You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@jena.apache.org by cl...@apache.org on 2015/01/20 22:04:55 UTC
[1/2] jena git commit: Fixes for JENA-855. Added principal as an
argument to SecurityEvaluator functions.
Repository: jena
Updated Branches:
refs/heads/master cd62e6d29 -> 23d1bde29
http://git-wip-us.apache.org/repos/asf/jena/blob/23d1bde2/jena-security/src/test/java/org/apache/jena/security/ModelBasedSecurityEvaluator.java
----------------------------------------------------------------------
diff --git a/jena-security/src/test/java/org/apache/jena/security/ModelBasedSecurityEvaluator.java b/jena-security/src/test/java/org/apache/jena/security/ModelBasedSecurityEvaluator.java
index 7f17aa1..3ed71f1 100644
--- a/jena-security/src/test/java/org/apache/jena/security/ModelBasedSecurityEvaluator.java
+++ b/jena-security/src/test/java/org/apache/jena/security/ModelBasedSecurityEvaluator.java
@@ -1,3 +1,20 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
package org.apache.jena.security;
import java.util.Set;
@@ -6,48 +23,48 @@ import com.hp.hpl.jena.rdf.model.Model;
public class ModelBasedSecurityEvaluator implements SecurityEvaluator {
- private Model model;
+ //private Model model;
public ModelBasedSecurityEvaluator( Model model) {
- this.model = model;
+ //this.model = model;
}
@Override
- public boolean evaluate(Action action, SecNode graphIRI) {
+ public boolean evaluate(final Object principal, Action action, SecNode graphIRI) {
return true;
}
@Override
- public boolean evaluate(Action action, SecNode graphIRI, SecTriple triple) {
+ public boolean evaluate(final Object principal, Action action, SecNode graphIRI, SecTriple triple) {
return true;
}
@Override
- public boolean evaluate(Set<Action> actions, SecNode graphIRI) {
+ public boolean evaluate(final Object principal, Set<Action> actions, SecNode graphIRI) {
return true;
}
@Override
- public boolean evaluate(Set<Action> actions, SecNode graphIRI,
+ public boolean evaluate(final Object principal, Set<Action> actions, SecNode graphIRI,
SecTriple triple) {
return true;
}
@Override
- public boolean evaluateAny(Set<Action> actions, SecNode graphIRI) {
+ public boolean evaluateAny(final Object principal, Set<Action> actions, SecNode graphIRI) {
return true;
}
@Override
- public boolean evaluateAny(Set<Action> actions, SecNode graphIRI,
+ public boolean evaluateAny(final Object principal, Set<Action> actions, SecNode graphIRI,
SecTriple triple) {
return true;
}
@Override
- public boolean evaluateUpdate(SecNode graphIRI, SecTriple from, SecTriple to) {
+ public boolean evaluateUpdate(final Object principal, SecNode graphIRI, SecTriple from, SecTriple to) {
return true;
}
http://git-wip-us.apache.org/repos/asf/jena/blob/23d1bde2/jena-security/src/test/java/org/apache/jena/security/StaticSecurityEvaluator.java
----------------------------------------------------------------------
diff --git a/jena-security/src/test/java/org/apache/jena/security/StaticSecurityEvaluator.java b/jena-security/src/test/java/org/apache/jena/security/StaticSecurityEvaluator.java
index a8164d8..d59b89c 100644
--- a/jena-security/src/test/java/org/apache/jena/security/StaticSecurityEvaluator.java
+++ b/jena-security/src/test/java/org/apache/jena/security/StaticSecurityEvaluator.java
@@ -1,3 +1,20 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
package org.apache.jena.security;
import java.util.Set;
@@ -16,41 +33,41 @@ public class StaticSecurityEvaluator implements SecurityEvaluator {
}
@Override
- public boolean evaluate(Action action, SecNode graphIRI) {
+ public boolean evaluate(final Object principal, Action action, SecNode graphIRI) {
return true;
}
@Override
- public boolean evaluate(Action action, SecNode graphIRI, SecTriple triple) {
- return triple.getSubject().getValue().equals( "urn:"+getPrincipal() );
+ public boolean evaluate(final Object principal, Action action, SecNode graphIRI, SecTriple triple) {
+ return triple.getSubject().getValue().equals( "urn:"+principal );
}
@Override
- public boolean evaluate(Set<Action> actions, SecNode graphIRI) {
+ public boolean evaluate(final Object principal, Set<Action> actions, SecNode graphIRI) {
return true;
}
@Override
- public boolean evaluate(Set<Action> actions, SecNode graphIRI,
+ public boolean evaluate(final Object principal, Set<Action> actions, SecNode graphIRI,
SecTriple triple) {
- return triple.getSubject().getValue().equals( "urn:"+getPrincipal() );
+ return triple.getSubject().getValue().equals( "urn:"+principal );
}
@Override
- public boolean evaluateAny(Set<Action> actions, SecNode graphIRI) {
+ public boolean evaluateAny(final Object principal, Set<Action> actions, SecNode graphIRI) {
return true;
}
@Override
- public boolean evaluateAny(Set<Action> actions, SecNode graphIRI,
+ public boolean evaluateAny(final Object principal, Set<Action> actions, SecNode graphIRI,
SecTriple triple) {
- return triple.getSubject().getValue().equals( "urn:"+getPrincipal() );
+ return triple.getSubject().getValue().equals( "urn:"+principal );
}
@Override
- public boolean evaluateUpdate(SecNode graphIRI, SecTriple from, SecTriple to) {
- return from.getSubject().getValue().equals( "urn:"+getPrincipal() ) &&
- to.getSubject().getValue().equals( "urn:"+getPrincipal() );
+ public boolean evaluateUpdate(final Object principal, SecNode graphIRI, SecTriple from, SecTriple to) {
+ return from.getSubject().getValue().equals( "urn:"+principal ) &&
+ to.getSubject().getValue().equals( "urn:"+principal );
}
@Override
http://git-wip-us.apache.org/repos/asf/jena/blob/23d1bde2/jena-security/src/test/java/org/apache/jena/security/contract/graph/CachedSecurityEvaluatorTest.java
----------------------------------------------------------------------
diff --git a/jena-security/src/test/java/org/apache/jena/security/contract/graph/CachedSecurityEvaluatorTest.java b/jena-security/src/test/java/org/apache/jena/security/contract/graph/CachedSecurityEvaluatorTest.java
new file mode 100644
index 0000000..b145d89
--- /dev/null
+++ b/jena-security/src/test/java/org/apache/jena/security/contract/graph/CachedSecurityEvaluatorTest.java
@@ -0,0 +1,27 @@
+package org.apache.jena.security.contract.graph;
+
+import org.apache.jena.security.SecurityEvaluator;
+import org.apache.jena.security.StaticSecurityEvaluator;
+import org.apache.jena.security.impl.CachedSecurityEvaluator;
+import org.junit.Test;
+import static org.junit.Assert.*;
+
+public class CachedSecurityEvaluatorTest {
+
+ private StaticSecurityEvaluator securityEvaluator;
+ private SecurityEvaluator cachedEvaluator;
+
+ public CachedSecurityEvaluatorTest() {
+ securityEvaluator = new StaticSecurityEvaluator( "bob" );
+ cachedEvaluator = new CachedSecurityEvaluator( securityEvaluator, "ted" );
+
+ }
+
+ @Test
+ public void testGetPrincipal()
+ {
+ assertEquals( "bob", securityEvaluator.getPrincipal());
+ assertEquals( "ted", cachedEvaluator.getPrincipal());
+ }
+
+}
http://git-wip-us.apache.org/repos/asf/jena/blob/23d1bde2/jena-security/src/test/java/org/apache/jena/security/graph/BulkUpdateHandlerTest.java
----------------------------------------------------------------------
diff --git a/jena-security/src/test/java/org/apache/jena/security/graph/BulkUpdateHandlerTest.java b/jena-security/src/test/java/org/apache/jena/security/graph/BulkUpdateHandlerTest.java
index eafb8e2..53a2b10 100644
--- a/jena-security/src/test/java/org/apache/jena/security/graph/BulkUpdateHandlerTest.java
+++ b/jena-security/src/test/java/org/apache/jena/security/graph/BulkUpdateHandlerTest.java
@@ -81,10 +81,11 @@ public class BulkUpdateHandlerTest
@Test
public void testAdd()
{
+ Object principal = securityEvaluator.getPrincipal();
try
{
handler.add(tripleArray);
- if (!securityEvaluator.evaluate(createAndUpdate,
+ if (!securityEvaluator.evaluate(principal, createAndUpdate,
handler.getModelNode()))
{
@@ -93,7 +94,7 @@ public class BulkUpdateHandlerTest
}
catch (final AccessDeniedException e)
{
- if (securityEvaluator.evaluate(createAndUpdate,
+ if (securityEvaluator.evaluate(principal, createAndUpdate,
handler.getModelNode()))
{
Assert.fail(String
@@ -105,7 +106,7 @@ public class BulkUpdateHandlerTest
try
{
handler.add(Arrays.asList(tripleArray));
- if (!securityEvaluator.evaluate(createAndUpdate,
+ if (!securityEvaluator.evaluate(principal, createAndUpdate,
handler.getModelNode()))
{
@@ -114,7 +115,7 @@ public class BulkUpdateHandlerTest
}
catch (final AccessDeniedException e)
{
- if (securityEvaluator.evaluate(createAndUpdate,
+ if (securityEvaluator.evaluate(principal, createAndUpdate,
handler.getModelNode()))
{
Assert.fail(String
@@ -126,7 +127,7 @@ public class BulkUpdateHandlerTest
try
{
handler.add(Arrays.asList(tripleArray).iterator());
- if (!securityEvaluator.evaluate(createAndUpdate,
+ if (!securityEvaluator.evaluate(principal, createAndUpdate,
handler.getModelNode()))
{
@@ -135,7 +136,7 @@ public class BulkUpdateHandlerTest
}
catch (final AccessDeniedException e)
{
- if (securityEvaluator.evaluate(createAndUpdate,
+ if (securityEvaluator.evaluate(principal, createAndUpdate,
handler.getModelNode()))
{
Assert.fail(String
@@ -147,7 +148,7 @@ public class BulkUpdateHandlerTest
try
{
handler.add(new CollectionGraph(Arrays.asList(tripleArray)));
- if (!securityEvaluator.evaluate(createAndUpdate,
+ if (!securityEvaluator.evaluate(principal, createAndUpdate,
handler.getModelNode()))
{
@@ -156,7 +157,7 @@ public class BulkUpdateHandlerTest
}
catch (final AccessDeniedException e)
{
- if (securityEvaluator.evaluate(createAndUpdate,
+ if (securityEvaluator.evaluate(principal, createAndUpdate,
handler.getModelNode()))
{
Assert.fail(String
@@ -168,7 +169,7 @@ public class BulkUpdateHandlerTest
try
{
handler.add(new CollectionGraph(Arrays.asList(tripleArray)));
- if (!securityEvaluator.evaluate(createAndUpdate,
+ if (!securityEvaluator.evaluate(principal, createAndUpdate,
handler.getModelNode()))
{
@@ -177,7 +178,7 @@ public class BulkUpdateHandlerTest
}
catch (final AccessDeniedException e)
{
- if (securityEvaluator.evaluate(createAndUpdate,
+ if (securityEvaluator.evaluate(principal, createAndUpdate,
handler.getModelNode()))
{
Assert.fail(String
@@ -189,7 +190,7 @@ public class BulkUpdateHandlerTest
try
{
handler.add(new CollectionGraph(Arrays.asList(tripleArray)), true);
- if (!securityEvaluator.evaluate(createAndUpdate,
+ if (!securityEvaluator.evaluate(principal, createAndUpdate,
handler.getModelNode()))
{
@@ -198,7 +199,7 @@ public class BulkUpdateHandlerTest
}
catch (final AccessDeniedException e)
{
- if (securityEvaluator.evaluate(createAndUpdate,
+ if (securityEvaluator.evaluate(principal, createAndUpdate,
handler.getModelNode()))
{
Assert.fail(String
@@ -211,11 +212,11 @@ public class BulkUpdateHandlerTest
@Test
public void testDelete()
{
-
+ Object principal = securityEvaluator.getPrincipal();
try
{
handler.delete(tripleArray);
- if (!securityEvaluator.evaluate(deleteAndUpdate,
+ if (!securityEvaluator.evaluate(principal, deleteAndUpdate,
handler.getModelNode()))
{
@@ -224,7 +225,7 @@ public class BulkUpdateHandlerTest
}
catch (final AccessDeniedException e)
{
- if (securityEvaluator.evaluate(deleteAndUpdate,
+ if (securityEvaluator.evaluate(principal, deleteAndUpdate,
handler.getModelNode()))
{
Assert.fail(String
@@ -236,7 +237,7 @@ public class BulkUpdateHandlerTest
try
{
handler.delete(Arrays.asList(tripleArray));
- if (!securityEvaluator.evaluate(deleteAndUpdate,
+ if (!securityEvaluator.evaluate(principal, deleteAndUpdate,
handler.getModelNode()))
{
@@ -245,7 +246,7 @@ public class BulkUpdateHandlerTest
}
catch (final AccessDeniedException e)
{
- if (securityEvaluator.evaluate(deleteAndUpdate,
+ if (securityEvaluator.evaluate(principal, deleteAndUpdate,
handler.getModelNode()))
{
Assert.fail(String
@@ -257,7 +258,7 @@ public class BulkUpdateHandlerTest
try
{
handler.delete(Arrays.asList(tripleArray).iterator());
- if (!securityEvaluator.evaluate(deleteAndUpdate,
+ if (!securityEvaluator.evaluate(principal, deleteAndUpdate,
handler.getModelNode()))
{
@@ -266,7 +267,7 @@ public class BulkUpdateHandlerTest
}
catch (final AccessDeniedException e)
{
- if (securityEvaluator.evaluate(deleteAndUpdate,
+ if (securityEvaluator.evaluate(principal, deleteAndUpdate,
handler.getModelNode()))
{
