You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@jena.apache.org by bu...@apache.org on 2015/07/26 12:53:57 UTC
svn commit: r959630 [2/2] - in /websites/staging/jena/trunk/content: ./
documentation/permissions/ documentation/security/
Added: websites/staging/jena/trunk/content/documentation/permissions/example.html
==============================================================================
--- websites/staging/jena/trunk/content/documentation/permissions/example.html (added)
+++ websites/staging/jena/trunk/content/documentation/permissions/example.html Sun Jul 26 10:53:56 2015
@@ -0,0 +1,327 @@
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
+<html>
+<head>
+<!--
+
+ Licensed to the Apache Software Foundation (ASF) under one or more
+ contributor license agreements. See the NOTICE file distributed with
+ this work for additional information regarding copyright ownership.
+ The ASF licenses this file to You under the Apache License, Version 2.0
+ (the "License"); you may not use this file except in compliance with
+ the License. You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE- 2.0
+
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+-->
+
+ <title>Apache Jena - Adding Jena-Permissions to Fuseki</title>
+ <meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
+ <meta name="viewport" content="width=device-width, initial-scale=1.0">
+
+ <link href="/css/bootstrap.min.css" rel="stylesheet" media="screen">
+ <link href="/css/bootstrap-extension.css" rel="stylesheet" type="text/css">
+ <link href="/css/jena.css" rel="stylesheet" type="text/css">
+ <link rel="shortcut icon" href="/images/favicon.ico" />
+
+ <script src="https://code.jquery.com/jquery-2.0.3.min.js"></script>
+ <script src="/js/jena-navigation.js" type="text/javascript"></script>
+ <script src="/js/bootstrap.min.js" type="text/javascript"></script>
+ <script src="/js/breadcrumbs.js" type="text/javascript"></script>
+
+ <script src="/js/improve.js" type="text/javascript"></script>
+
+
+ <!-- Uncomment to enable code coloring <link href="/css/codehilite.css" rel="stylesheet" type="text/css"> -->
+
+</head>
+
+<body>
+
+
+
+<nav class="navbar navbar-default" role="navigation">
+<div class="container">
+ <div class="navbar-header">
+
+ <button type="button" class="navbar-toggle" data-toggle="collapse" data-target=".navbar-ex1-collapse">
+ <span class="icon-bar"></span>
+ <span class="icon-bar"></span>
+ <span class="icon-bar"></span>
+ </button>
+ <a class="navbar-brand" href="/index.html">
+ <img class="logo-menu" src="/images/jena-logo/jena-logo-notext-small.png" alt="jena logo">Apache Jena</a>
+ </div>
+
+ <div class="collapse navbar-collapse navbar-ex1-collapse">
+ <ul class="nav navbar-nav">
+ <li id="homepage"><a href="/index.html"><span class="glyphicon glyphicon-home"></span> Home</a></li>
+ <li id="download"><a href="/download/index.cgi"><span class="glyphicon glyphicon-download-alt"></span> Download</a></li>
+ <li class="dropdown">
+ <a href="#" class="dropdown-toggle" data-toggle="dropdown"><span class="glyphicon glyphicon-book"></span> Learn <b class="caret"></b></a>
+ <ul class="dropdown-menu">
+ <li class="dropdown-header">Tutorials</li>
+ <li><a href="/tutorials/index.html">Overview</a></li>
+ <li><a href="/tutorials/rdf_api.html">RDF core API tutorial</a></li>
+ <li><a href="/tutorials/sparql.html">SPARQL tutorial</a></li>
+ <li><a href="/documentation/query/manipulating_sparql_using_arq.html">Manipulating SPARQL using ARQ</a></li>
+ <li><a href="/tutorials/using_jena_with_eclipse.html">Using Jena with Eclipse</a></li>
+ <li><a href="/documentation/notes/index.html">How-To's</a></li>
+ <li class="divider"></li>
+ <li class="dropdown-header">References</li>
+ <li><a href="/documentation/index.html">Overview</a></li>
+ <li><a href="/documentation/javadoc/">Javadoc</a></li>
+ <li><a href="/documentation/rdf/index.html">RDF API</a></li>
+ <li><a href="/documentation/io/">RDF I/O</a></li>
+ <li><a href="/documentation/query/index.html">ARQ (SPARQL)</a></li>
+ <li><a href="/documentation/hadoop/index.html">Elephas - tools for RDF on Hadoop</a></li>
+ <li><a href="/documentation/query/text-query.html">Text Search</a></li>
+ <li><a href="/documentation/tdb/index.html">TDB</a></li>
+ <li><a href="/documentation/sdb/index.html">SDB</a></li>
+ <li><a href="/documentation/jdbc/index.html">SPARQL over JDBC</a></li>
+ <li><a href="/documentation/fuseki2/index.html">Fuseki</a></li>
+ <li><a href="/documentation/permissions/index.html">Permissions</a></li>
+ <li><a href="/documentation/assembler/index.html">Assembler</a></li>
+ <li><a href="/documentation/ontology/">Ontology API</a></li>
+ <li><a href="/documentation/inference/index.html">Inference API</a></li>
+ <li><a href="/documentation/tools/index.html">Command-line tools</a></li>
+ <li><a href="/documentation/extras/index.html">Extras</a></li>
+ </ul>
+ </li>
+
+ <li class="drop down">
+ <a href="#" class="dropdown-toggle" data-toggle="dropdown"><span class="glyphicon glyphicon-book"></span> Javadoc <b class="caret"></b></a>
+ <ul class="dropdown-menu">
+ <li><a href="/documentation/javadoc/jena/">Jena Core</a></li>
+ <li><a href="/documentation/javadoc/arq/">ARQ</a></li>
+ <li><a href="/documentation/javadoc/tdb/">TDB</a></li>
+ <li><a href="/documentation/javadoc/elephas/">Elephas</a></li>
+ <li><a href="/documentation/javadoc/text/">Text Search</a></li>
+ <li><a href="/documentation/javadoc/spatial/">Spatial Search</a></li>
+ <li><a href="/documentation/javadoc/security/">Security</a></li>
+ <li><a href="/documentation/javadoc/jdbc/">JDBC</a></li>
+ <li><a href="/documentation/javadoc/">All Javadoc</a></li>
+ </ul>
+ </li>
+
+ <li id="ask"><a href="/help_and_support/index.html"><span class="glyphicon glyphicon-question-sign"></span> Ask</a></li>
+
+ <li class="dropdown">
+ <a href="#" class="dropdown-toggle" data-toggle="dropdown"><span class="glyphicon glyphicon-bullhorn"></span> Get involved <b class="caret"></b></a>
+ <ul class="dropdown-menu">
+ <li><a href="/getting_involved/index.html">Contribute</a></li>
+ <li><a href="/help_and_support/bugs_and_suggestions.html">Report a bug</a></li>
+ <li class="divider"></li>
+ <li class="dropdown-header">Project</li>
+ <li><a href="/about_jena/about.html">About Jena</a></li>
+ <li><a href="/about_jena/roadmap.html">Roadmap</a></li>
+ <li><a href="/about_jena/architecture.html">Architecture</a></li>
+ <li><a href="/about_jena/team.html">Project team</a></li>
+ <li><a href="/about_jena/contributions.html">Related projects</a></li>
+ <li class="divider"></li>
+ <li class="dropdown-header">ASF</li>
+ <li><a href="http://www.apache.org/">Apache Software Foundation</a></li>
+ <li><a href="http://www.apache.org/licenses/LICENSE-2.0">License</a></li>
+ <li><a href="http://www.apache.org/foundation/thanks.html">Thanks</a></li>
+ <li><a href="http://www.apache.org/foundation/sponsorship.html">Become a Sponsor</a></li>
+ <li><a href="http://www.apache.org/security/">Security</a></li>
+ </ul>
+ </li>
+
+ <li id="edit"><a href="javascript:improveThisPage(location.href);" title="Improve this Page (Use username anonymous and empty password)"><span class="glyphicon glyphicon-pencil"></span> Improve this Page</a></li>
+ </ul>
+ </div>
+</div>
+</nav>
+
+
+<div class="container">
+ <div class="row">
+ <div class="col-md-12">
+ <div id="breadcrumbs"></div>
+ <h1 class="title">Adding Jena-Permissions to Fuseki</h1>
+ <style type="text/css">
+/* The following code is added by mdx_elementid.py
+ It was originally lifted from http://subversion.apache.org/style/site.css */
+/*
+ * Hide class="elementid-permalink", except when an enclosing heading
+ * has the :hover property.
