition of the database. Operations on the cold partition can then be reviewed by a user and either allowed or denied.

Entity Configuration

In addition to extending AuthPersistableBusinessObject classes that need to be authorized must define the correct Hibernate filter:

@Filters({@Filter( name = "authFilter", condition = "auth = :auth")})

Session Factory Configuration

For authorization to work correctly you must be using the AnnotationPartitionSessionFactory provided in the platform as your Hibernate Session Factory. You may define this bean in your Spring configuration through the use of the also provided PartitionAnnotationSessionFactoryBean.

<bean id="sessionFactory" class="jmine.tec.persist.spring.PartitionAnnotationSessionFactoryBean">
         <property name="pureSessionFactoryBean">
             <ref bean="&pureSessionFactory"></ref>
         </property>
         <property name="boAuthorizationManager">
             <ref bean="boAuthorizationManager"></ref>
         </property>
</bean>

<bean id="pureSessionFactory" class="org.springframework.orm.hibernate3.LocalSessionFactoryBean">
...
</bean>

Note that the PartitionAnnotationSessionFactory needs a normal LocalSessionFactoryBean in order to work properly.