Assert.fail(String
@@ -278,7 +279,7 @@ public class BulkUpdateHandlerTest
try
{
handler.delete(new CollectionGraph(Arrays.asList(tripleArray)));
- if (!securityEvaluator.evaluate(deleteAndUpdate,
+ if (!securityEvaluator.evaluate(principal, deleteAndUpdate,
handler.getModelNode()))
{
@@ -287,7 +288,7 @@ public class BulkUpdateHandlerTest
}
catch (final AccessDeniedException e)
{
- if (securityEvaluator.evaluate(deleteAndUpdate,
+ if (securityEvaluator.evaluate(principal, deleteAndUpdate,
handler.getModelNode()))
{
Assert.fail(String
@@ -300,7 +301,7 @@ public class BulkUpdateHandlerTest
{
handler.delete(new CollectionGraph(Arrays.asList(tripleArray)),
true);
- if (!securityEvaluator.evaluate(deleteAndUpdate,
+ if (!securityEvaluator.evaluate(principal, deleteAndUpdate,
handler.getModelNode()))
{
Assert.fail("Should have thrown AccessDenied Exception");
@@ -308,7 +309,7 @@ public class BulkUpdateHandlerTest
}
catch (final AccessDeniedException e)
{
- if (securityEvaluator.evaluate(deleteAndUpdate,
+ if (securityEvaluator.evaluate(principal, deleteAndUpdate,
handler.getModelNode()))
{
Assert.fail(String
@@ -321,11 +322,12 @@ public class BulkUpdateHandlerTest
public void testRemove()
{
+ Object principal = securityEvaluator.getPrincipal();
try
{
handler.remove(NodeFactory.createURI("http://example.com/1"),
NodeFactory.createURI("http://example.com/v"), NodeFactory.createAnon());
- if (!securityEvaluator.evaluate(deleteAndUpdate,
+ if (!securityEvaluator.evaluate(principal, deleteAndUpdate,
handler.getModelNode()))
{
@@ -334,7 +336,7 @@ public class BulkUpdateHandlerTest
}
catch (final AccessDeniedException e)
{
- if (securityEvaluator.evaluate(deleteAndUpdate,
+ if (securityEvaluator.evaluate(principal, deleteAndUpdate,
handler.getModelNode()))
{
Assert.fail(String
@@ -346,10 +348,11 @@ public class BulkUpdateHandlerTest
public void testRemoveAll()
{
+ Object principal = securityEvaluator.getPrincipal();
try
{
handler.removeAll();
- if (!securityEvaluator.evaluate(deleteAndUpdate,
+ if (!securityEvaluator.evaluate(principal, deleteAndUpdate,
handler.getModelNode()))
{
@@ -358,7 +361,7 @@ public class BulkUpdateHandlerTest
}
catch (final AccessDeniedException e)
{
- if (securityEvaluator.evaluate(deleteAndUpdate,
+ if (securityEvaluator.evaluate(principal, deleteAndUpdate,
handler.getModelNode()))
{
Assert.fail(String
http://git-wip-us.apache.org/repos/asf/jena/blob/23d1bde2/jena-security/src/test/java/org/apache/jena/security/graph/CrossIDGraphEventManagerTest.java
----------------------------------------------------------------------
diff --git a/jena-security/src/test/java/org/apache/jena/security/graph/CrossIDGraphEventManagerTest.java b/jena-security/src/test/java/org/apache/jena/security/graph/CrossIDGraphEventManagerTest.java
new file mode 100644
index 0000000..caea972
--- /dev/null
+++ b/jena-security/src/test/java/org/apache/jena/security/graph/CrossIDGraphEventManagerTest.java
@@ -0,0 +1,78 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.jena.security.graph;
+
+import org.apache.jena.security.Factory;
+import org.apache.jena.security.StaticSecurityEvaluator;
+import org.junit.Assert;
+import org.junit.Test;
+
+import com.hp.hpl.jena.graph.Graph;
+import com.hp.hpl.jena.graph.GraphEventManager;
+import com.hp.hpl.jena.graph.NodeFactory;
+import com.hp.hpl.jena.graph.Triple;
+import com.hp.hpl.jena.sparql.graph.GraphFactory;
+
+public class CrossIDGraphEventManagerTest {
+
+ private final GraphEventManager manager;
+ private final Graph g;
+ private final SecuredGraph sg;
+ private final StaticSecurityEvaluator securityEvaluator;
+
+ private final RecordingGraphListener annListener;
+ private final RecordingGraphListener bobListener;
+
+ public CrossIDGraphEventManagerTest() {
+ this.securityEvaluator = new StaticSecurityEvaluator("ann");
+
+ g = GraphFactory.createDefaultGraph();
+ g.add(new Triple(NodeFactory.createURI("urn:ann"), NodeFactory
+ .createURI("http://example.com/v"), NodeFactory.createAnon()));
+ g.add(new Triple(NodeFactory.createURI("urn:bob"), NodeFactory
+ .createURI("http://example.com/v"), NodeFactory.createAnon()));
+ g.add(new Triple(NodeFactory.createURI("urn:ann"), NodeFactory
+ .createURI("http://example.com/v2"), NodeFactory.createAnon()));
+
+ sg = Factory.getInstance(securityEvaluator,
+ "http://example.com/testGraph", g);
+ manager = sg.getEventManager();
+ annListener = new RecordingGraphListener();
+ manager.register(annListener);
+ this.securityEvaluator.setUser("bob");
+ bobListener = new RecordingGraphListener();
+ manager.register(bobListener);
+ }
+
+ @Test
+ public void notificationsTest() {
+ sg.add(new Triple(NodeFactory.createURI("urn:bob"), NodeFactory
+ .createURI("http://example.com/v2"), NodeFactory.createAnon()));
+
+ Assert.assertTrue("Should recorded add", bobListener.isAdd());
+ Assert.assertFalse("Should not have recorded add", annListener.isAdd());
+
+ sg.delete(new Triple(NodeFactory.createURI("urn:bob"), NodeFactory
+ .createURI("http://example.com/v2"), NodeFactory.createAnon()));
+
+ Assert.assertTrue("Should recorded delete", bobListener.isDelete());
+ Assert.assertFalse("Should not have recorded delete",
+ annListener.isDelete());
+ }
+
+}
http://git-wip-us.apache.org/repos/asf/jena/blob/23d1bde2/jena-security/src/test/java/org/apache/jena/security/graph/GraphEventManagerTest.java
----------------------------------------------------------------------
diff --git a/jena-security/src/test/java/org/apache/jena/security/graph/GraphEventManagerTest.java b/jena-security/src/test/java/org/apache/jena/security/graph/GraphEventManagerTest.java
index d45db9e..e7a8f34 100644
--- a/jena-security/src/test/java/org/apache/jena/security/graph/GraphEventManagerTest.java
+++ b/jena-security/src/test/java/org/apache/jena/security/graph/GraphEventManagerTest.java
@@ -19,15 +19,12 @@ package org.apache.jena.security.graph;
import com.hp.hpl.jena.graph.Graph;
import com.hp.hpl.jena.graph.GraphEventManager;
-import com.hp.hpl.jena.graph.GraphListener;
import com.hp.hpl.jena.graph.NodeFactory;
import com.hp.hpl.jena.graph.Triple;
import com.hp.hpl.jena.graph.impl.CollectionGraph;
import com.hp.hpl.jena.sparql.graph.GraphFactory;
import java.util.Arrays;
-import java.util.Iterator;
-import java.util.List;
import java.util.Set;
import org.apache.jena.security.Factory;
@@ -41,107 +38,13 @@ import org.junit.Before;
import org.junit.Test;
import org.junit.runner.RunWith;
+/**
+ * Verifies that messages are properly filtered when sent to listeners.
+ *
+ */
@RunWith( value = SecurityEvaluatorParameters.class )
public class GraphEventManagerTest
{
- private class RecordingGraphListener implements GraphListener
- {
-
- private boolean add;
- private boolean delete;
- private boolean event;
-
- public boolean isAdd()
- {
- return add;
- }
-
- public boolean isDelete()
- {
- return delete;
- }
-
- public boolean isEvent()
- {
- return event;
- }
-
- @Override
- public void notifyAddArray( final Graph g, final Triple[] triples )
- {
- add = true;
- }
-
- @Override
- public void notifyAddGraph( final Graph g, final Graph added )
- {
- add = true;
- }
-
- @Override
- public void notifyAddIterator( final Graph g, final Iterator<Triple> it )
- {
- add = true;
- }
-
- @Override
- public void notifyAddList( final Graph g, final List<Triple> triples )
- {
- add = true;
- }
-
- @Override
- public void notifyAddTriple( final Graph g, final Triple t )
- {
- add = true;
- }
-
- @Override
- public void notifyDeleteArray( final Graph g, final Triple[] triples )
- {
- delete = true;
- }
-
- @Override
- public void notifyDeleteGraph( final Graph g, final Graph removed )
- {
- delete = true;
- }
-
- @Override
- public void notifyDeleteIterator( final Graph g,
- final Iterator<Triple> it )
- {
- delete = true;
- }
-
- @Override
- public void notifyDeleteList( final Graph g, final List<Triple> L )
- {
- delete = true;
- }
-
- @Override
- public void notifyDeleteTriple( final Graph g, final Triple t )
- {
- delete = true;
- }
-
- @Override
- public void notifyEvent( final Graph source, final Object value )
- {
- event = true;
- }
-
- public void reset()
- {
- add = false;
- delete = false;
- event = false;
- }
-
- }
-
private final GraphEventManager manager;
private final Graph g;
private final SecuredGraph sg;
@@ -167,10 +70,11 @@ public class GraphEventManagerTest
@SuppressWarnings("deprecation")
public void notifyAddTest()
{
+ Object principal = securityEvaluator.getPrincipal();
final Set<Action> ADD = SecurityEvaluator.Util.asSet(new Action[] {
Action.Create, Action.Read });
g.add(tripleArray[0]);
- if (securityEvaluator.evaluateAny(ADD, sg.getModelNode()))
+ if (securityEvaluator.evaluateAny(principal, ADD, sg.getModelNode()))
{
Assert.assertTrue("Should recorded add", listener.isAdd());
}
@@ -182,7 +86,7 @@ public class GraphEventManagerTest
listener.reset();
g.getBulkUpdateHandler().add(tripleArray);
- if (securityEvaluator.evaluateAny(ADD, sg.getModelNode()))
+ if (securityEvaluator.evaluateAny(principal, ADD, sg.getModelNode()))
{
Assert.assertTrue("Should recorded add", listener.isAdd());
}
@@ -194,7 +98,7 @@ public class GraphEventManagerTest
listener.reset();
g.getBulkUpdateHandler().add(Arrays.asList(tripleArray));
- if (securityEvaluator.evaluateAny(ADD, sg.getModelNode()))
+ if (securityEvaluator.evaluateAny(principal, ADD, sg.getModelNode()))
{
Assert.assertTrue("Should recorded add", listener.isAdd());
}
@@ -206,7 +110,7 @@ public class GraphEventManagerTest
listener.reset();
g.getBulkUpdateHandler().add(Arrays.asList(tripleArray).iterator());
- if (securityEvaluator.evaluateAny(ADD, sg.getModelNode()))
+ if (securityEvaluator.evaluateAny(principal, ADD, sg.getModelNode()))
{
Assert.assertTrue("Should recorded add", listener.isAdd());
}
@@ -219,7 +123,7 @@ public class GraphEventManagerTest
g.getBulkUpdateHandler().add(
new CollectionGraph(Arrays.asList(tripleArray)));
- if (securityEvaluator.evaluateAny(ADD, sg.getModelNode()))
+ if (securityEvaluator.evaluateAny(principal, ADD, sg.getModelNode()))
{
Assert.assertTrue("Should recorded add", listener.isAdd());
}
@@ -235,10 +139,11 @@ public class GraphEventManagerTest
@Test
public void notifyDeleteTest()
{
+ Object principal = securityEvaluator.getPrincipal();
final Set<Action> DELETE = SecurityEvaluator.Util.asSet(new Action[] {
Action.Delete, Action.Read });
g.delete(tripleArray[0]);
- if (securityEvaluator.evaluateAny(DELETE, sg.getModelNode()))
+ if (securityEvaluator.evaluateAny(principal, DELETE, sg.getModelNode()))
{
Assert.assertTrue("Should have recorded delete",
listener.isDelete());
@@ -252,7 +157,7 @@ public class GraphEventManagerTest
listener.reset();
g.getBulkUpdateHandler().delete(tripleArray);
- if (securityEvaluator.evaluateAny(DELETE, sg.getModelNode()))
+ if (securityEvaluator.evaluateAny(principal, DELETE, sg.getModelNode()))
{
Assert.assertTrue("Should recorded delete", listener.isDelete());
}
@@ -264,7 +169,7 @@ public class GraphEventManagerTest
listener.reset();
g.getBulkUpdateHandler().delete(Arrays.asList(tripleArray));
- if (securityEvaluator.evaluateAny(DELETE, sg.getModelNode()))
+ if (securityEvaluator.evaluateAny(principal, DELETE, sg.getModelNode()))
{
Assert.assertTrue("Should recorded delete", listener.isDelete());
}
@@ -276,7 +181,7 @@ public class GraphEventManagerTest
listener.reset();
g.getBulkUpdateHandler().delete(Arrays.asList(tripleArray).iterator());
- if (securityEvaluator.evaluateAny(DELETE, sg.getModelNode()))
+ if (securityEvaluator.evaluateAny(principal, DELETE, sg.getModelNode()))
{
Assert.assertTrue("Should recorded delete", listener.isDelete());
}
@@ -289,7 +194,7 @@ public class GraphEventManagerTest
g.getBulkUpdateHandler().delete(
new CollectionGraph(Arrays.asList(tripleArray)));
- if (securityEvaluator.evaluateAny(DELETE, sg.getModelNode()))
+ if (securityEvaluator.evaluateAny(principal, DELETE, sg.getModelNode()))
{
Assert.assertTrue("Should recorded delete", listener.isDelete());
}
http://git-wip-us.apache.org/repos/asf/jena/blob/23d1bde2/jena-security/src/test/java/org/apache/jena/security/graph/RecordingGraphListener.java
----------------------------------------------------------------------