+ */
+.headerlink, .elementid-permalink {
+ visibility: hidden;
+}
+h2:hover > .headerlink, h3:hover > .headerlink, h1:hover > .headerlink, h6:hover > .headerlink, h4:hover > .headerlink, h5:hover > .headerlink, dt:hover > .elementid-permalink { visibility: visible }</style>
+<h2 id="overview">Overview<a class="headerlink" href="#overview" title="Permanent link">¶</a></h2>
+<p>The goal of this document is to add jena-permissions to a fuseki deployment to restrict access to graph data. This example will take the jena-permission example application, deploy the data to a fuseki instance and add the jena-permission to achieve the same access restrictions that the example application has.</p>
+<p>To do this you will need a Fuseki installation, the Permissions Packages and a SecurityEvaluator implementation. For this example we will use the SecurityEvaluator from the Permissions-Examples.</p>
+<h2 id="set-up">Set up<a class="headerlink" href="#set-up" title="Permanent link">¶</a></h2>
+<p>This example uses Fuseki 2.3.0, Permissions 3.0.0 and Apache Commons Collections v4. </p>
+<p>Fuseki can be downloaded from:
+[https://repository.apache.org/content/repositories/snapshots/org/apache/jena/apache-jena-fuseki/]</p>
+<p>Jena Permissions jars can be downloaded from:
+[https://repository.apache.org/content/repositories/snapshots/org/apache/jena/jena-permissions/]</p>
+<ol>
+<li>
+<p>Download and unpack Fuseki. The directory that you unpack Fuseki into will be referred to as the <code>Fuseki Home</code> directory for the remainder of this document.</p>
+</li>
+<li>
+<p>Download permissions 3.0.0 jar and 3.0.0 permissions-example jar.</p>
+</li>
+<li>
+<p>Copy the permissions jar and the permissions-example jar into the Fuseki Home directory. For the rest of this document the permissions jar will be referred to as <code>permissions.jar</code> and the permissions-example.jar as <code>example.jar</code></p>
+</li>
+<li>
+<p>Download the Apache Commons Collections v4
+[http://commons.apache.org/proper/commons-collections/download_collections.cgi]
+Uncompress the <code>commons-collections*.jar</code> into the <code>Fuseki Home</code> directory.</p>
+</li>
+<li>
+<p>Add security jars to the startup script/batch file.</p>
+<ul>
+<li>
+<p>On *NIX edit fuseki-server script </p>
+<ol>
+<li>Comment out the line that reads <code>exec java $JVM_ARGS -jar "$JAR" "$@"</code></li>
+<li>Uncomment the line that reads <code>\#\# APPJAR=MyCode.jar</code></li>
+<li>Uncomment the line that reads <code>\#\# java $JVM_ARGS -cp "$JAR:$APPJAR" org.apache.jena.fuseki.cmd.FusekiCmd "$@"</code></li>
+<li>change <code>MyCode.jar</code> to <code>permissions.jar:example.jar:commons-collections*.jar</code></li>
+</ol>
+</li>
+<li>
+<p>On Windows edit fuseki-server.bat file.</p>
+<ol>
+<li>Comment out the line that reads <code>java -Xmx1200M -jar fuseki-server.jar %*</code></li>
+<li>Uncomment the line that reads <code>@REM java ... -cp fuseki-server.jar;MyCustomCode.jar org.apache.jena.fuseki.cmd.FusekiCmd %*</code></li>
+<li>Change <code>MyCustomCode.jar</code> to <code>permissions.jar;example.jar;commons-collections*.jar</code></li>
+</ol>
+</li>
+</ul>
+</li>
+<li>
+<p>Run the fuseki-server script or batch file.</p>
+</li>
+<li>
+<p>Stop the server. </p>
+</li>
+<li>
+<p>Extract the example configuration into the newly created <code>Fuseki Home/run</code> directory.
+ From the example.jar archive: </p>
+<ul>
+<li>extract <code>/org/apache/jena/permissions/example/example.ttl</code> into the <code>Fuseki Home/run</code> directory</li>
+<li>extract <code>/org/apache/jena/permissions/example/fuseki/config.ttl</code> into the <code>Fuseki Home/run</code> directory</li>
+<li>extract <code>/org/apache/jena/permissions/example/fuseki/shiro.ini</code> into the <code>Fuseki Home/run</code> directory</li>
+</ul>
+</li>
+<li>
+<p>Run <code>fuseki-server âconfig=run/config.ttl</code> or <code>fuseki-server.bat âconfig=run/config.ttl</code></p>
+</li>
+</ol>
+<h2 id="review-of-configuration">Review of configuration<a class="headerlink" href="#review-of-configuration" title="Permanent link">¶</a></h2>
+<p>At this point the system is configured with the following logins:</p>
+<table>
+<tr><th>Login</th><th>password</th><th>Access to</th></tr>
+<tr><td>admin</td><td>admin</td><td>Everything</td></tr>
+<tr><td>alice</td><td>alice</td><td>Only messages to or from alice</td></tr>
+<tr><td>bob</td><td>bob</td><td>Only messages to or from bob</td></tr>
+<tr><td>chuck</td><td>chuck</td><td>Only messages to or from chuck</td></tr>
+<tr><td>darla</td><td>darla</td><td>Only messages to or from darla</td></tr>
+</table>
+
+<p>The messages graph is defined in the <code>run/example.ttl</code> file.</p>
+<p>The <code>run/shiro.ini</code> file lists the users and their passwords and configures Fuseki to require authentication to access to the graphs.</p>
+<p>The <code>run/config.ttl</code> file adds the permissions to the graph as follows by applying the
+<code>org.apache.jena.permissions.example.ShiroExampleEvaluator</code> security evaluator to the message
+graph.</p>
+<p>Define all the prefixes </p>
+<div class="codehilite"><pre><span class="p">@</span><span class="n">prefix</span> <span class="n">fuseki</span><span class="p">:</span> <span class="o"><</span><span class="n">http</span><span class="p">:</span><span class="o">//</span><span class="n">jena</span><span class="p">.</span><span class="n">apache</span><span class="p">.</span><span class="n">org</span><span class="o">/</span><span class="n">fuseki</span>#<span class="o">></span> <span class="p">.</span>
+<span class="p">@</span><span class="n">prefix</span> <span class="n">tdb</span><span class="p">:</span> <span class="o"><</span><span class="n">http</span><span class="p">:</span><span class="o">//</span><span class="n">jena</span><span class="p">.</span><span class="n">hpl</span><span class="p">.</span><span class="n">hp</span><span class="p">.</span><span class="n">com</span><span class="o">/</span>2008<span class="o">/</span><span class="n">tdb</span>#<span class="o">></span> <span class="p">.</span>
+<span class="p">@</span><span class="n">prefix</span> <span class="n">rdf</span><span class="p">:</span> <span class="o"><</span><span class="n">http</span><span class="p">:</span><span class="o">//</span><span class="n">www</span><span class="p">.</span><span class="n">w3</span><span class="p">.</span><span class="n">org</span><span class="o">/</span>1999<span class="o">/</span>02<span class="o">/</span>22<span class="o">-</span><span class="n">rdf</span><span class="o">-</span><span class="n">syntax</span><span class="o">-</span><span class="n">ns</span>#<span class="o">></span> <span class="p">.</span>
+<span class="p">@</span><span class="n">prefix</span> <span class="n">rdfs</span><span class="p">:</span> <span class="o"><</span><span class="n">http</span><span class="p">:</span><span class="o">//</span><span class="n">www</span><span class="p">.</span><span class="n">w3</span><span class="p">.</span><span class="n">org</span><span class="o">/</span>2000<span class="o">/</span>01<span class="o">/</span><span class="n">rdf</span><span class="o">-</span><span class="n">schema</span>#<span class="o">></span> <span class="p">.</span>
+<span class="p">@</span><span class="n">prefix</span> <span class="n">ja</span><span class="p">:</span> <span class="o"><</span><span class="n">http</span><span class="p">:</span><span class="o">//</span><span class="n">jena</span><span class="p">.</span><span class="n">hpl</span><span class="p">.</span><span class="n">hp</span><span class="p">.</span><span class="n">com</span><span class="o">/</span>2005<span class="o">/</span>11<span class="o">/</span><span class="n">Assembler</span>#<span class="o">></span> <span class="p">.</span>
+<span class="p">@</span><span class="n">prefix</span> <span class="n">perm</span><span class="p">:</span> <span class="o"><</span><span class="n">http</span><span class="p">:</span><span class="o">//</span><span class="n">apache</span><span class="p">.</span><span class="n">org</span><span class="o">/</span><span class="n">jena</span><span class="o">/</span><span class="n">permissions</span><span class="o">/</span><span class="n">Assembler</span>#<span class="o">></span> <span class="p">.</span>
+<span class="p">@</span><span class="n">prefix</span> <span class="n">my</span><span class="p">:</span> <span class="o"><</span><span class="n">http</span><span class="p">:</span><span class="o">//</span><span class="n">example</span><span class="p">.</span><span class="n">org</span><span class="o">/</span>#<span class="o">></span> <span class="p">.</span>
+</pre></div>
+
+
+<p>Load the SecuredAssembler class from the permissions library and define the perm:Model as a subclass of ja:NamedModel.</p>
+<div class="codehilite"><pre><span class="p">[]</span> <span class="n">ja</span><span class="p">:</span><span class="n">loadClass</span> "<span class="n">org</span><span class="p">.</span><span class="n">apache</span><span class="p">.</span><span class="n">jena</span><span class="p">.</span><span class="n">permissions</span><span class="p">.</span><span class="n">SecuredAssembler</span>" <span class="p">.</span>
+<span class="n">perm</span><span class="p">:</span><span class="n">Model</span> <span class="n">rdfs</span><span class="p">:</span><span class="n">subClassOf</span> <span class="n">ja</span><span class="p">:</span><span class="n">NamedModel</span> <span class="p">.</span>
+</pre></div>
+
+
+<p>Define the base model that contains the unsecured data.</p>
+<div class="codehilite"><pre><span class="n">my</span><span class="o">:</span><span class="n">baseModel</span> <span class="n">rdf</span><span class="o">:</span><span class="n">type</span> <span class="n">ja</span><span class="o">:</span><span class="n">MemoryModel</span><span class="o">;</span>
+ <span class="n">ja</span><span class="o">:</span><span class="n">content</span> <span class="o">[</span><span class="n">ja</span><span class="o">:</span><span class="n">externalContent</span> <span class="o"><</span><span class="n">file</span><span class="o">:./</span><span class="n">example</span><span class="o">.</span><span class="na">ttl</span><span class="o">>]</span>
+ <span class="o">.</span>
+</pre></div>
+
+
+<p>Define the secured model. This is where permissions is applied to the my:baseModel to create a model that has permission restrictions. Note that it is using the security evaluator implementation (sec:evaluatorImpl) called my:secEvaluator which we will define next.</p>
+<div class="codehilite"><pre><span class="n">my</span><span class="o">:</span><span class="n">securedModel</span> <span class="n">rdf</span><span class="o">:</span><span class="n">type</span> <span class="n">sec</span><span class="o">:</span><span class="n">Model</span> <span class="o">;</span>