diff --git a/jena-security/src/test/java/org/apache/jena/security/graph/RecordingGraphListener.java b/jena-security/src/test/java/org/apache/jena/security/graph/RecordingGraphListener.java
new file mode 100644
index 0000000..1e06e01
--- /dev/null
+++ b/jena-security/src/test/java/org/apache/jena/security/graph/RecordingGraphListener.java
@@ -0,0 +1,106 @@
+package org.apache.jena.security.graph;
+
+import java.util.Iterator;
+import java.util.List;
+
+import com.hp.hpl.jena.graph.Graph;
+import com.hp.hpl.jena.graph.GraphListener;
+import com.hp.hpl.jena.graph.Triple;
+
+public class RecordingGraphListener implements GraphListener
+{
+
+ private boolean add;
+ private boolean delete;
+ private boolean event;
+
+ public boolean isAdd()
+ {
+ return add;
+ }
+
+ public boolean isDelete()
+ {
+ return delete;
+ }
+
+ public boolean isEvent()
+ {
+ return event;
+ }
+
+ @Override
+ public void notifyAddArray( final Graph g, final Triple[] triples )
+ {
+ add = true;
+ }
+
+ @Override
+ public void notifyAddGraph( final Graph g, final Graph added )
+ {
+ add = true;
+ }
+
+ @Override
+ public void notifyAddIterator( final Graph g, final Iterator<Triple> it )
+ {
+ add = true;
+ }
+
+ @Override
+ public void notifyAddList( final Graph g, final List<Triple> triples )
+ {
+ add = true;
+ }
+
+ @Override
+ public void notifyAddTriple( final Graph g, final Triple t )
+ {
+ add = true;
+ }
+
+ @Override
+ public void notifyDeleteArray( final Graph g, final Triple[] triples )
+ {
+ delete = true;
+ }
+
+ @Override
+ public void notifyDeleteGraph( final Graph g, final Graph removed )
+ {
+ delete = true;
+ }
+
+ @Override
+ public void notifyDeleteIterator( final Graph g,
+ final Iterator<Triple> it )
+ {
+ delete = true;
+ }
+
+ @Override
+ public void notifyDeleteList( final Graph g, final List<Triple> L )
+ {
+ delete = true;
+ }
+
+ @Override
+ public void notifyDeleteTriple( final Graph g, final Triple t )
+ {
+ delete = true;
+ }
+
+ @Override
+ public void notifyEvent( final Graph source, final Object value )
+ {
+ event = true;
+ }
+
+ public void reset()
+ {
+ add = false;
+ delete = false;
+ event = false;
+ }
+
+}
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/jena/blob/23d1bde2/jena-security/src/test/java/org/apache/jena/security/graph/SecuredPrefixMappingTest.java
----------------------------------------------------------------------
diff --git a/jena-security/src/test/java/org/apache/jena/security/graph/SecuredPrefixMappingTest.java b/jena-security/src/test/java/org/apache/jena/security/graph/SecuredPrefixMappingTest.java
index 1bed4d7..c1d78a3 100644
--- a/jena-security/src/test/java/org/apache/jena/security/graph/SecuredPrefixMappingTest.java
+++ b/jena-security/src/test/java/org/apache/jena/security/graph/SecuredPrefixMappingTest.java
@@ -81,12 +81,14 @@ public class SecuredPrefixMappingTest
}
private final SecurityEvaluator securityEvaluator;
+ private final Object principal;
protected SecuredPrefixMapping securedMapping;
public SecuredPrefixMappingTest( final SecurityEvaluator securityEvaluator )
{
this.securityEvaluator = securityEvaluator;
+ this.principal = securityEvaluator.getPrincipal();
}
@Before
@@ -102,10 +104,10 @@ public class SecuredPrefixMappingTest
@Test
public void testExpandPrefix()
{
- try
+ try
{
securedMapping.expandPrefix("foo");
- if (!securityEvaluator.evaluate(Action.Read,
+ if (!securityEvaluator.evaluate(principal, Action.Read,
securedMapping.getModelNode()))
{
Assert.fail("Should have thrown AccessDenied Exception");
@@ -113,7 +115,7 @@ public class SecuredPrefixMappingTest
}
catch (final AccessDeniedException e)
{
- if (securityEvaluator.evaluate(Action.Read,
+ if (securityEvaluator.evaluate(principal, Action.Read,
securedMapping.getModelNode()))
{
Assert.fail(String
@@ -126,10 +128,10 @@ public class SecuredPrefixMappingTest
@Test
public void testGetNsPrefixMap()
{
- try
+ try
{
securedMapping.getNsPrefixMap();
- if (!securityEvaluator.evaluate(Action.Read,
+ if (!securityEvaluator.evaluate(principal, Action.Read,
securedMapping.getModelNode()))
{
Assert.fail("Should have thrown AccessDenied Exception");
@@ -137,7 +139,7 @@ public class SecuredPrefixMappingTest
}
catch (final AccessDeniedException e)
{
- if (securityEvaluator.evaluate(Action.Read,
+ if (securityEvaluator.evaluate(principal, Action.Read,
securedMapping.getModelNode()))
{
Assert.fail(String
@@ -150,11 +152,10 @@ public class SecuredPrefixMappingTest
@Test
public void testGetNsPrefixURI()
{
-
- try
+ try
{
securedMapping.getNsPrefixURI("foo");
- if (!securityEvaluator.evaluate(Action.Read,
+ if (!securityEvaluator.evaluate(principal, Action.Read,
securedMapping.getModelNode()))
{
Assert.fail("Should have thrown AccessDenied Exception");
@@ -162,7 +163,7 @@ public class SecuredPrefixMappingTest
}
catch (final AccessDeniedException e)
{
- if (securityEvaluator.evaluate(Action.Read,
+ if (securityEvaluator.evaluate(principal, Action.Read,
securedMapping.getModelNode()))
{
Assert.fail(String
@@ -176,11 +177,10 @@ public class SecuredPrefixMappingTest
@Test
public void testGetNsURIPrefix()
{
-
- try
+ try
{
securedMapping.getNsURIPrefix("http://example.com/foo");
- if (!securityEvaluator.evaluate(Action.Read,
+ if (!securityEvaluator.evaluate(principal, Action.Read,
securedMapping.getModelNode()))
{
Assert.fail("Should have thrown AccessDenied Exception");
@@ -188,7 +188,7 @@ public class SecuredPrefixMappingTest
}
catch (final AccessDeniedException e)
{
- if (securityEvaluator.evaluate(Action.Read,
+ if (securityEvaluator.evaluate(principal, Action.Read,
securedMapping.getModelNode()))
{
Assert.fail(String
@@ -201,10 +201,10 @@ public class SecuredPrefixMappingTest
@Test
public void testLock()
{
- try
+ try
{
securedMapping.lock();
- if (!securityEvaluator.evaluate(Action.Update,
+ if (!securityEvaluator.evaluate(principal, Action.Update,
securedMapping.getModelNode()))
{
Assert.fail("Should have thrown AccessDenied Exception");
@@ -212,7 +212,7 @@ public class SecuredPrefixMappingTest
}
catch (final AccessDeniedException e)
{
- if (securityEvaluator.evaluate(Action.Update,
+ if (securityEvaluator.evaluate(principal, Action.Update,
securedMapping.getModelNode()))
{
Assert.fail(String
@@ -229,7 +229,7 @@ public class SecuredPrefixMappingTest
try
{
securedMapping.qnameFor("http://example.com/foo/bar");
- if (!securityEvaluator.evaluate(Action.Read,
+ if (!securityEvaluator.evaluate(principal, Action.Read,
securedMapping.getModelNode()))
{
Assert.fail("Should have thrown AccessDenied Exception");
@@ -237,7 +237,7 @@ public class SecuredPrefixMappingTest
}
catch (final AccessDeniedException e)
{
- if (securityEvaluator.evaluate(Action.Read,
+ if (securityEvaluator.evaluate(principal, Action.Read,
securedMapping.getModelNode()))
{
Assert.fail(String
@@ -253,7 +253,7 @@ public class SecuredPrefixMappingTest
try
{
securedMapping.removeNsPrefix("foo");
- if (!securityEvaluator.evaluate(Action.Update,
+ if (!securityEvaluator.evaluate(principal, Action.Update,
securedMapping.getModelNode()))
{
Assert.fail("Should have thrown AccessDenied Exception");
@@ -261,7 +261,7 @@ public class SecuredPrefixMappingTest
}
catch (final AccessDeniedException e)
{
- if (securityEvaluator.evaluate(Action.Update,
+ if (securityEvaluator.evaluate(principal, Action.Update,
securedMapping.getModelNode()))
{
Assert.fail(String
@@ -279,7 +279,7 @@ public class SecuredPrefixMappingTest
{
securedMapping.samePrefixMappingAs(GraphFactory
.createDefaultGraph().getPrefixMapping());
- if (!securityEvaluator.evaluate(Action.Read,
+ if (!securityEvaluator.evaluate(principal, Action.Read,
securedMapping.getModelNode()))
{
Assert.fail("Should have thrown AccessDenied Exception");
@@ -287,7 +287,7 @@ public class SecuredPrefixMappingTest
}
catch (final AccessDeniedException e)
{
- if (securityEvaluator.evaluate(Action.Read,
+ if (securityEvaluator.evaluate(principal, Action.Read,
securedMapping.getModelNode()))
{
Assert.fail(String
@@ -303,7 +303,7 @@ public class SecuredPrefixMappingTest
try
{
securedMapping.setNsPrefix("foo", "http://example.com/foo");
- if (!securityEvaluator.evaluate(Action.Update,
+ if (!securityEvaluator.evaluate(principal, Action.Update,
securedMapping.getModelNode()))
{
@@ -312,7 +312,7 @@ public class SecuredPrefixMappingTest
}
catch (final AccessDeniedException e)
{
- if (securityEvaluator.evaluate(Action.Update,
+ if (securityEvaluator.evaluate(principal, Action.Update,
securedMapping.getModelNode()))
{
Assert.fail(String
@@ -325,7 +325,7 @@ public class SecuredPrefixMappingTest
{
securedMapping.setNsPrefixes(GraphFactory.createDefaultGraph()
.getPrefixMapping());
- if (!securityEvaluator.evaluate(Action.Update,
+ if (!securityEvaluator.evaluate(principal, Action.Update,
securedMapping.getModelNode()))
{
Assert.fail("Should have thrown AccessDenied Exception");
@@ -333,7 +333,7 @@ public class SecuredPrefixMappingTest
}
catch (final AccessDeniedException e)
{
- if (securityEvaluator.evaluate(Action.Update,
+ if (securityEvaluator.evaluate(principal, Action.Update,
securedMapping.getModelNode()))
{
Assert.fail(String
@@ -345,7 +345,7 @@ public class SecuredPrefixMappingTest
try
{
securedMapping.setNsPrefixes(new HashMap<String, String>());
- if (!securityEvaluator.evaluate(Action.Update,
+ if (!securityEvaluator.evaluate(principal, Action.Update,
securedMapping.getModelNode()))
{
Assert.fail("Should have thrown AccessDenied Exception");
@@ -353,7 +353,7 @@ public class SecuredPrefixMappingTest
}
catch (final AccessDeniedException e)
{
- if (securityEvaluator.evaluate(Action.Update,
+ if (securityEvaluator.evaluate(principal, Action.Update,
securedMapping.getModelNode()))
{
Assert.fail(String
@@ -369,7 +369,7 @@ public class SecuredPrefixMappingTest
try
{
securedMapping.shortForm("http://example.com/foo/bar");
- if (!securityEvaluator.evaluate(Action.Read,
+ if (!securityEvaluator.evaluate(principal, Action.Read,
securedMapping.getModelNode()))
{
Assert.fail("Should have thrown AccessDenied Exception");
@@ -377,7 +377,7 @@ public class SecuredPrefixMappingTest
}
catch (final AccessDeniedException e)
{
- if (securityEvaluator.evaluate(Action.Read,
+ if (securityEvaluator.evaluate(principal, Action.Read,
securedMapping.getModelNode()))
{
Assert.fail(String
@@ -396,7 +396,7 @@ public class SecuredPrefixMappingTest
{
// make sure that it must update
securedMapping.withDefaultMappings(pm);
- if (!securityEvaluator.evaluate(Action.Update,
+ if (!securityEvaluator.evaluate(principal, Action.Update,
securedMapping.getModelNode()))
{
Assert.fail("Should have thrown AccessDenied Exception");
@@ -404,7 +404,7 @@ public class SecuredPrefixMappingTest
}
catch (final AccessDeniedException e)
{
- if (securityEvaluator.evaluate(Action.Update,
+ if (securityEvaluator.evaluate(principal, Action.Update,
securedMapping.getModelNode()))
{
Assert.fail(String
@@ -430,7 +430,7 @@ public class SecuredPrefixMappingTest
}
catch (final AccessDeniedException e)
{
- if (securityEvaluator.evaluate(Action.Update,
+ if (securityEvaluator.evaluate(principal, Action.Update,
securedMapping.getModelNode()))
{
Assert.fail(String
http://git-wip-us.apache.org/repos/asf/jena/blob/23d1bde2/jena-security/src/test/java/org/apache/jena/security/model/SecuredModelDetailTest.java
----------------------------------------------------------------------
diff --git a/jena-security/src/test/java/org/apache/jena/security/model/SecuredModelDetailTest.java b/jena-security/src/test/java/org/apache/jena/security/model/SecuredModelDetailTest.java
index 5e051c2..6f7a4d8 100644
--- a/jena-security/src/test/java/org/apache/jena/security/model/SecuredModelDetailTest.java
+++ b/jena-security/src/test/java/org/apache/jena/security/model/SecuredModelDetailTest.java
@@ -53,8 +53,6 @@ public class SecuredModelDetailTest {
private Property pTo = ResourceFactory.createProperty("http://example.com/to");
private Property pFrom = ResourceFactory
.createProperty( "http://example.com/from");
- private Property pSubj = ResourceFactory
- .createProperty("http://example.com/subj");
@Before
public void setup()
@@ -251,7 +249,7 @@ public class SecuredModelDetailTest {
}
@Override
- public boolean evaluate(Action action, SecNode graphIRI) {
+ public boolean evaluate(Object principal, Action action, SecNode graphIRI) {
// we allow any action on a graph.