+ <span class="n">perm</span><span class="o">:</span><span class="n">baseModel</span> <span class="n">my</span><span class="o">:</span><span class="n">baseModel</span> <span class="o">;</span>
+ <span class="n">ja</span><span class="o">:</span><span class="n">modelName</span> <span class="s2">"https://example.org/securedModel"</span> <span class="o">;</span>
+ <span class="n">perm</span><span class="o">:</span><span class="n">evaluatorImpl</span> <span class="n">my</span><span class="o">:</span><span class="n">secEvaluator</span> <span class="o">.</span>
+</pre></div>
+
+
+<p>Define the security evaluator. This is where we use the example ShiroExampleEvaluator. For your production environment you will replace "org.apache.jena.security.example.ShiroExampleEvaluator" with your SecurityEvaluator implementation. Note that ShiroExampleEvaluator constructor takes a Model argument. We pass in the unsecured baseModel so that the evaluator can read it unencumbered. Your implementation of SecurityEvaluator may have different parameters to meet your specific needs.</p>
+<div class="codehilite"><pre><span class="n">my</span><span class="o">:</span><span class="n">secEvaluator</span> <span class="n">rdf</span><span class="o">:</span><span class="n">type</span> <span class="n">perm</span><span class="o">:</span><span class="n">Evaluator</span> <span class="o">;</span>
+ <span class="n">perm</span><span class="o">:</span><span class="n">args</span> <span class="o">[</span>
+ <span class="n">rdf</span><span class="o">:</span><span class="n">_1</span> <span class="n">my</span><span class="o">:</span><span class="n">baseModel</span> <span class="o">;</span>
+ <span class="o">]</span> <span class="o">;</span>
+ <span class="n">perm</span><span class="o">:</span><span class="n">evaluatorClass</span> <span class="s2">"org.apache.jena.permissions.example.ShiroExampleEvaluator"</span> <span class="o">.</span>
+</pre></div>
+
+
+<p>Define the dataset that we will use for in the server.</p>
+<div class="codehilite"><pre><span class="n">my</span><span class="o">:</span><span class="n">securedDataset</span> <span class="n">rdf</span><span class="o">:</span><span class="n">type</span> <span class="n">ja</span><span class="o">:</span><span class="n">RDFDataset</span> <span class="o">;</span>
+ <span class="n">ja</span><span class="o">:</span><span class="n">defaultGraph</span> <span class="n">my</span><span class="o">:</span><span class="n">securedModel</span> <span class="o">.</span>
+</pre></div>
+
+
+<p>Define the fuseki:Server.</p>
+<div class="codehilite"><pre><span class="n">my</span><span class="o">:</span><span class="n">fuskei</span> <span class="n">rdf</span><span class="o">:</span><span class="n">type</span> <span class="n">fuseki</span><span class="o">:</span><span class="n">Server</span> <span class="o">;</span>
+ <span class="n">fuseki</span><span class="o">:</span><span class="n">services</span> <span class="o">(</span>
+ <span class="n">my</span><span class="o">:</span><span class="n">service1</span>
+ <span class="o">)</span> <span class="o">.</span>
+</pre></div>
+
+
+<p>Define the service for the fuseki:Service. Note that the fuseki:dataset served by this server is the secured dataset defined above.</p>
+<div class="codehilite"><pre><span class="n">my</span><span class="o">:</span><span class="n">service1</span> <span class="n">rdf</span><span class="o">:</span><span class="n">type</span> <span class="n">fuseki</span><span class="o">:</span><span class="n">Service</span> <span class="o">;</span>
+ <span class="n">rdfs</span><span class="o">:</span><span class="n">label</span> <span class="s2">"My Secured Data Service"</span> <span class="o">;</span>
+ <span class="n">fuseki</span><span class="o">:</span><span class="n">name</span> <span class="s2">"myAppFuseki"</span> <span class="o">;</span> <span class="err">#</span> <span class="n">http</span><span class="o">://</span><span class="n">host</span><span class="o">:</span><span class="n">port</span><span class="o">/</span><span class="n">myAppFuseki</span>
+ <span class="n">fuseki</span><span class="o">:</span><span class="n">serviceQuery</span> <span class="s2">"query"</span> <span class="o">;</span> <span class="err">#</span> <span class="n">SPARQL</span> <span class="n">query</span> <span class="n">service</span>
+ <span class="n">fuseki</span><span class="o">:</span><span class="n">serviceQuery</span> <span class="s2">"sparql"</span> <span class="o">;</span> <span class="err">#</span> <span class="n">SPARQL</span> <span class="n">query</span> <span class="n">service</span>
+ <span class="n">fuseki</span><span class="o">:</span><span class="n">serviceUpdate</span> <span class="s2">"update"</span> <span class="o">;</span> <span class="err">#</span> <span class="n">SPARQL</span> <span class="n">query</span> <span class="n">service</span>
+ <span class="n">fuseki</span><span class="o">:</span><span class="n">serviceUpload</span> <span class="s2">"upload"</span> <span class="o">;</span> <span class="err">#</span> <span class="n">Non</span><span class="o">-</span><span class="n">SPARQL</span> <span class="n">upload</span> <span class="n">service</span>
+ <span class="n">fuseki</span><span class="o">:</span><span class="n">serviceReadWriteGraphStore</span> <span class="s2">"data"</span> <span class="o">;</span> <span class="err">#</span> <span class="n">SPARQL</span> <span class="n">Graph</span> <span class="n">store</span> <span class="n">protocol</span> <span class="o">(</span><span class="n">read</span> <span class="n">and</span> <span class="n">write</span><span class="o">)</span>
+ <span class="err">#</span> <span class="n">A</span> <span class="n">separate</span> <span class="n">ead</span><span class="o">-</span><span class="n">only</span> <span class="n">graph</span> <span class="n">store</span> <span class="n">endpoint</span><span class="o">:</span>
+ <span class="n">fuseki</span><span class="o">:</span><span class="n">serviceReadGraphStore</span> <span class="s2">"get"</span> <span class="o">;</span> <span class="err">#</span> <span class="n">SPARQL</span> <span class="n">Graph</span> <span class="n">store</span> <span class="n">protocol</span> <span class="o">(</span><span class="n">read</span> <span class="n">only</span><span class="o">)</span>
+ <span class="n">fuseki</span><span class="o">:</span><span class="n">dataset</span> <span class="n">my</span><span class="o">:</span><span class="n">securedDataset</span> <span class="o">;</span>
+<span class="o">.</span>
+</pre></div>
+ </div>
+</div>
+
+</div><!--/.container -->
+
+ <footer class="footer">
+ <div class="container">
+ <p>Copyright © 2011–2015 The Apache Software Foundation, Licensed under
+ the <a href="http://www.apache.org/licenses/LICENSE-2.0">Apache License, Version 2.0</a>.
+ </p>
+ <p>
+ Apache Jena, Jena, the Apache Jena project logo,
+ Apache and the Apache feather logos are trademarks of The Apache Software Foundation.
+ </p>
+ </div>
+ </footer>
+
+
+</body>
+</html>
Added: websites/staging/jena/trunk/content/documentation/permissions/index.html
==============================================================================
--- websites/staging/jena/trunk/content/documentation/permissions/index.html (added)
+++ websites/staging/jena/trunk/content/documentation/permissions/index.html Sun Jul 26 10:53:56 2015
@@ -0,0 +1,197 @@
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
+<html>
+<head>
+<!--
+
+ Licensed to the Apache Software Foundation (ASF) under one or more
+ contributor license agreements. See the NOTICE file distributed with
+ this work for additional information regarding copyright ownership.
+ The ASF licenses this file to You under the Apache License, Version 2.0
+ (the "License"); you may not use this file except in compliance with
+ the License. You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE- 2.0
+
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+-->
+
+ <title>Apache Jena - Jena Permissions - A Permissions wrapper around the Jena RDF implementation</title>
+ <meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
+ <meta name="viewport" content="width=device-width, initial-scale=1.0">
+
+ <link href="/css/bootstrap.min.css" rel="stylesheet" media="screen">
+ <link href="/css/bootstrap-extension.css" rel="stylesheet" type="text/css">
+ <link href="/css/jena.css" rel="stylesheet" type="text/css">
+ <link rel="shortcut icon" href="/images/favicon.ico" />
+
+ <script src="https://code.jquery.com/jquery-2.0.3.min.js"></script>
+ <script src="/js/jena-navigation.js" type="text/javascript"></script>
+ <script src="/js/bootstrap.min.js" type="text/javascript"></script>
+ <script src="/js/breadcrumbs.js" type="text/javascript"></script>
+
+ <script src="/js/improve.js" type="text/javascript"></script>
+
+
+ <!-- Uncomment to enable code coloring <link href="/css/codehilite.css" rel="stylesheet" type="text/css"> -->
+
+</head>
+
+<body>
+
+
+
+<nav class="navbar navbar-default" role="navigation">
+<div class="container">
+ <div class="navbar-header">
+
+ <button type="button" class="navbar-toggle" data-toggle="collapse" data-target=".navbar-ex1-collapse">
+ <span class="icon-bar"></span>
+ <span class="icon-bar"></span>
+ <span class="icon-bar"></span>
+ </button>
+ <a class="navbar-brand" href="/index.html">
+ <img class="logo-menu" src="/images/jena-logo/jena-logo-notext-small.png" alt="jena logo">Apache Jena</a>
+ </div>
+
+ <div class="collapse navbar-collapse navbar-ex1-collapse">
+ <ul class="nav navbar-nav">
+ <li id="homepage"><a href="/index.html"><span class="glyphicon glyphicon-home"></span> Home</a></li>
+ <li id="download"><a href="/download/index.cgi"><span class="glyphicon glyphicon-download-alt"></span> Download</a></li>
+ <li class="dropdown">
+ <a href="#" class="dropdown-toggle" data-toggle="dropdown"><span class="glyphicon glyphicon-book"></span> Learn <b class="caret"></b></a>
+ <ul class="dropdown-menu">
+ <li class="dropdown-header">Tutorials</li>
+ <li><a href="/tutorials/index.html">Overview</a></li>
+ <li><a href="/tutorials/rdf_api.html">RDF core API tutorial</a></li>
+ <li><a href="/tutorials/sparql.html">SPARQL tutorial</a></li>
+ <li><a href="/documentation/query/manipulating_sparql_using_arq.html">Manipulating SPARQL using ARQ</a></li>
+ <li><a href="/tutorials/using_jena_with_eclipse.html">Using Jena with Eclipse</a></li>
+ <li><a href="/documentation/notes/index.html">How-To's</a></li>
+ <li class="divider"></li>
+ <li class="dropdown-header">References</li>
+ <li><a href="/documentation/index.html">Overview</a></li>
+ <li><a href="/documentation/javadoc/">Javadoc</a></li>
+ <li><a href="/documentation/rdf/index.html">RDF API</a></li>
+ <li><a href="/documentation/io/">RDF I/O</a></li>
+ <li><a href="/documentation/query/index.html">ARQ (SPARQL)</a></li>
+ <li><a href="/documentation/hadoop/index.html">Elephas - tools for RDF on Hadoop</a></li>
+ <li><a href="/documentation/query/text-query.html">Text Search</a></li>
+ <li><a href="/documentation/tdb/index.html">TDB</a></li>
+ <li><a href="/documentation/sdb/index.html">SDB</a></li>
+ <li><a href="/documentation/jdbc/index.html">SPARQL over JDBC</a></li>
+ <li><a href="/documentation/fuseki2/index.html">Fuseki</a></li>
+ <li><a href="/documentation/permissions/index.html">Permissions</a></li>
+ <li><a href="/documentation/assembler/index.html">Assembler</a></li>
+ <li><a href="/documentation/ontology/">Ontology API</a></li>
+ <li><a href="/documentation/inference/index.html">Inference API</a></li>
+ <li><a href="/documentation/tools/index.html">Command-line tools</a></li>
+ <li><a href="/documentation/extras/index.html">Extras</a></li>
+ </ul>
+ </li>
+
+ <li class="drop down">
+ <a href="#" class="dropdown-toggle" data-toggle="dropdown"><span class="glyphicon glyphicon-book"></span> Javadoc <b class="caret"></b></a>
+ <ul class="dropdown-menu">
+ <li><a href="/documentation/javadoc/jena/">Jena Core</a></li>
+ <li><a href="/documentation/javadoc/arq/">ARQ</a></li>
+ <li><a href="/documentation/javadoc/tdb/">TDB</a></li>
+ <li><a href="/documentation/javadoc/elephas/">Elephas</a></li>
+ <li><a href="/documentation/javadoc/text/">Text Search</a></li>
+ <li><a href="/documentation/javadoc/spatial/">Spatial Search</a></li>
+ <li><a href="/documentation/javadoc/security/">Security</a></li>
+ <li><a href="/documentation/javadoc/jdbc/">JDBC</a></li>
+ <li><a href="/documentation/javadoc/">All Javadoc</a></li>
+ </ul>
+ </li>
+
+ <li id="ask"><a href="/help_and_support/index.html"><span class="glyphicon glyphicon-question-sign"></span> Ask</a></li>
+
+ <li class="dropdown">
+ <a href="#" class="dropdown-toggle" data-toggle="dropdown"><span class="glyphicon glyphicon-bullhorn"></span> Get involved <b class="caret"></b></a>
+ <ul class="dropdown-menu">
+ <li><a href="/getting_involved/index.html">Contribute</a></li>
+ <li><a href="/help_and_support/bugs_and_suggestions.html">Report a bug</a></li>
+ <li class="divider"></li>
+ <li class="dropdown-header">Project</li>
+ <li><a href="/about_jena/about.html">About Jena</a></li>
+ <li><a href="/about_jena/roadmap.html">Roadmap</a></li>
+ <li><a href="/about_jena/architecture.html">Architecture</a></li>
+ <li><a href="/about_jena/team.html">Project team</a></li>
+ <li><a href="/about_jena/contributions.html">Related projects</a></li>
+ <li class="divider"></li>
+ <li class="dropdown-header">ASF</li>
+ <li><a href="http://www.apache.org/">Apache Software Foundation</a></li>
+ <li><a href="http://www.apache.org/licenses/LICENSE-2.0">License</a></li>
+ <li><a href="http://www.apache.org/foundation/thanks.html">Thanks</a></li>
+ <li><a href="http://www.apache.org/foundation/sponsorship.html">Become a Sponsor</a></li>
+ <li><a href="http://www.apache.org/security/">Security</a></li>
+ </ul>
+ </li>
+
+ <li id="edit"><a href="javascript:improveThisPage(location.href);" title="Improve this Page (Use username anonymous and empty password)"><span class="glyphicon glyphicon-pencil"></span> Improve this Page</a></li>
+ </ul>
+ </div>
+</div>
+</nav>
+
+
+<div class="container">
+ <div class="row">
+ <div class="col-md-12">
+ <div id="breadcrumbs"></div>
+ <h1 class="title">Jena Permissions - A Permissions wrapper around the Jena RDF implementation</h1>
+ <style type="text/css">
+/* The following code is added by mdx_elementid.py
+ It was originally lifted from http://subversion.apache.org/style/site.css */
+/*
+ * Hide class="elementid-permalink", except when an enclosing heading
+ * has the :hover property.