return true;
}
@@ -261,8 +259,8 @@ public class SecuredModelDetailTest {
// a message is only available to sender or recipient
if (r.hasProperty( RDF.type, msgType ))
{
- return r.hasProperty( pTo, principal.getName() ) ||
- r.hasProperty( pFrom, principal.getName());
+ return r.hasProperty( pTo, ((Principal)principal).getName() ) ||
+ r.hasProperty( pFrom, ((Principal)principal).getName());
}
return true;
}
@@ -295,34 +293,34 @@ public class SecuredModelDetailTest {
}
@Override
- public boolean evaluate(Action action, SecNode graphIRI, SecTriple triple) {
+ public boolean evaluate(Object principal, Action action, SecNode graphIRI, SecTriple triple) {
return evaluate( triple );
}
@Override
- public boolean evaluate(Set<Action> actions, SecNode graphIRI) {
+ public boolean evaluate(Object principal, Set<Action> actions, SecNode graphIRI) {
return true;
}
@Override
- public boolean evaluate(Set<Action> actions, SecNode graphIRI,
+ public boolean evaluate(Object principal, Set<Action> actions, SecNode graphIRI,
SecTriple triple) {
return evaluate( triple );
}
@Override
- public boolean evaluateAny(Set<Action> actions, SecNode graphIRI) {
+ public boolean evaluateAny(Object principal, Set<Action> actions, SecNode graphIRI) {
return true;
}
@Override
- public boolean evaluateAny(Set<Action> actions, SecNode graphIRI,
+ public boolean evaluateAny(Object principal, Set<Action> actions, SecNode graphIRI,
SecTriple triple) {
return evaluate( triple );
}
@Override
- public boolean evaluateUpdate(SecNode graphIRI, SecTriple from, SecTriple to) {
+ public boolean evaluateUpdate(Object principal, SecNode graphIRI, SecTriple from, SecTriple to) {
return evaluate( from ) && evaluate( to );
}
http://git-wip-us.apache.org/repos/asf/jena/blob/23d1bde2/jena-security/src/test/java/org/apache/jena/security/query/QueryEngineTest.java
----------------------------------------------------------------------
diff --git a/jena-security/src/test/java/org/apache/jena/security/query/QueryEngineTest.java b/jena-security/src/test/java/org/apache/jena/security/query/QueryEngineTest.java
index 0b783c7..3b078ac 100644
--- a/jena-security/src/test/java/org/apache/jena/security/query/QueryEngineTest.java
+++ b/jena-security/src/test/java/org/apache/jena/security/query/QueryEngineTest.java
@@ -6,9 +6,9 @@
* to you under the Apache License, Version 2.0 (the
* "License"); you may not use this file except in compliance
* with the License. You may obtain a copy of the License at
- *
+ *
* http://www.apache.org/licenses/LICENSE-2.0
- *
+ *
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
@@ -17,55 +17,48 @@
*/
package org.apache.jena.security.query;
-import com.hp.hpl.jena.query.QueryExecution;
-import com.hp.hpl.jena.query.QueryExecutionFactory;
-import com.hp.hpl.jena.query.QuerySolution;
-import com.hp.hpl.jena.query.ResultSet;
-import com.hp.hpl.jena.rdf.model.Model;
-import com.hp.hpl.jena.rdf.model.ModelFactory;
-import com.hp.hpl.jena.rdf.model.Resource;
-import com.hp.hpl.jena.rdf.model.ResourceFactory;
-import com.hp.hpl.jena.vocabulary.RDF;
-
-import org.junit.Assert;
-
import org.apache.jena.security.Factory;
import org.apache.jena.security.MockSecurityEvaluator;
import org.apache.jena.security.SecurityEvaluator;
import org.apache.jena.security.SecurityEvaluator.SecNode.Type;
import org.apache.jena.security.model.SecuredModel;
-import org.apache.jena.security.query.SecuredQueryEngineFactory;
import org.junit.After;
import org.junit.AfterClass;
+import org.junit.Assert;
import org.junit.Before;
import org.junit.BeforeClass;
import org.junit.Test;
-public class QueryEngineTest
-{
+import com.hp.hpl.jena.query.QueryExecution;
+import com.hp.hpl.jena.query.QueryExecutionFactory;
+import com.hp.hpl.jena.query.QuerySolution;
+import com.hp.hpl.jena.query.ResultSet;
+import com.hp.hpl.jena.rdf.model.Model;
+import com.hp.hpl.jena.rdf.model.ModelFactory;
+import com.hp.hpl.jena.rdf.model.Resource;
+import com.hp.hpl.jena.rdf.model.ResourceFactory;
+import com.hp.hpl.jena.vocabulary.RDF;
+
+public class QueryEngineTest {
@BeforeClass
- public static void setupFactory()
- {
+ public static void setupFactory() {
SecuredQueryEngineFactory.register();
}
@AfterClass
- public static void teardownFactory()
- {
+ public static void teardownFactory() {
SecuredQueryEngineFactory.unregister();
}
Model baseModel;
- public QueryEngineTest()
- {
+ public QueryEngineTest() {
}
@Before
- public void setUp()
- {
+ public void setUp() {
baseModel = ModelFactory.createDefaultModel();
Resource r = ResourceFactory
.createResource("http://example.com/resource/1");
@@ -108,20 +101,17 @@ public class QueryEngineTest
}
@After
- public void tearDown()
- {
+ public void tearDown() {
baseModel.close();
}
@Test
- public void testOpenQueryType()
- {
+ public void testOpenQueryType() {
final SecurityEvaluator eval = new MockSecurityEvaluator(true, true,
true, true, true, true);
final SecuredModel model = Factory.getInstance(eval,
"http://example.com/securedModel", baseModel);
- try
- {
+ try {
final String query = "prefix fn: <http://www.w3.org/2005/xpath-functions#> "
+ " SELECT ?foo ?bar WHERE "
+ " { ?foo a <http://example.com/class> ; "
@@ -129,50 +119,41 @@ public class QueryEngineTest
+ " } ";
final QueryExecution qexec = QueryExecutionFactory.create(query,
model);
- try
- {
+ try {
final ResultSet results = qexec.execSelect();
int count = 0;
- for (; results.hasNext();)
- {
+ for (; results.hasNext();) {
count++;
final QuerySolution soln = results.nextSolution();
}
Assert.assertEquals(8, count);
- }
- finally
- {
+ } finally {
qexec.close();
}
- }
- finally
- {
+ } finally {
model.close();
}
}
@Test
- public void testRestrictedQueryType()
- {
+ public void testRestrictedQueryType() {
final SecurityEvaluator eval = new MockSecurityEvaluator(true, true,
true, true, true, true) {
@Override
- public boolean evaluate( final Action action,
- final SecNode graphIRI, final SecTriple triple )
- {
+ public boolean evaluate(final Object principal,
+ final Action action, final SecNode graphIRI,
+ final SecTriple triple) {
if (triple.getSubject().equals(
- new SecNode(Type.URI, "http://example.com/resource/1")))
- {
+ new SecNode(Type.URI, "http://example.com/resource/1"))) {
return false;
}
- return super.evaluate(action, graphIRI, triple);
+ return super.evaluate(principal, action, graphIRI, triple);
}
};
final SecuredModel model = Factory.getInstance(eval,
"http://example.com/securedModel", baseModel);
- try
- {
+ try {
final String query = "prefix fn: <http://www.w3.org/2005/xpath-functions#> "
+ " SELECT ?foo ?bar WHERE "
+ " { ?foo a <http://example.com/class> ; "
@@ -180,24 +161,18 @@ public class QueryEngineTest
+ " } ";
final QueryExecution qexec = QueryExecutionFactory.create(query,
model);
- try
- {
+ try {
final ResultSet results = qexec.execSelect();
int count = 0;
- for (; results.hasNext();)
- {
+ for (; results.hasNext();) {
count++;
results.nextSolution();
}
Assert.assertEquals(4, count);
- }
- finally
- {
+ } finally {
qexec.close();
}
- }
- finally
- {
+ } finally {
model.close();
}
}
[2/2] jena git commit: Fixes for JENA-855. Added principal as an
argument to SecurityEvaluator functions.
Posted by cl...@apache.org.
Fixes for JENA-855. Added principal as an argument to SecurityEvaluator functions.
Project: http://git-wip-us.apache.org/repos/asf/jena/repo
Commit: http://git-wip-us.apache.org/repos/asf/jena/commit/23d1bde2
Tree: http://git-wip-us.apache.org/repos/asf/jena/tree/23d1bde2
Diff: http://git-wip-us.apache.org/repos/asf/jena/diff/23d1bde2
Branch: refs/heads/master
Commit: 23d1bde29ec4985584a63dfc209155115a7959c2
Parents: cd62e6d
Author: Claude Warren <cl...@apache.org>
Authored: Tue Jan 20 21:00:44 2015 +0000
Committer: Claude Warren <cl...@apache.org>
Committed: Tue Jan 20 21:00:44 2015 +0000
----------------------------------------------------------------------
.../apache/jena/security/SecurityEvaluator.java | 512 +++++++++---------
.../security/graph/SecuredCapabilities.java | 18 +-
.../graph/SecuredGraphEventManager.java | 531 +++++++------------
.../security/impl/CachedSecurityEvaluator.java | 117 ++--
.../jena/security/impl/SecuredItemImpl.java | 16 +-
.../security/model/impl/SecuredRDFListImpl.java | 2 +-
.../security/model/impl/SecuredRSIterator.java | 2 +-
.../jena/security/query/SecuredQueryEngine.java | 14 +-
.../security/query/rewriter/OpRewriter.java | 5 +-
.../query/rewriter/SecuredFunction.java | 3 +-
.../security/utils/PermStatementFilter.java | 9 +-
.../jena/security/utils/PermTripleFilter.java | 9 +-
.../jena/security/utils/RDFListSecFilter.java | 9 +-
.../jena/security/MockSecurityEvaluator.java | 16 +-
.../security/ModelBasedSecurityEvaluator.java | 35 +-
.../jena/security/StaticSecurityEvaluator.java | 41 +-
.../graph/CachedSecurityEvaluatorTest.java | 27 +
.../security/graph/BulkUpdateHandlerTest.java | 57 +-
.../graph/CrossIDGraphEventManagerTest.java | 78 +++
.../security/graph/GraphEventManagerTest.java | 127 +----
.../security/graph/RecordingGraphListener.java | 106 ++++
.../graph/SecuredPrefixMappingTest.java | 68 +--
.../security/model/SecuredModelDetailTest.java | 20 +-
.../jena/security/query/QueryEngineTest.java | 97 ++--
24 files changed, 971 insertions(+), 948 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/jena/blob/23d1bde2/jena-security/src/main/java/org/apache/jena/security/SecurityEvaluator.java
----------------------------------------------------------------------
diff --git a/jena-security/src/main/java/org/apache/jena/security/SecurityEvaluator.java b/jena-security/src/main/java/org/apache/jena/security/SecurityEvaluator.java
index e2ccd96..ab8ea1d 100644
--- a/jena-security/src/main/java/org/apache/jena/security/SecurityEvaluator.java
+++ b/jena-security/src/main/java/org/apache/jena/security/SecurityEvaluator.java
@@ -6,9 +6,9 @@
* to you under the Apache License, Version 2.0 (the
* "License"); you may not use this file except in compliance
* with the License. You may obtain a copy of the License at
- *
+ *
* http://www.apache.org/licenses/LICENSE-2.0
- *
+ *
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
@@ -28,68 +28,71 @@ import org.apache.commons.lang.builder.HashCodeBuilder;
* SecurityEvaluator.
* <p>
* The security evaluator is the link between the graph security system and an
- * external
- * security system. This interface specifies the methods that are required by
- * the graph
- * security system. It is assumed that the implementation will handle tracking
- * the current
- * user and will query some underlying data source to determine what actions the
- * user can
- * and can not take.
- * </p><p>
- * All questions of white listing or black listing will be handled in the concrete
- * implementation.
- * </p><p>
+ * external security system. This interface specifies the methods that are
+ * required by the graph security system. It is assumed that the implementation
+ * will handle tracking the current user and will query some underlying data
+ * source to determine what actions the user can and can not take.
+ * </p>
+ * <p>
+ * All questions of white listing or black listing will be handled in the
+ * concrete implementation.
+ * </p>
+ * <p>
* Implementations of this class should probably cache any evaluate calculations
- * as the evaluate methods are called frequently. However, the underlying classes
- * do cache results within a single method check.
+ * as the evaluate methods are called frequently. However, the underlying
+ * classes do cache results within a single method check.
* </p>
* <p>
* <dl>
* <dt>Secured operations</dt>
- * <dd>The security system recognizes and secures each of the CRUD (Create, Read, Update and Delete)
- * operations as represented by the Action enumeration.</dd>
+ * <dd>The security system recognizes and secures each of the CRUD (Create,
+ * Read, Update and Delete) operations as represented by the Action enumeration.
+ * </dd>
* </dl>
* <dl>
* <dt>Levels of security</dt>
- * <dd>The security interfaces operates at two (2) levels: graph (or Model) and triple.
- * <p>At the the graph level the security evaluator may restrict CRUD access to the graph or model as a whole.
- * When evaluating the restriction, if the user it not permitted to perform the operation on the
- * graph or model access is denied. If the user is permitted any triple restrictions are evaluated.
- * </p><p>
- * At the triple level the security evaluator may restrict CRUD access to specific triples. In order
- * to skip potentially expensive triple security checks the system will generally ask if the user is
- * permitted the CRUD action on any triple. This is represented by the SecTriple
- * <code>(ANY, ANY, ANY)</code>.