+ */
+.headerlink, .elementid-permalink {
+ visibility: hidden;
+}
+h2:hover > .headerlink, h3:hover > .headerlink, h1:hover > .headerlink, h6:hover > .headerlink, h4:hover > .headerlink, h5:hover > .headerlink, dt:hover > .elementid-permalink { visibility: visible }</style>
+<p>Jena-permissions is a SecurityEvaluator interface and a set of dynamic proxies that apply that interface to Jena Graphs, Models, and associated methods and classes. It does not implement any specific security policy but provides a framework for developers or integrators to implement any desired policy.</p>
+<h2 id="documentation">Documentation<a class="headerlink" href="#documentation" title="Permanent link">¶</a></h2>
+<ul>
+<li><a href="index.html#overview">Overview</a></li>
+<li><a href="index.html#usage-notes">Usage Notes</a></li>
+<li><a href="design.html">Jena Permissions Design</a></li>
+<li><a href="evaluator.html">Security Evaluator</a></li>
+<li><a href="assembler.html">Assembler</a></li>
+<li><a href="example.html">Adding Jena-Permissions to Fuseki</a></li>
+</ul>
+<h2 id="overview">Overview<a class="headerlink" href="#overview" title="Permanent link">¶</a></h2>
+<p>Jena-permissions transparently intercepts calls to the Graph or Model interface, evaluates access restrictions and either allows or rejects the access. The system is authentication agnostic and will work with most authentication systems. The system uses dynamic proxies to wrap any Graph or Model implementation. The jena-permissions module includes an Assembler module to extend the standard Assembler to include the ability to create secured models and graphs. A complete example application is also available.</p>
+<p>The developer using jena-permissions is required to implement a SecurityEvaluator that provides access to the Principal (User) using the system and also determines if that Principal has the proper access to execute a method. Through the SecurityEvaluator the developer may apply full CRUD (Create, Read, Update, and Delete) restrictions to graphs and optionally triples within the graphs. </p>
+<p>The javadocs have additional annotations that specify what permissions at graph and triple levels are required for the user to execute the method.</p>
+<p>There is an example jar that contains configuration examples for both a stand alone application and a Fuseki configuration option.</p>
+<h2 id="usage-notes">Usage Notes<a class="headerlink" href="#usage-notes" title="Permanent link">¶</a></h2>
+<p>When the system is correctly configured the developer creates a SecuredGraph by calling <code>Factory.getInstance( SecurityEvaluator, String, Graph );</code>. Once created the resulting graph automatically makes the appropriate calls to the SecurityEvaluator before passing any approved requests to the underlying graph.</p>
+<p>Secured models are created by calling <code>Factory.getInstance( SecurityEvaluator, String, Model );</code> or <code>ModelFactory.createModelForGraph( SecuredGraph );</code></p>
+<p><strong>NOTE:</strong> when creating a model by wrapping a secured graph (e.g. <code>ModelFactory.createModelForGraph( SecuredGraph );</code>) the resulting Model does not have the same security requirements that the standard secured model. For example When creating a list on a secured model calling <code>model.createList( RDFNode[] );</code>, the standard secured model verifies that the user has the right to <strong>update</strong> the triples and allows or denies the entire operation accordingly. The wrapped secured graph does not have visibility to the <code>createList()</code> command and can only operate on the instructions issued by the <code>model.createList()</code> implementation. In the standard implementation the model requests the graph to delete one triple and then insert another. Thus the user must have <strong>delete</strong> and <strong>add</strong> permissions, not the <strong>update</strong> permission.</p>
+<p>There are several other cases where the difference in the layer can trip up the security system. In all known cases the result is a tighter security definition than was requested. For simplicity sake we recommend that the wrapped secured graph only be used in cases where access to the graph as a whole is granted/denied. In these cases the user either has all CRUD capabilities or none.</p>
+ </div>
+</div>
+
+</div><!--/.container -->
+
+ <footer class="footer">
+ <div class="container">
+ <p>Copyright © 2011–2015 The Apache Software Foundation, Licensed under
+ the <a href="http://www.apache.org/licenses/LICENSE-2.0">Apache License, Version 2.0</a>.
+ </p>
+ <p>
+ Apache Jena, Jena, the Apache Jena project logo,
+ Apache and the Apache feather logos are trademarks of The Apache Software Foundation.
+ </p>
+ </div>
+ </footer>
+
+
+</body>
+</html>
Added: websites/staging/jena/trunk/content/documentation/permissions/migration2To3.html
==============================================================================
--- websites/staging/jena/trunk/content/documentation/permissions/migration2To3.html (added)
+++ websites/staging/jena/trunk/content/documentation/permissions/migration2To3.html Sun Jul 26 10:53:56 2015
@@ -0,0 +1,251 @@
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
+<html>
+<head>
+<!--
+
+ Licensed to the Apache Software Foundation (ASF) under one or more
+ contributor license agreements. See the NOTICE file distributed with
+ this work for additional information regarding copyright ownership.