+ * <dd>The security interfaces operates at two (2) levels: graph (or Model) and
+ * triple.
+ * <p>
+ * At the the graph level the security evaluator may restrict CRUD access to the
+ * graph or model as a whole. When evaluating the restriction, if the user it
+ * not permitted to perform the operation on the graph or model access is
+ * denied. If the user is permitted any triple restrictions are evaluated.
+ * </p>
+ * <p>
+ * At the triple level the security evaluator may restrict CRUD access to
+ * specific triples. In order to skip potentially expensive triple security
+ * checks the system will generally ask if the user is permitted the CRUD action
+ * on any triple. This is represented by the SecTriple
+ * <code>(ANY, ANY, ANY)</code>.
* <ul>
* <li>
- * If the system does not support triple level security the system should always return <code>true</code>.
- * </li>
- * If the system does support triple level security and is unable to verify that the user can execute
- * the CRUD action against any arbitrary triple the system should return <code>false</code>.
- * </li>
- * <li>See <code>SecNode.ANY</code>, <code>SecNode.FUTURE</code>, and <code>SecNode.VARIABLE</code>
- * for discussion of specifics of their respective usages.</li>
+ * If the system does not support triple level security the system should always
+ * return <code>true</code>.</li>
+ * If the system does support triple level security and is unable to verify that
+ * the user can execute the CRUD action against any arbitrary triple the system
+ * should return <code>false</code>. </li>
+ * <li>See <code>SecNode.ANY</code>, <code>SecNode.FUTURE</code>, and
+ * <code>SecNode.VARIABLE</code> for discussion of specifics of their respective
+ * usages.</li>
* </ul>
* </p>
* </dd>
* </dl>
* <dl>
* <dt>
- *
+ *
* </p>
*/
-public interface SecurityEvaluator
-{
+public interface SecurityEvaluator {
/**
* Identifies a sepcific CRUD actions.
*/
- static enum Action
- {
+ static enum Action {
/**
* Allow creation of the object in question.
*/
- Create,
+ Create,
/**
* Allow the user to read the object in question.
*/
@@ -97,50 +100,48 @@ public interface SecurityEvaluator
/**
* Allow the user to update the object in question
*/
- Update,
+ Update,
/**
* Allow the user to delete the object in question.
*/
Delete
-
+
}
/**
* A node in the evaluation.
* <p>
* A node with no value represents a node of that type but unknown
- * exactitude. (e.g.
- * <code>SecNode(URI,"")</code> is a URI but of unknown value. Useful for systems that
- * restrict
- * type creation.
- * </p><p>
- * <code>SecNode(Anonymous,"")</code> represents an anonymous node that will be created.
- * Otherwise anonymous
- * node values are the values within the secured graph.
- * </p><p>
+ * exactitude. (e.g. <code>SecNode(URI,"")</code> is a URI but of unknown
+ * value. Useful for systems that restrict type creation.
+ * </p>
+ * <p>
+ * <code>SecNode(Anonymous,"")</code> represents an anonymous node that will
+ * be created. Otherwise anonymous node values are the values within the
+ * secured graph.
+ * </p>
+ * <p>
* An "Any" node type matches any node.
* </p>
*/
- public static class SecNode implements Comparable<SecNode>
- {
+ public static class SecNode implements Comparable<SecNode> {
/**
* The types of nodes.
*/
- public static enum Type
- {
+ public static enum Type {
/**
* A URI type node
*/
- URI,
+ URI,
/**
* A Literal node.
*/
- Literal,
+ Literal,
/**
- * An anonymous node. Also called a "blank" node.
+ * An anonymous node. Also called a "blank" node.
*/
- Anonymous,
+ Anonymous,
/**
* Any node.
*/
@@ -152,81 +153,80 @@ public interface SecurityEvaluator
* <p>
* Used in triple checks as follows:
* <dl>
- * <dt><code>(ANY, ANY, ANY)</code>
- * </dt><dd>Asks if the user may perform the action on any triple.
- * </dd>
- * <dt><code>(X, ANY, ANY)</code>
- * </dt><dd>Asks if the user may perform the action against
- * any triple where X is the subject.
- * </dd>
- * <dt><code>(ANY, X, ANY)</code>
- * </dt><dd>Asks if the user may perform the action against
- * any triple where X is the predicate.
- * </dd>
- * <dt><code>(SecNode.ANY, SecNode.ANY, SecNode.X)</code>
- * </dt><dd>Asks if if the user may perform the action against
- * any triple where X is the object.
- * </dd>
+ * <dt><code>(ANY, ANY, ANY)</code></dt>
+ * <dd>Asks if the user may perform the action on any triple.</dd>
+ * <dt><code>(X, ANY, ANY)</code></dt>
+ * <dd>Asks if the user may perform the action against any triple where
+ * X is the subject.</dd>
+ * <dt><code>(ANY, X, ANY)</code></dt>
+ * <dd>Asks if the user may perform the action against any triple where
+ * X is the predicate.</dd>
+ * <dt><code>(SecNode.ANY, SecNode.ANY, SecNode.X)</code></dt>
+ * <dd>Asks if if the user may perform the action against any triple
+ * where X is the object.</dd>
* </dl>
- * The <code>ANY</code> may occur multiple times and may occur with the
+ * The <code>ANY</code> may occur multiple times and may occur with the
* <code>VARIABLE</code> and/or <code>FUTURE</code> nodes.
* </p>
*/
public static final SecNode ANY = new SecNode(Type.Any, "any");
-
+
/**
* Indicates a variable in the triple.
* <p>
- * </p>This differs from <code>ANY</code>
- * in that the system is asking if there are any prohibitions not if the user
- * may perform. Thus queries with the VARIABLE type node should return <code>true</code>
- * where <code>ANY</code> returns <code>false</code>. In general this type is used in the
- * query to determine if triple level filtering of results must be performed.<p>
- * </p><p>
+ * </p>
+ * This differs from <code>ANY</code> in that the system is asking if
+ * there are any prohibitions not if the user may perform. Thus queries
+ * with the VARIABLE type node should return <code>true</code> where
+ * <code>ANY</code> returns <code>false</code>. In general this type is
+ * used in the query to determine if triple level filtering of results
+ * must be performed.
+ * <p>
+ * </p>
+ * <p>
* <dl>
- * <dt><code>(VARIABLE, X, Y )</code>
- * </dt><dd>
- * Asks if there are any prohibitions against the user seeing all subjects
- * that have property X and object Y.
- * </dd><dt>
- * <code>(X, VARIABLE, Y )</code>
- * </dt><dd>
- * Asks if there are any prohibitions against the user seeing all predicates
- * that have subject X and object Y.
- * </dd><dt>
- * <code>(X, Y, VARIABLE)</code>
- * </dt><dd>
- * Asks if there are any prohibitions against the user seeing all objects
- * that have subject X and predicate Y.
- * </dd>
+ * <dt><code>(VARIABLE, X, Y )</code></dt>
+ * <dd>
+ * Asks if there are any prohibitions against the user seeing all
+ * subjects that have property X and object Y.</dd>
+ * <dt>
+ * <code>(X, VARIABLE, Y )</code></dt>
+ * <dd>
+ * Asks if there are any prohibitions against the user seeing all
+ * predicates that have subject X and object Y.</dd>
+ * <dt>
+ * <code>(X, Y, VARIABLE)</code></dt>
+ * <dd>
+ * Asks if there are any prohibitions against the user seeing all
+ * objects that have subject X and predicate Y.</dd>
* </dl>
- * The <code>VARIABLE</code> may occur multiple times and may occur with the
- * <code>ANY</code> node.
+ * The <code>VARIABLE</code> may occur multiple times and may occur with
+ * the <code>ANY</code> node.
* </p>
- *
+ *
*/
public static final SecNode VARIABLE = new SecNode(Type.Any, "variable");
/**
* This is an anonymous node that will be created in the future.
* <p>
- * FUTURE is used to check that an anonymous node may be created in
- * as specific position in a triple.
- * </p><p>
+ * FUTURE is used to check that an anonymous node may be created in as
+ * specific position in a triple.
+ * </p>
+ * <p>
* <dl>
- * <dt><code>(FUTURE, X, Y )</code>
- * </dt><dd>
- * Asks if there the user may create an anonymous node
- * that has property X and object Y.
- * </dd><dt>
- * <code>(X, Y, FUTURE)</code>
- * </dt><dd>
- * Asks if there the user may create an anonymous node
- * that has subject X and property Y.
- * </dd>
+ * <dt><code>(FUTURE, X, Y )</code></dt>
+ * <dd>
+ * Asks if there the user may create an anonymous node that has property
+ * X and object Y.</dd>
+ * <dt>
+ * <code>(X, Y, FUTURE)</code></dt>
+ * <dd>
+ * Asks if there the user may create an anonymous node that has subject
+ * X and property Y.</dd>
* </dl>
- * The <code>FUTURE</code> may occur multiple times and may occur with the
- * <code>ANY</code> node.
+ * The <code>FUTURE</code> may occur multiple times and may occur with
+ * the <code>ANY</code> node.
* </p>
*/
public static final SecNode FUTURE = new SecNode(Type.Anonymous, "");
@@ -237,27 +237,27 @@ public interface SecurityEvaluator
/**
* Create a SecNode of the type and value.
- * @param type The type of the node
- * @param value The value of the node. A null is interpreted as an empty string.
+ *
+ * @param type
+ * The type of the node
+ * @param value
+ * The value of the node. A null is interpreted as an empty
+ * string.
*/
- public SecNode( final Type type, final String value )
- {
+ public SecNode(final Type type, final String value) {
this.type = type;
this.value = value == null ? "" : value;
}
@Override
- public int compareTo( final SecNode node )
- {
+ public int compareTo(final SecNode node) {
final int retval = type.compareTo(node.type);
return retval == 0 ? value.compareTo(node.value) : retval;
}
@Override
- public boolean equals( final Object o )
- {
- if (o instanceof SecNode)
- {
+ public boolean equals(final Object o) {
+ if (o instanceof SecNode) {
return this.compareTo((SecNode) o) == 0;
}
return false;
@@ -265,27 +265,25 @@ public interface SecurityEvaluator
/**
* Get the type of the node.
+ *
* @return The type of the node.
*/
- public Type getType()
- {
+ public Type getType() {
return type;
}
/**
* Get the value of the node.
+ *
* @return the value of the node
*/
- public String getValue()
- {
+ public String getValue() {
return value;
}
@Override
- public int hashCode()
- {
- if (hashCode == null)
- {
+ public int hashCode() {
+ if (hashCode == null) {
hashCode = new HashCodeBuilder().append(type).append(value)
.toHashCode();
}
@@ -293,8 +291,7 @@ public interface SecurityEvaluator
}
@Override
- public String toString()
- {
+ public String toString() {
return String.format("[%s:%s]", getType(), getValue());
}
}
@@ -302,8 +299,7 @@ public interface SecurityEvaluator
/**
* An immutable triple of SecNodes.
*/
- public static class SecTriple implements Comparable<SecTriple>
- {
+ public static class SecTriple implements Comparable<SecTriple> {
private final SecNode subject;
private final SecNode predicate;
private final SecNode object;
@@ -317,24 +313,25 @@ public interface SecurityEvaluator
/**
* Create the sec triple
- * @param subject The subject node.
- * @param predicate The predicate node.
- * @param object The object node.
- * @throws IllegalArgumentException is any value is null.
+ *
+ * @param subject
+ * The subject node.
+ * @param predicate
+ * The predicate node.
+ * @param object
+ * The object node.
+ * @throws IllegalArgumentException
+ * is any value is null.
*/
- public SecTriple( final SecNode subject, final SecNode predicate,
- final SecNode object )
- {
- if (subject == null)
- {
+ public SecTriple(final SecNode subject, final SecNode predicate,
+ final SecNode object) {
+ if (subject == null) {
throw new IllegalArgumentException("Subject may not be null");
}
- if (predicate == null)
- {
+ if (predicate == null) {
throw new IllegalArgumentException("Predicate may not be null");
}
- if (object == null)
- {
+ if (object == null) {
throw new IllegalArgumentException("Object may not be null");
}
this.subject = subject;
@@ -343,25 +340,20 @@ public interface SecurityEvaluator
}
@Override
- public int compareTo( final SecTriple o )
- {
- if (o == null)
- {
+ public int compareTo(final SecTriple o) {
+ if (o == null) {
return 1;
}
int retval = subject.compareTo(o.subject);
- if (retval == 0)
- {
+ if (retval == 0) {
retval = predicate.compareTo(o.predicate);
}
return retval == 0 ? object.compareTo(o.object) : retval;
}
@Override
- public boolean equals( final Object o )
- {
- if (o instanceof SecTriple)
- {
+ public boolean equals(final Object o) {
+ if (o instanceof SecTriple) {
return this.compareTo((SecTriple) o) == 0;
}
return false;
@@ -370,32 +362,27 @@ public interface SecurityEvaluator
/**
* @return the object node.
*/
- public SecNode getObject()
- {
+ public SecNode getObject() {
return object;
}
/**
* @return the predicate node.
*/
- public SecNode getPredicate()
- {
+ public SecNode getPredicate() {
return predicate;
}
/**
* @return the subject node.
*/
- public SecNode getSubject()
- {
+ public SecNode getSubject() {
return subject;
}
@Override
- public int hashCode()
- {
- if (hashCode == null)
- {
+ public int hashCode() {
+ if (hashCode == null) {
hashCode = new HashCodeBuilder().append(object)
.append(predicate).append(subject).toHashCode();
}
@@ -403,43 +390,46 @@ public interface SecurityEvaluator
}
@Override
- public String toString()
- {
+ public String toString() {
return String.format("( %s, %s, %s )", getSubject(),
getPredicate(), getObject());
}
}
/**
- * A collection of utility functions for the SecurityEvaluator implementations.
+ * A collection of utility functions for the SecurityEvaluator
+ * implementations.
*/
- public static class Util
- {
+ public static class Util {
/**
* Return an array of actions as a set.
- * <p>The order of the collection is preserved</p>
- * @param actions The actions.