+ The ASF licenses this file to You under the Apache License, Version 2.0
+ (the "License"); you may not use this file except in compliance with
+ the License. You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE- 2.0
+
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+-->
+
+ <title>Apache Jena - Jena Permissions - Migration notes: Version 2.x to Version 3.x</title>
+ <meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
+ <meta name="viewport" content="width=device-width, initial-scale=1.0">
+
+ <link href="/css/bootstrap.min.css" rel="stylesheet" media="screen">
+ <link href="/css/bootstrap-extension.css" rel="stylesheet" type="text/css">
+ <link href="/css/jena.css" rel="stylesheet" type="text/css">
+ <link rel="shortcut icon" href="/images/favicon.ico" />
+
+ <script src="https://code.jquery.com/jquery-2.0.3.min.js"></script>
+ <script src="/js/jena-navigation.js" type="text/javascript"></script>
+ <script src="/js/bootstrap.min.js" type="text/javascript"></script>
+ <script src="/js/breadcrumbs.js" type="text/javascript"></script>
+
+ <script src="/js/improve.js" type="text/javascript"></script>
+
+
+ <!-- Uncomment to enable code coloring <link href="/css/codehilite.css" rel="stylesheet" type="text/css"> -->
+
+</head>
+
+<body>
+
+
+
+<nav class="navbar navbar-default" role="navigation">
+<div class="container">
+ <div class="navbar-header">
+
+ <button type="button" class="navbar-toggle" data-toggle="collapse" data-target=".navbar-ex1-collapse">
+ <span class="icon-bar"></span>
+ <span class="icon-bar"></span>
+ <span class="icon-bar"></span>
+ </button>
+ <a class="navbar-brand" href="/index.html">
+ <img class="logo-menu" src="/images/jena-logo/jena-logo-notext-small.png" alt="jena logo">Apache Jena</a>
+ </div>
+
+ <div class="collapse navbar-collapse navbar-ex1-collapse">
+ <ul class="nav navbar-nav">
+ <li id="homepage"><a href="/index.html"><span class="glyphicon glyphicon-home"></span> Home</a></li>
+ <li id="download"><a href="/download/index.cgi"><span class="glyphicon glyphicon-download-alt"></span> Download</a></li>
+ <li class="dropdown">
+ <a href="#" class="dropdown-toggle" data-toggle="dropdown"><span class="glyphicon glyphicon-book"></span> Learn <b class="caret"></b></a>
+ <ul class="dropdown-menu">
+ <li class="dropdown-header">Tutorials</li>
+ <li><a href="/tutorials/index.html">Overview</a></li>
+ <li><a href="/tutorials/rdf_api.html">RDF core API tutorial</a></li>
+ <li><a href="/tutorials/sparql.html">SPARQL tutorial</a></li>
+ <li><a href="/documentation/query/manipulating_sparql_using_arq.html">Manipulating SPARQL using ARQ</a></li>
+ <li><a href="/tutorials/using_jena_with_eclipse.html">Using Jena with Eclipse</a></li>
+ <li><a href="/documentation/notes/index.html">How-To's</a></li>
+ <li class="divider"></li>
+ <li class="dropdown-header">References</li>
+ <li><a href="/documentation/index.html">Overview</a></li>
+ <li><a href="/documentation/javadoc/">Javadoc</a></li>
+ <li><a href="/documentation/rdf/index.html">RDF API</a></li>
+ <li><a href="/documentation/io/">RDF I/O</a></li>
+ <li><a href="/documentation/query/index.html">ARQ (SPARQL)</a></li>
+ <li><a href="/documentation/hadoop/index.html">Elephas - tools for RDF on Hadoop</a></li>
+ <li><a href="/documentation/query/text-query.html">Text Search</a></li>
+ <li><a href="/documentation/tdb/index.html">TDB</a></li>
+ <li><a href="/documentation/sdb/index.html">SDB</a></li>
+ <li><a href="/documentation/jdbc/index.html">SPARQL over JDBC</a></li>
+ <li><a href="/documentation/fuseki2/index.html">Fuseki</a></li>
+ <li><a href="/documentation/permissions/index.html">Permissions</a></li>
+ <li><a href="/documentation/assembler/index.html">Assembler</a></li>
+ <li><a href="/documentation/ontology/">Ontology API</a></li>
+ <li><a href="/documentation/inference/index.html">Inference API</a></li>
+ <li><a href="/documentation/tools/index.html">Command-line tools</a></li>
+ <li><a href="/documentation/extras/index.html">Extras</a></li>
+ </ul>
+ </li>
+
+ <li class="drop down">
+ <a href="#" class="dropdown-toggle" data-toggle="dropdown"><span class="glyphicon glyphicon-book"></span> Javadoc <b class="caret"></b></a>
+ <ul class="dropdown-menu">
+ <li><a href="/documentation/javadoc/jena/">Jena Core</a></li>
+ <li><a href="/documentation/javadoc/arq/">ARQ</a></li>
+ <li><a href="/documentation/javadoc/tdb/">TDB</a></li>
+ <li><a href="/documentation/javadoc/elephas/">Elephas</a></li>
+ <li><a href="/documentation/javadoc/text/">Text Search</a></li>
+ <li><a href="/documentation/javadoc/spatial/">Spatial Search</a></li>
+ <li><a href="/documentation/javadoc/security/">Security</a></li>
+ <li><a href="/documentation/javadoc/jdbc/">JDBC</a></li>
+ <li><a href="/documentation/javadoc/">All Javadoc</a></li>
+ </ul>
+ </li>
+
+ <li id="ask"><a href="/help_and_support/index.html"><span class="glyphicon glyphicon-question-sign"></span> Ask</a></li>
+
+ <li class="dropdown">
+ <a href="#" class="dropdown-toggle" data-toggle="dropdown"><span class="glyphicon glyphicon-bullhorn"></span> Get involved <b class="caret"></b></a>
+ <ul class="dropdown-menu">
+ <li><a href="/getting_involved/index.html">Contribute</a></li>
+ <li><a href="/help_and_support/bugs_and_suggestions.html">Report a bug</a></li>
+ <li class="divider"></li>
+ <li class="dropdown-header">Project</li>
+ <li><a href="/about_jena/about.html">About Jena</a></li>
+ <li><a href="/about_jena/roadmap.html">Roadmap</a></li>
+ <li><a href="/about_jena/architecture.html">Architecture</a></li>
+ <li><a href="/about_jena/team.html">Project team</a></li>
+ <li><a href="/about_jena/contributions.html">Related projects</a></li>
+ <li class="divider"></li>
+ <li class="dropdown-header">ASF</li>
+ <li><a href="http://www.apache.org/">Apache Software Foundation</a></li>
+ <li><a href="http://www.apache.org/licenses/LICENSE-2.0">License</a></li>
+ <li><a href="http://www.apache.org/foundation/thanks.html">Thanks</a></li>
+ <li><a href="http://www.apache.org/foundation/sponsorship.html">Become a Sponsor</a></li>
+ <li><a href="http://www.apache.org/security/">Security</a></li>
+ </ul>
+ </li>
+
+ <li id="edit"><a href="javascript:improveThisPage(location.href);" title="Improve this Page (Use username anonymous and empty password)"><span class="glyphicon glyphicon-pencil"></span> Improve this Page</a></li>
+ </ul>
+ </div>
+</div>
+</nav>
+
+
+<div class="container">
+ <div class="row">
+ <div class="col-md-12">
+ <div id="breadcrumbs"></div>
+ <h1 class="title">Jena Permissions - Migration notes: Version 2.x to Version 3.x</h1>
+ <style type="text/css">
+/* The following code is added by mdx_elementid.py
+ It was originally lifted from http://subversion.apache.org/style/site.css */
+/*
+ * Hide class="elementid-permalink", except when an enclosing heading
+ * has the :hover property.