+ * <p>
+ * The order of the collection is preserved
+ * </p>
+ *
+ * @param actions
+ * The actions.
* @return The set of actions.
*/
- public static Set<Action> asSet( final Action[] actions )
- {
+ public static Set<Action> asSet(final Action[] actions) {
return Util.asSet(Arrays.asList(actions));
}
/**
* Return a collection of actions as a set.
- * <p>The order of the collection is preserved</p>
- * @param actions The collection of actions.
+ * <p>
+ * The order of the collection is preserved
+ * </p>
+ *
+ * @param actions
+ * The collection of actions.
* @return The set of actions.
*/
- public static Set<Action> asSet( final Collection<Action> actions )
- {
- if (actions instanceof Set)
- {
+ public static Set<Action> asSet(final Collection<Action> actions) {
+ if (actions instanceof Set) {
return (Set<Action>) actions;
}
- else
- {
+ else {
return new LinkedHashSet<Action>(actions);
}
}
@@ -447,14 +437,17 @@ public interface SecurityEvaluator
/**
* Determine if the action is allowed on the graph.
- *
+ *
+ * @param principal
+ * The principal that is attempting the action.
+ *
* @param action
* The action to perform
* @param graphIRI
* The IRI of the graph to check
* @return true if the action is allowed, false otherwise.
*/
- public boolean evaluate( Action action, SecNode graphIRI );
+ public boolean evaluate(Object principal, Action action, SecNode graphIRI);
/**
* Determine if the action is allowed on the triple within the graph.
@@ -462,124 +455,161 @@ public interface SecurityEvaluator
* The evaluation should be performed in the following order:
* <ol>
* <li>
- * If the triple contains a <code>VARIABLE</code> then this method must return <code>true</code> if
- * there are any restrictions where the remaining nodes are either constants or <code>ANY</code>
- * nodes. This will force the system to use subsequent checks to verify access by substituting
- * the value of the <code>VARIABLE</code>s. <em>If the system can not quickly verify the solution
+ * If the triple contains a <code>VARIABLE</code> then this method must
+ * return <code>true</code> if there are any restrictions where the
+ * remaining nodes are either constants or <code>ANY</code> nodes. This will
+ * force the system to use subsequent checks to verify access by
+ * substituting the value of the <code>VARIABLE</code>s.
+ * <em>If the system can not quickly verify the solution
* it is always acceptable to return <code>true</code>.</em>
* <li>
- * Except as specified in the above check, if the triple contains an <code>ANY</code> then this
- * method must return <code>false</code> if
- * there are any restrictions where the remaining nodes are held constant and the ANY
- * node is allowed to vary. This checks is used to avoid subsequent explicit triple checks.
+ * Except as specified in the above check, if the triple contains an
+ * <code>ANY</code> then this method must return <code>false</code> if there
+ * are any restrictions where the remaining nodes are held constant and the
+ * ANY node is allowed to vary. This checks is used to avoid subsequent
+ * explicit triple checks.
* <em>If the system can not quickly verify the solution it is always
- * acceptable to return <code>false</code>.</em>
- * </li>
- * <li>All other triples are explict triples and the system must determine if the user is
- * permitted to perform the action on the triple.
- * If the triple contains a <code>FUTURE</code> node that node should be considered as
- * an anonymous or blank node that is not yet created. It should only be used with
- * <code>Create</code> actions and is asking if the user may create a blank node in that
- * position in the triple.</li>
+ * acceptable to return <code>false</code>.</em></li>
+ * <li>All other triples are explict triples and the system must determine
+ * if the user is permitted to perform the action on the triple. If the
+ * triple contains a <code>FUTURE</code> node that node should be considered
+ * as an anonymous or blank node that is not yet created. It should only be
+ * used with <code>Create</code> actions and is asking if the user may
+ * create a blank node in that position in the triple.</li>
* </ol>
* </p>
+ *
+ * @param principal
+ * The principal that is attempting the action.
+ *
* @param action
* The action to perform
* @param graphIRI
- * The IRI of the graph to the action is being taken upon. May be <code>ANY</code>.
+ * The IRI of the graph to the action is being taken upon. May be
+ * <code>ANY</code>.
* @param triple
* The triple to check
* @return true if the action is allowed, false otherwise.
- * @throws IllegalArgumentException if any argument is null.
+ * @throws IllegalArgumentException
+ * if any argument is null.
*/
- public boolean evaluate( Action action, SecNode graphIRI, SecTriple triple );
+ public boolean evaluate(Object principal, Action action, SecNode graphIRI,
+ SecTriple triple);
/**
* Determine if all actions are allowed on the graph.
- *
+ *
+ * @param principal
+ * The principal that is attempting the action.
+ *
* @param actions
* The set of actions to perform
* @param graphIRI
- * The IRI of the graph to the action is being taken upon. May be <code>ANY</code>.
+ * The IRI of the graph to the action is being taken upon. May be
+ * <code>ANY</code>.
* @return true if all the actions are allowed, false otherwise.
- * @throws IllegalArgumentException if any argument is null.
+ * @throws IllegalArgumentException
+ * if any argument is null.
*/
- public boolean evaluate( Set<Action> actions, SecNode graphIRI );
+ public boolean evaluate(Object principal, Set<Action> actions,
+ SecNode graphIRI);
/**
* Determine if all the actions are allowed on the triple within the graph.
* <p>
- * See evaluate( Action, SecNode, SecTriple ) for discussion of evaluation strategy.
+ * See evaluate( Action, SecNode, SecTriple ) for discussion of evaluation
+ * strategy.
* </p>
+ *
* @param actions
* The actions to perform.
* @param graphIRI
- * The IRI of the graph to the action is being taken upon. May be <code>ANY</code>.
+ * The IRI of the graph to the action is being taken upon. May be
+ * <code>ANY</code>.
* @param triple
* The triple to check
* @return true if all the actions are allowed, false otherwise.
- * @throws IllegalArgumentException if any argument is null.
+ * @throws IllegalArgumentException
+ * if any argument is null.
*/
- public boolean evaluate( Set<Action> actions, SecNode graphIRI,
- SecTriple triple );
+ public boolean evaluate(Object principal, Set<Action> actions,
+ SecNode graphIRI, SecTriple triple);
/**
* Determine if any of the actions are allowed on the graph.
- *
+ *
+ * @param principal
+ * The principal that is attempting the action.
+ *
* @param actions
* The actions to perform
* @param graphIRI
- * The IRI of the graph to the action is being taken upon. May be <code>ANY</code>.
+ * The IRI of the graph to the action is being taken upon. May be
+ * <code>ANY</code>.
* @return true true if any the actions are allowed, false otherwise.
- * @throws IllegalArgumentException if any argument is null.
+ * @throws IllegalArgumentException
+ * if any argument is null.
*/
- public boolean evaluateAny( Set<Action> actions, SecNode graphIRI );
+ public boolean evaluateAny(Object principal, Set<Action> actions,
+ SecNode graphIRI);
/**
- * Determine if any of the actions are allowed on the triple within the graph.
+ * Determine if any of the actions are allowed on the triple within the
+ * graph.
* <p>
- * See evaluate( Action, SecNode, SecTriple ) for discussion of evaluation strategy.
+ * See evaluate( Action, SecNode, SecTriple ) for discussion of evaluation
+ * strategy.
* </p>
- *
+ *
+ * @param principal
+ * The principal that is attempting the action.
+ *
* @param actions
* The actions to check.
* @param graphIRI
- * The IRI of the graph to the action is being taken upon. May be <code>ANY</code>.
+ * The IRI of the graph to the action is being taken upon. May be
+ * <code>ANY</code>.
* @param triple
* The triple to check
* @return true if any the actions are allowed, false otherwise.
- * @throws IllegalArgumentException if any argument is null.
+ * @throws IllegalArgumentException
+ * if any argument is null.
*/
- public boolean evaluateAny( Set<Action> actions, SecNode graphIRI,
- SecTriple triple );
+ public boolean evaluateAny(Object principal, Set<Action> actions,
+ SecNode graphIRI, SecTriple triple);
/**
* Determine if the user is allowed to update the "from" triple to the "to"
* triple.
* <p>
- * Update is a special case since it modifies one triple to be another. So the user must
- * have permissions to change the "from" triple into the "to" triple.
- *
+ * Update is a special case since it modifies one triple to be another. So
+ * the user must have permissions to change the "from" triple into the "to"
+ * triple.
+ *
+ * @param principal
+ * The principal that is attempting the action.
* @param graphIRI
- * The IRI of the graph to the action is being taken upon. May be <code>ANY</code>.
+ * The IRI of the graph to the action is being taken upon. May be
+ * <code>ANY</code>.
* @param from
* The triple to be changed
* @param to
* The value to change it to.
* @return true if the user may make the change, false otherwise.
- * @throws IllegalArgumentException if any argument is null.
+ * @throws IllegalArgumentException
+ * if any argument is null.
*/
- public boolean evaluateUpdate( SecNode graphIRI, SecTriple from,
- SecTriple to );
+ public boolean evaluateUpdate(Object principal, SecNode graphIRI,
+ SecTriple from, SecTriple to);
/**
* returns the current principal or null if there is no current principal.
- *
- * All security evaluation methods use this method to determine who
- * the call is being executed as. This allows subsystems (like the listener system)
- * to capture the current user
- * and evaluate later calls in terms of that user.
- *
+ *
+ * All security evaluation methods use this method to determine who the call
+ * is being executed as. This allows subsystems (like the listener system)
+ * to capture the current user and evaluate later calls in terms of that
+ * user.
+ *
* @return The current principal
*/
public Object getPrincipal();
http://git-wip-us.apache.org/repos/asf/jena/blob/23d1bde2/jena-security/src/main/java/org/apache/jena/security/graph/SecuredCapabilities.java
----------------------------------------------------------------------
diff --git a/jena-security/src/main/java/org/apache/jena/security/graph/SecuredCapabilities.java b/jena-security/src/main/java/org/apache/jena/security/graph/SecuredCapabilities.java
index d39e116..55dac8f 100644
--- a/jena-security/src/main/java/org/apache/jena/security/graph/SecuredCapabilities.java
+++ b/jena-security/src/main/java/org/apache/jena/security/graph/SecuredCapabilities.java
@@ -62,7 +62,7 @@ public class SecuredCapabilities implements Capabilities
@Override
public boolean addAllowed()
{
- return securityEvaluator.evaluate(Action.Update, graphIRI)
+ return securityEvaluator.evaluate(securityEvaluator.getPrincipal(), Action.Update, graphIRI)
&& capabilities.addAllowed();
}
@@ -73,12 +73,14 @@ public class SecuredCapabilities implements Capabilities
@Override
public boolean addAllowed( final boolean everyTriple )
{
- boolean retval = securityEvaluator.evaluate(Action.Update, graphIRI)
+ Object principal = securityEvaluator.getPrincipal();
+
+ boolean retval = securityEvaluator.evaluate(principal, Action.Update, graphIRI)
&& capabilities.addAllowed(everyTriple);
if (retval && everyTriple)
{
// special security check
- retval = securityEvaluator.evaluate(Action.Create, graphIRI,
+ retval = securityEvaluator.evaluate(principal, Action.Create, graphIRI,
SecTriple.ANY);
}
return retval;
@@ -96,7 +98,7 @@ public class SecuredCapabilities implements Capabilities
@Override
public boolean deleteAllowed()
{
- return securityEvaluator.evaluate(Action.Update, graphIRI)
+ return securityEvaluator.evaluate(securityEvaluator.getPrincipal(), Action.Update, graphIRI)
&& capabilities.deleteAllowed();
}
@@ -107,12 +109,14 @@ public class SecuredCapabilities implements Capabilities
@Override
public boolean deleteAllowed( final boolean everyTriple )
{
- boolean retval = securityEvaluator.evaluate(Action.Update, graphIRI)
+ Object principal = securityEvaluator.getPrincipal();
+
+ boolean retval = securityEvaluator.evaluate(principal, Action.Update, graphIRI)
&& capabilities.addAllowed(everyTriple);
if (retval && everyTriple)
{
// special security check
- retval = securityEvaluator.evaluate(Action.Delete, graphIRI,
+ retval = securityEvaluator.evaluate(principal, Action.Delete, graphIRI,
SecTriple.ANY);
}
return retval;
@@ -136,7 +140,7 @@ public class SecuredCapabilities implements Capabilities
@Override
public boolean iteratorRemoveAllowed()
{
- return securityEvaluator.evaluate(Action.Update, graphIRI)
+ return securityEvaluator.evaluate(securityEvaluator.getPrincipal(), Action.Update, graphIRI)
&& capabilities.iteratorRemoveAllowed();
}
http://git-wip-us.apache.org/repos/asf/jena/blob/23d1bde2/jena-security/src/main/java/org/apache/jena/security/graph/SecuredGraphEventManager.java
----------------------------------------------------------------------
diff --git a/jena-security/src/main/java/org/apache/jena/security/graph/SecuredGraphEventManager.java b/jena-security/src/main/java/org/apache/jena/security/graph/SecuredGraphEventManager.java
index 70549f4..229c953 100644
--- a/jena-security/src/main/java/org/apache/jena/security/graph/SecuredGraphEventManager.java
+++ b/jena-security/src/main/java/org/apache/jena/security/graph/SecuredGraphEventManager.java
@@ -6,9 +6,9 @@
* to you under the Apache License, Version 2.0 (the
* "License"); you may not use this file except in compliance
* with the License. You may obtain a copy of the License at
- *
+ *
* http://www.apache.org/licenses/LICENSE-2.0
- *
+ *
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
@@ -17,16 +17,6 @@
*/
package org.apache.jena.security.graph;
-import com.hp.hpl.jena.graph.Graph;
-import com.hp.hpl.jena.graph.GraphEventManager;
-import com.hp.hpl.jena.graph.GraphListener;
-import com.hp.hpl.jena.graph.Triple;
-import com.hp.hpl.jena.graph.impl.CollectionGraph;
-import com.hp.hpl.jena.util.iterator.ExtendedIterator;
-import com.hp.hpl.jena.util.iterator.NiceIterator;
-import com.hp.hpl.jena.util.iterator.WrappedIterator;
-
-import java.security.Principal;
import java.util.Arrays;
import java.util.Collection;
import java.util.Collections;
@@ -45,21 +35,26 @@ import org.apache.jena.security.impl.CachedSecurityEvaluator;
import org.apache.jena.security.impl.SecuredItemImpl;
import org.apache.jena.security.utils.PermTripleFilter;
+import com.hp.hpl.jena.graph.Graph;
+import com.hp.hpl.jena.graph.GraphEventManager;
+import com.hp.hpl.jena.graph.GraphListener;
+import com.hp.hpl.jena.graph.Triple;
+import com.hp.hpl.jena.graph.impl.CollectionGraph;
+import com.hp.hpl.jena.util.iterator.ExtendedIterator;
+import com.hp.hpl.jena.util.iterator.NiceIterator;
+import com.hp.hpl.jena.util.iterator.WrappedIterator;
+
/**
- * Since we sit between the graph and other items we have to determine when the message is
- * first seen and send it to the underlying graph if necessary.
+ * Since we sit between the graph and other items we have to determine when the
+ * message is first seen and send it to the underlying graph if necessary.
*/
-public class SecuredGraphEventManager implements GraphEventManager
-{
- private class SecuredGraphListener implements GraphListener
- {
+public class SecuredGraphEventManager implements GraphEventManager {
+ private class SecuredGraphListener implements GraphListener {
private final GraphListener wrapped;
private final Object runAs;
- SecuredGraphListener( final GraphListener wrapped )
- {
- if (wrapped == null)
- {
+ SecuredGraphListener(final GraphListener wrapped) {
+ if (wrapped == null) {
throw new IllegalArgumentException(
"Wrapped listener may not be null");
}
@@ -67,32 +62,25 @@ public class SecuredGraphEventManager implements GraphEventManager
this.runAs = securedGraph.getSecurityEvaluator().getPrincipal();
}
- private Triple[] getArray( final Graph g, final Triple[] triples,
- final Set<Action> perms )
- {
+ private Triple[] getArray(final Graph g, final Triple[] triples,
+ final Set<Action> perms) {
Triple[] retval = triples;
- if (g instanceof SecuredGraphImpl)
- {
+ if (g instanceof SecuredGraphImpl) {
final SecuredGraphImpl sg = (SecuredGraphImpl) g;
- final SecurityEvaluator evaluator = CachedSecurityEvaluator
- .getInstance(sg.getSecurityEvaluator(), runAs);
- if (evaluator.evaluateAny(perms, sg.getModelNode()))
- {
- if (!evaluator.evaluateAny(perms, sg.getModelNode(),
- SecuredItemImpl.convert(Triple.ANY)))
- {
+ final SecurityEvaluator evaluator = new CachedSecurityEvaluator(sg.getSecurityEvaluator(), runAs);
+ if (evaluator.evaluateAny(runAs, perms, sg.getModelNode())) {
+ if (!evaluator.evaluateAny(runAs, perms, sg.getModelNode(),
+ SecuredItemImpl.convert(Triple.ANY))) {
final List<Triple> list = wrapPermIterator(sg,
Arrays.asList(triples).iterator(), perms)
.toList();
retval = list.toArray(new Triple[list.size()]);
}
- else
- {
+ else {
retval = triples;
}
}
- else
- {
+ else {
retval = new Triple[0];
}
}
@@ -100,248 +88,196 @@ public class SecuredGraphEventManager implements GraphEventManager
}
@Override
- public void notifyAddArray( final Graph g, final Triple[] triples )
- {
+ public void notifyAddArray(final Graph g, final Triple[] triples) {
final Triple[] added = getArray(g, triples,
SecuredGraphEventManager.ADD);
- if (added.length > 0)
- {
+ if (added.length > 0) {
wrapped.notifyAddArray(g, added);
}
}
@Override
- public void notifyAddGraph( final Graph g, final Graph added )
- {
+ public void notifyAddGraph(final Graph g, final Graph added) {
Graph addGraph = added;
- if (g instanceof SecuredGraph)
- {
+ if (g instanceof SecuredGraph) {
final SecuredGraph sg = (SecuredGraph) g;
- final SecurityEvaluator evaluator = CachedSecurityEvaluator
- .getInstance(sg.getSecurityEvaluator(), runAs);
- if (evaluator.evaluateAny(SecuredGraphEventManager.ADD,
- sg.getModelNode()))
- {
- if (!evaluator.evaluateAny(SecuredGraphEventManager.ADD,
- sg.getModelNode(),
- SecuredItemImpl.convert(Triple.ANY)))
- {
+ final SecurityEvaluator evaluator = new CachedSecurityEvaluator(sg.getSecurityEvaluator(), runAs);
+ if (evaluator.evaluateAny(runAs, SecuredGraphEventManager.ADD,
+ sg.getModelNode())) {
+ if (!evaluator.evaluateAny(runAs,
+ SecuredGraphEventManager.ADD, sg.getModelNode(),
+ SecuredItemImpl.convert(Triple.ANY))) {
final List<Triple> lst = added.find(Triple.ANY)
.toList();
addGraph = new CollectionGraph(Arrays.asList(getArray(
g, lst.toArray(new Triple[lst.size()]),
SecuredGraphEventManager.ADD)));
}
- else
- {
+ else {
addGraph = added;
}
}
- else
- {
+ else {
addGraph = new CollectionGraph(
Collections.<Triple> emptyList());
}
}
- if (addGraph.size() > 0)
- {
+ if (addGraph.size() > 0) {
wrapped.notifyAddGraph(g, addGraph);
}
}
@Override
- public void notifyAddIterator( final Graph g, final Iterator<Triple> it )
- {
+ public void notifyAddIterator(final Graph g, final Iterator<Triple> it) {
- if (g instanceof SecuredGraphImpl)
- {
+ if (g instanceof SecuredGraphImpl) {
final SecuredGraphImpl sg = (SecuredGraphImpl) g;
- final SecurityEvaluator evaluator = CachedSecurityEvaluator
- .getInstance(sg.getSecurityEvaluator(), runAs);
+ final SecurityEvaluator evaluator = new CachedSecurityEvaluator(sg.getSecurityEvaluator(), runAs);
// only report if we can write to the graph
- if (evaluator.evaluateAny(SecuredGraphEventManager.ADD,
- sg.getModelNode()))
- {
+ if (evaluator.evaluateAny(runAs, SecuredGraphEventManager.ADD,
+ sg.getModelNode())) {
final ExtendedIterator<Triple> iter = wrapPermIterator(sg,
it, SecuredGraphEventManager.ADD);
- try
- {
+ try {
wrapped.notifyAddIterator(g, iter);
- }
- finally
- {
+ } finally {
iter.close();
}
}
}
- else
- {
+ else {
wrapped.notifyAddIterator(g, it);
}
}
@Override
- public void notifyAddList( final Graph g, final List<Triple> triples )
- {
+ public void notifyAddList(final Graph g, final List<Triple> triples) {
List<Triple> list = triples;
- if (g instanceof SecuredGraphImpl)
- {
+ if (g instanceof SecuredGraphImpl) {
final SecuredGraphImpl sg = (SecuredGraphImpl) g;
- final SecurityEvaluator evaluator = CachedSecurityEvaluator
- .getInstance(sg.getSecurityEvaluator(), runAs);
- if (evaluator.evaluateAny(SecuredGraphEventManager.ADD,
- sg.getModelNode()))
- {
- if (!evaluator.evaluateAny(SecuredGraphEventManager.ADD,
- sg.getModelNode(),
- SecuredItemImpl.convert(Triple.ANY)))
- {
+ final SecurityEvaluator evaluator = new CachedSecurityEvaluator(sg.getSecurityEvaluator(), runAs);
+ if (evaluator.evaluateAny(runAs, SecuredGraphEventManager.ADD,
+ sg.getModelNode())) {
+ if (!evaluator.evaluateAny(runAs,
+ SecuredGraphEventManager.ADD, sg.getModelNode(),
+ SecuredItemImpl.convert(Triple.ANY))) {
list = wrapPermIterator(sg, triples.iterator(),
SecuredGraphEventManager.ADD).toList();
}
- else
- {
+ else {
list = triples;
}
}
- else
- {
+ else {
list = Collections.emptyList();
}
}
- if (list.size() > 0)
- {
+ if (list.size() > 0) {
wrapped.notifyAddList(g, list);
}
}
@Override
- public void notifyAddTriple( final Graph g, final Triple t )
- {
+ public void notifyAddTriple(final Graph g, final Triple t) {
boolean notify = false;
- if (g instanceof SecuredGraph)
- {
+ if (g instanceof SecuredGraph) {
final SecuredGraph sg = (SecuredGraph) g;
- final SecurityEvaluator evaluator = CachedSecurityEvaluator
- .getInstance(sg.getSecurityEvaluator(), runAs);
- notify = evaluator.evaluateAny(SecuredGraphEventManager.ADD,
- sg.getModelNode());
- if (notify)
- {
- notify = evaluator.evaluateAny(
+ final SecurityEvaluator evaluator = new CachedSecurityEvaluator(sg.getSecurityEvaluator(), runAs);
+ notify = evaluator.evaluateAny(runAs,
+ SecuredGraphEventManager.ADD, sg.getModelNode());
+ if (notify) {
+ notify = evaluator.evaluateAny(runAs,
SecuredGraphEventManager.ADD, sg.getModelNode(),
SecuredItemImpl.convert(t));
}
}
- else
- {
+ else {
notify = true;
}
- if (notify)
- {
+ if (notify) {
wrapped.notifyAddTriple(g, t);
}
}
@Override
- public void notifyDeleteArray( final Graph g, final Triple[] triples )
- {
+ public void notifyDeleteArray(final Graph g, final Triple[] triples) {
Triple[] deleted = triples;
- if (g instanceof SecuredGraphImpl)
- {
+ if (g instanceof SecuredGraphImpl) {
final SecuredGraphImpl sg = (SecuredGraphImpl) g;
- final SecurityEvaluator evaluator = CachedSecurityEvaluator
- .getInstance(sg.getSecurityEvaluator(), runAs);
- if (evaluator.evaluateAny(SecuredGraphEventManager.DELETE,
- sg.getModelNode()))
- {
- if (!evaluator.evaluateAny(SecuredGraphEventManager.DELETE,
- sg.getModelNode(),
- SecuredItemImpl.convert(Triple.ANY)))
- {
+ final SecurityEvaluator evaluator = new CachedSecurityEvaluator(sg.getSecurityEvaluator(), runAs);
+ if (evaluator.evaluateAny(runAs,
+ SecuredGraphEventManager.DELETE, sg.getModelNode())) {
+ if (!evaluator.evaluateAny(runAs,
+ SecuredGraphEventManager.DELETE, sg.getModelNode(),
+ SecuredItemImpl.convert(Triple.ANY))) {
final List<Triple> list = wrapPermIterator(sg,
Arrays.asList(triples).iterator(),
SecuredGraphEventManager.DELETE).toList();
deleted = list.toArray(new Triple[list.size()]);
}
- else
- {
+ else {
deleted = triples;
}
}
- else
- {
+ else {
deleted = new Triple[0];
}
}
- if (deleted.length > 0)
- {
+ if (deleted.length > 0) {
wrapped.notifyDeleteArray(g, deleted);
}
}
@Override
- public void notifyDeleteGraph( final Graph g, final Graph removed )
- {
- if (g instanceof SecuredGraphImpl)
- {
+ public void notifyDeleteGraph(final Graph g, final Graph removed) {
+ if (g instanceof SecuredGraphImpl) {
final SecuredGraphImpl sg = (SecuredGraphImpl) g;
- final SecurityEvaluator evaluator = CachedSecurityEvaluator
- .getInstance(sg.getSecurityEvaluator(), runAs);
- if (evaluator.evaluateAny(SecuredGraphEventManager.DELETE,
- sg.getModelNode()))
- {
+ final SecurityEvaluator evaluator = new CachedSecurityEvaluator(sg.getSecurityEvaluator(), runAs);
+ if (evaluator.evaluateAny(runAs,
+ SecuredGraphEventManager.DELETE, sg.getModelNode())) {
Graph g2 = removed;
- if (!evaluator.evaluateAny(SecuredGraphEventManager.DELETE,
- sg.getModelNode(),
- SecuredItemImpl.convert(Triple.ANY)))
- {
+ if (!evaluator.evaluateAny(runAs,
+ SecuredGraphEventManager.DELETE, sg.getModelNode(),
+ SecuredItemImpl.convert(Triple.ANY))) {
g2 = new CollectionGraph(
removed.find(Triple.ANY)
- .filterKeep(
- new PermTripleFilter(
- SecuredGraphEventManager.DELETE,
- sg, evaluator))
- .toList());
+ .filterKeep(
+ new PermTripleFilter(
+ SecuredGraphEventManager.DELETE,
+ sg, evaluator))
+ .toList());
}
wrapped.notifyDeleteGraph(g, g2);
}
- else
- {
+ else {
// do nothing.
}
}
- else
- {
+ else {
wrapped.notifyDeleteGraph(g, removed);
}
}
@Override
- public void notifyDeleteIterator( final Graph g,
- final Iterator<Triple> it )
- {
+ public void notifyDeleteIterator(final Graph g,
+ final Iterator<Triple> it) {
Iterator<Triple> iter = it;
- if (g instanceof SecuredGraphImpl)
- {
+ if (g instanceof SecuredGraphImpl) {
final SecuredGraphImpl sg = (SecuredGraphImpl) g;
- final SecurityEvaluator evaluator = CachedSecurityEvaluator
- .getInstance(sg.getSecurityEvaluator(), runAs);
- if (evaluator.evaluateAny(SecuredGraphEventManager.DELETE,
- sg.getModelNode()))
- {
-
- if (!evaluator.evaluateAny(SecuredGraphEventManager.DELETE,
- sg.getModelNode(),
- SecuredItemImpl.convert(Triple.ANY)))
- {
+ final SecurityEvaluator evaluator = new CachedSecurityEvaluator(sg.getSecurityEvaluator(), runAs);
+ if (evaluator.evaluateAny(runAs,
+ SecuredGraphEventManager.DELETE, sg.getModelNode())) {
+
+ if (!evaluator.evaluateAny(runAs,
+ SecuredGraphEventManager.DELETE, sg.getModelNode(),
+ SecuredItemImpl.convert(Triple.ANY))) {
iter = WrappedIterator.create(it).filterKeep(
new PermTripleFilter(
SecuredGraphEventManager.DELETE, sg,
@@ -350,34 +286,27 @@ public class SecuredGraphEventManager implements GraphEventManager
// else use the default list as all can bee seen
wrapped.notifyDeleteIterator(g, iter);
}
- else
- {
+ else {
// do nothing.