+ */
+.headerlink, .elementid-permalink {
+ visibility: hidden;
+}
+h2:hover > .headerlink, h3:hover > .headerlink, h1:hover > .headerlink, h6:hover > .headerlink, h4:hover > .headerlink, h5:hover > .headerlink, dt:hover > .elementid-permalink { visibility: visible }</style>
+<p>When Jena moved from version 2 to version 3 there was a major renaming of packages. One of the packages renamed was the Jena Permsissions package. It was formerly named Jena Security. There are several changes that need to occur to migrate from jena-security version 2.x to jena-permissions version 3.x</p>
+<h1 id="changes">Changes<a class="headerlink" href="#changes" title="Permanent link">¶</a></h1>
+<h2 id="package-rename">Package Rename<a class="headerlink" href="#package-rename" title="Permanent link">¶</a></h2>
+<p>There are two major changes to package names.</p>
+<ul>
+<li>
+<p>As with the rest of the Jena code all refrerences to <em>com.hp.hpl.jena</em> have been changed to <em>org.apache.jena</em>. For integrator code this means that a simple rename of the includes is generally all that is required for this. See the main Migration Notes page for other hints and tips regarding this change.</p>
+</li>
+<li>
+<p>Jena Security has been renamed Jena Permissions and the Maven <em>artifact id</em> has been changed to <em>jena-permissions</em> to reflect this change.</p>
+</li>
+<li>
+<p>The permissions assembler namespace has been changed to <code>http://apache.org/jena/permissions/Assembler#</code></p>
+</li>
+</ul>
+<h1 id="exceptions">Exceptions<a class="headerlink" href="#exceptions" title="Permanent link">¶</a></h1>
+<p>Formerly jena-permissions uses a single exception to identify the access restriction violations. With the tighter integration of permission concepts into the Jena core there are now 7 exceptions. This change will probably not required modification to the SecurityEvaluator implementation but may require modification to classes that utilize the permissions based object.</p>
+<p>All exceptions are runtime exceptions and so do not have to be explicitly caught. Java docs indicate which methods throw which exceptions.</p>
+<ul>
+<li>
+<p>Removal of org.apache.jena.permissions.AccessDeniedException. This is replace by 5 individual exceptions.</p>
+</li>
+<li>
+<p>Addition of org.apache.jena.shared.OperationDeniedException. This exception is a child of the <em>JenaException</em> and is the root of all operation denied states whether through process errors or through permissions violations.</p>
+</li>
+<li>
+<p>Addition of org.apache.jena.shared.PermissionDeniedException. This exception is a child of the <em>OperationDeniedException</em> and is the root of all operations denied through permission violations. These can be because the object was staticly prohibited from performing an operation (e.g. a read-only graph) or due to the jena-permissions layer.</p>
+</li>
+<li>
+<p>Addition of org.apache.jena.shared.AddDeniedException. This exception is a child of <em>PermissionDeniedException</em> and used to indicate that an attempt was made to add to an unmodifiable object. It may be thrown by read-only graphs or by the permission layer when a create restriction is violated.</p>
+</li>
+<li>
+<p>Addition of org.apache.jena.shared.DeleteDeniedException. This exception is a child of <em>PermissionDeniedException</em> and used to indicate that an attempt was made to delete from an unmodifiable object. It may be thrown by read-only graphs or by the permission layer when a delete restriction is violated.</p>
+</li>
+<li>
+<p>Addition of org.apache.jena.shared.ReadDeniedException. This exception is a child of <em>PermissionDeniedException</em> and used to indicate that a read restriction was violated. </p>
+</li>
+<li>
+<p>Addition of org.apache.jena.shared.UpdateDeniedException. This exception is a child of <em>PermissionDeniedException</em> and used to indicate that a update restriction was violated. </p>
+</li>
+<li>
+<p>Addition of org.apache.jena.shared.AuthenticationRequiredException. This exception is a child of <em>OperationDeniedException</em> and used to indicate that user authentication is required but has not occurred. This exception should be thrown when the SecurityEvaluator attempts to evaluate an operation and there is both a permissions restriction and the object returned by getPrincipal() indicates that the user is unauthenticated.</p>
+</li>
+</ul>
+<h1 id="removal-of-classes">Removal of Classes<a class="headerlink" href="#removal-of-classes" title="Permanent link">¶</a></h1>
+<p>The original "security" code was intended to be graph agnostic and so injected a "shim" layer to convert from graph specific classes to security specific classes. With the renaming of the package to "permissions" and the tighter integration to the Jena core the "shim" structure has been removed. This should make the permissions layer faster and cleaner to implement. </p>
+<h2 id="secnode">SecNode<a class="headerlink" href="#secnode" title="Permanent link">¶</a></h2>
+<p>The SecNode class has been removed. This was effectively a proxy for the Jena Node object and has been replaced with that object. The SecNode maintained its type (e.g. URI, Literal or Variable) using an internal Enumeration. The method getType() was used to identify the internal type. With the Jena node replacement statements of the form</p>
+<div class="codehilite"><pre> <span class="k">if</span> <span class="p">(</span><span class="n">secNode</span><span class="p">.</span><span class="n">getType</span><span class="p">().</span><span class="n">equals</span><span class="p">(</span> <span class="n">SecNode</span><span class="p">.</span><span class="n">Type</span><span class="p">.</span><span class="n">Literal</span> <span class="p">))</span>
+ <span class="p">{</span>
+ <span class="o">//</span> <span class="n">do</span> <span class="n">something</span>
+ <span class="p">}</span>
+</pre></div>
+
+
+<p>are replaced with </p>
+<div class="codehilite"><pre> <span class="k">if</span> <span class="p">(</span><span class="n">node</span><span class="p">.</span><span class="n">isLiteral</span><span class="p">())</span>
+ <span class="p">{</span>
+ <span class="o">//</span> <span class="n">do</span> <span class="n">something</span>
+ <span class="p">}</span>
+</pre></div>
+
+
+<p><code>SecNode.ANY</code> has been replaced with Node.ANY as it served the same purpose.</p>
+<p><code>SecNode.FUTURE</code> has been replaced with <code>SecurityEvaluator.FUTURE</code> and is now implemented as a blank node with the label <code>urn:jena-permissions:FUTURE</code>.</p>
+<p><code>SecNode.VARIABLE</code> has been replaced with <code>SecurityEvaluator.VARIABLE</code> and is now implemented as a blank node with the label <code>urn:jena-permissions:VARIABLE</code>.</p>
+<h2 id="sectriple">SecTriple<a class="headerlink" href="#sectriple" title="Permanent link">¶</a></h2>
+<p>The SecTriple class has been removed. This was effectively a proxy for the Jena Triple object and has been replaced with that object.</p>
+<h1 id="movement-of-classes">Movement of Classes<a class="headerlink" href="#movement-of-classes" title="Permanent link">¶</a></h1>
+<h2 id="secureditem">SecuredItem<a class="headerlink" href="#secureditem" title="Permanent link">¶</a></h2>
+<p>The SecuredItem interface was moved from org.apache.jena.permissions.impl to org.apache.jena.</p>
+<h1 id="additional-methods">Additional Methods<a class="headerlink" href="#additional-methods" title="Permanent link">¶</a></h1>
+<h2 id="securityevaluator">SecurityEvaluator<a class="headerlink" href="#securityevaluator" title="Permanent link">¶</a></h2>
+<p>The method <code>isAuthenticatedUser( Object principal )</code> has been added. The SecurityEvaluator should respond <code>true</code> if the principal is recognized as an authenticated user. The <code>principal</code> object is guaranteed to have been returend from an earlier <code>getPrincipal()</code> call.</p>
+ </div>
+</div>
+
+</div><!--/.container -->
+
+ <footer class="footer">
+ <div class="container">
+ <p>Copyright © 2011–2015 The Apache Software Foundation, Licensed under
+ the <a href="http://www.apache.org/licenses/LICENSE-2.0">Apache License, Version 2.0</a>.
+ </p>
+ <p>
+ Apache Jena, Jena, the Apache Jena project logo,
+ Apache and the Apache feather logos are trademarks of The Apache Software Foundation.
+ </p>
+ </div>
+ </footer>
+
+
+</body>
+</html>