}
}
- else
- {
+ else {
wrapped.notifyDeleteIterator(g, iter);
}
}
@Override
- public void notifyDeleteList( final Graph g, final List<Triple> triples )
- {
+ public void notifyDeleteList(final Graph g, final List<Triple> triples) {
List<Triple> list = triples;
- if (g instanceof SecuredGraphImpl)
- {
+ if (g instanceof SecuredGraphImpl) {
final SecuredGraphImpl sg = (SecuredGraphImpl) g;
- final SecurityEvaluator evaluator = CachedSecurityEvaluator
- .getInstance(sg.getSecurityEvaluator(), runAs);
- if (evaluator.evaluateAny(SecuredGraphEventManager.DELETE,
- sg.getModelNode()))
- {
- if (!evaluator.evaluateAny(SecuredGraphEventManager.DELETE,
- sg.getModelNode(),
- SecuredItemImpl.convert(Triple.ANY)))
- {
+ final SecurityEvaluator evaluator = new CachedSecurityEvaluator(sg.getSecurityEvaluator(), runAs);
+ if (evaluator.evaluateAny(runAs,
+ SecuredGraphEventManager.DELETE, sg.getModelNode())) {
+ if (!evaluator.evaluateAny(runAs,
+ SecuredGraphEventManager.DELETE, sg.getModelNode(),
+ SecuredItemImpl.convert(Triple.ANY))) {
list = WrappedIterator
.create(triples.iterator())
.filterKeep(
@@ -387,67 +316,55 @@ public class SecuredGraphEventManager implements GraphEventManager
}
// else use the default list as all can bee seen
}
- else
- {
+ else {
list = Collections.emptyList();
}
}
- if (list.size() > 0)
- {
+ if (list.size() > 0) {
wrapped.notifyDeleteList(g, list);
}
}
@Override
- public void notifyDeleteTriple( final Graph g, final Triple t )
- {
+ public void notifyDeleteTriple(final Graph g, final Triple t) {
boolean notify = false;
- if (g instanceof SecuredGraph)
- {
+ if (g instanceof SecuredGraph) {
final SecuredGraph sg = (SecuredGraph) g;
- final SecurityEvaluator evaluator = CachedSecurityEvaluator
- .getInstance(sg.getSecurityEvaluator(), runAs);
- notify = evaluator.evaluateAny(SecuredGraphEventManager.DELETE,
- sg.getModelNode());
- if (notify)
- {
- notify = evaluator.evaluateAny(
+ final SecurityEvaluator evaluator = new CachedSecurityEvaluator(sg.getSecurityEvaluator(), runAs);
+ notify = evaluator.evaluateAny(runAs,
+ SecuredGraphEventManager.DELETE, sg.getModelNode());
+ if (notify) {
+ notify = evaluator.evaluateAny(runAs,
SecuredGraphEventManager.DELETE, sg.getModelNode(),
SecuredItemImpl.convert(t));
}
}
- else
- {
+ else {
notify = true;
}
- if (notify)
- {
+ if (notify) {
wrapped.notifyDeleteTriple(g, t);
}
}
@Override
- public void notifyEvent( final Graph source, final Object value )
- {
+ public void notifyEvent(final Graph source, final Object value) {
wrapped.notifyEvent(source, value);
}
private ExtendedIterator<Triple> wrapPermIterator(
final SecuredGraphImpl sg, final Iterator<Triple> it,
- final Set<Action> perms )
- {
- final SecurityEvaluator evaluator = CachedSecurityEvaluator
- .getInstance(sg.getSecurityEvaluator(), runAs);
- if (!evaluator.evaluateAny(perms, sg.getModelNode(),
- SecuredItemImpl.convert(Triple.ANY)))
- {
+ final Set<Action> perms) {
+ final SecurityEvaluator evaluator = new CachedSecurityEvaluator(sg.getSecurityEvaluator(), runAs);
+ if (!evaluator.evaluateAny(runAs, perms, sg.getModelNode(),
+ SecuredItemImpl.convert(Triple.ANY))) {
// nope so wrap the iterator with security iterator
return WrappedIterator.create(it).filterKeep(
new PermTripleFilter(perms, sg, evaluator));
}
return WrappedIterator.create(it);
- }
+ }
}
@@ -459,251 +376,203 @@ public class SecuredGraphEventManager implements GraphEventManager
private static Set<Action> ADD;
- static
- {
+ static {
SecuredGraphEventManager.ADD = new HashSet<Action>(
- Arrays.asList(new Action[] { Action.Create, Action.Read }));
+ Arrays.asList(new Action[] {
+ Action.Create, Action.Read
+ }));
SecuredGraphEventManager.DELETE = new HashSet<Action>(
- Arrays.asList(new Action[] { Action.Delete, Action.Read }));
+ Arrays.asList(new Action[] {
+ Action.Delete, Action.Read
+ }));
}
- public SecuredGraphEventManager( final SecuredGraph securedGraph,
- final Graph baseGraph, final GraphEventManager manager )
- {
+ public SecuredGraphEventManager(final SecuredGraph securedGraph,
+ final Graph baseGraph, final GraphEventManager manager) {
this.securedGraph = securedGraph;
this.baseGraph = baseGraph;
manager.register(this);
}
- private synchronized Collection<SecuredGraphListener> getListenerCollection()
- {
+ private synchronized Collection<SecuredGraphListener> getListenerCollection() {
ExtendedIterator<SecuredGraphListener> retval = NiceIterator
.emptyIterator();
- for (final Collection<SecuredGraphListener> coll : listenerMap.values())
- {
+ for (final Collection<SecuredGraphListener> coll : listenerMap.values()) {
retval = retval.andThen(coll.iterator());
}
return retval.toList();
}
@Override
- public boolean listening()
- {
+ public boolean listening() {
return !listenerMap.isEmpty();
}
@Override
- public void notifyAddArray( final Graph g, final Triple[] triples )
- {
+ public void notifyAddArray(final Graph g, final Triple[] triples) {
final boolean wrap = baseGraph.equals(g);
- for (final SecuredGraphListener sgl : getListenerCollection())
- {
- if (wrap)
- {
+ for (final SecuredGraphListener sgl : getListenerCollection()) {
+ if (wrap) {
sgl.notifyAddArray(securedGraph, triples);
}
- else
- {
+ else {
sgl.notifyAddArray(g, triples);
}
}
}
@Override
- public void notifyAddGraph( final Graph g, final Graph added )
- {
+ public void notifyAddGraph(final Graph g, final Graph added) {
final boolean wrap = baseGraph.equals(g);
- for (final SecuredGraphListener sgl : getListenerCollection())
- {
- if (wrap)
- {
+ for (final SecuredGraphListener sgl : getListenerCollection()) {
+ if (wrap) {
sgl.notifyAddGraph(securedGraph, added);
}
- else
- {
+ else {
sgl.notifyAddGraph(g, added);
}
}
}
@Override
- public void notifyAddIterator( final Graph g, final Iterator<Triple> it )
- {
+ public void notifyAddIterator(final Graph g, final Iterator<Triple> it) {
notifyAddIterator(g, WrappedIterator.create(it).toList());
baseGraph.equals(g);
}
@Override
- public void notifyAddIterator( final Graph g, final List<Triple> triples )
- {
+ public void notifyAddIterator(final Graph g, final List<Triple> triples) {
final boolean wrap = baseGraph.equals(g);
- for (final SecuredGraphListener sgl : getListenerCollection())
- {
- if (wrap)
- {
+ for (final SecuredGraphListener sgl : getListenerCollection()) {
+ if (wrap) {
sgl.notifyAddIterator(securedGraph, triples.iterator());
}
- else
- {
+ else {
sgl.notifyAddIterator(g, triples.iterator());
}
}
}
@Override
- public void notifyAddList( final Graph g, final List<Triple> triples )
- {
+ public void notifyAddList(final Graph g, final List<Triple> triples) {
final boolean wrap = baseGraph.equals(g);
- for (final SecuredGraphListener sgl : getListenerCollection())
- {
- if (wrap)
- {
+ for (final SecuredGraphListener sgl : getListenerCollection()) {
+ if (wrap) {
sgl.notifyAddList(securedGraph, triples);
}
- else
- {
+ else {
sgl.notifyAddList(g, triples);
}
}
}
@Override
- public void notifyAddTriple( final Graph g, final Triple t )
- {
+ public void notifyAddTriple(final Graph g, final Triple t) {
final boolean wrap = baseGraph.equals(g);
- for (final SecuredGraphListener sgl : getListenerCollection())
- {
- if (wrap)
- {
+ for (final SecuredGraphListener sgl : getListenerCollection()) {
+ if (wrap) {
sgl.notifyAddTriple(securedGraph, t);
}
- else
- {
+ else {
sgl.notifyAddTriple(g, t);
}
}
}
@Override
- public void notifyDeleteArray( final Graph g, final Triple[] triples )
- {
+ public void notifyDeleteArray(final Graph g, final Triple[] triples) {
final boolean wrap = baseGraph.equals(g);
- for (final SecuredGraphListener sgl : getListenerCollection())
- {
- if (wrap)
- {
+ for (final SecuredGraphListener sgl : getListenerCollection()) {
+ if (wrap) {
sgl.notifyDeleteArray(securedGraph, triples);
}
- else
- {
+ else {
sgl.notifyDeleteArray(g, triples);
}
}
}
@Override
- public void notifyDeleteGraph( final Graph g, final Graph removed )
- {
+ public void notifyDeleteGraph(final Graph g, final Graph removed) {
final boolean wrap = baseGraph.equals(g);
- for (final SecuredGraphListener sgl : getListenerCollection())
- {
- if (wrap)
- {
+ for (final SecuredGraphListener sgl : getListenerCollection()) {
+ if (wrap) {
sgl.notifyDeleteGraph(securedGraph, removed);
}
- else
- {
+ else {
sgl.notifyDeleteGraph(g, removed);
}
}
}
@Override
- public void notifyDeleteIterator( final Graph g, final Iterator<Triple> it )
- {
+ public void notifyDeleteIterator(final Graph g, final Iterator<Triple> it) {
notifyDeleteIterator(g, WrappedIterator.create(it).toList());
}
@Override
- public void notifyDeleteIterator( final Graph g, final List<Triple> triples )
- {
+ public void notifyDeleteIterator(final Graph g, final List<Triple> triples) {
final boolean wrap = baseGraph.equals(g);
- for (final SecuredGraphListener sgl : getListenerCollection())
- {
- if (wrap)
- {
+ for (final SecuredGraphListener sgl : getListenerCollection()) {
+ if (wrap) {
sgl.notifyDeleteIterator(securedGraph, triples.iterator());
}
- else
- {
+ else {
sgl.notifyDeleteIterator(g, triples.iterator());
}
}
}
@Override
- public void notifyDeleteList( final Graph g, final List<Triple> L )
- {
+ public void notifyDeleteList(final Graph g, final List<Triple> L) {
final boolean wrap = baseGraph.equals(g);
- for (final SecuredGraphListener sgl : getListenerCollection())
- {
- if (wrap)
- {
+ for (final SecuredGraphListener sgl : getListenerCollection()) {
+ if (wrap) {
sgl.notifyDeleteList(securedGraph, L);
}
- else
- {
+ else {
sgl.notifyDeleteList(g, L);
}
}
}
@Override
- public void notifyDeleteTriple( final Graph g, final Triple t )
- {
+ public void notifyDeleteTriple(final Graph g, final Triple t) {
final boolean wrap = baseGraph.equals(g);
- for (final SecuredGraphListener sgl : getListenerCollection())
- {
- if (wrap)
- {
+ for (final SecuredGraphListener sgl : getListenerCollection()) {
+ if (wrap) {
sgl.notifyDeleteTriple(securedGraph, t);
}
- else
- {
+ else {
sgl.notifyDeleteTriple(g, t);
}
}
}
@Override
- public void notifyEvent( final Graph source, final Object value )
- {
- if (source instanceof SecuredGraph && securedGraph.equals(source))
- {
- baseGraph.getEventManager().notifyEvent( baseGraph, value);
+ public void notifyEvent(final Graph source, final Object value) {
+ if ((source instanceof SecuredGraph) && securedGraph.equals(source)) {
+ baseGraph.getEventManager().notifyEvent(baseGraph, value);
}
else {
-
+
final boolean wrap = baseGraph.equals(source);
- for (final SecuredGraphListener sgl : getListenerCollection())
- {
- if (wrap)
- {
+ for (final SecuredGraphListener sgl : getListenerCollection()) {
+ if (wrap) {
sgl.notifyEvent(securedGraph, value);
}
- else
- {
+ else {
sgl.notifyEvent(source, value);
}
}
@@ -711,11 +580,9 @@ public class SecuredGraphEventManager implements GraphEventManager
}
@Override
- public synchronized GraphEventManager register( final GraphListener listener )
- {
+ public synchronized GraphEventManager register(final GraphListener listener) {
Stack<SecuredGraphListener> sgl = listenerMap.get(listener);
- if (sgl == null)
- {
+ if (sgl == null) {
sgl = new Stack<SecuredGraphListener>();
}
sgl.push(new SecuredGraphListener(listener));
@@ -725,17 +592,13 @@ public class SecuredGraphEventManager implements GraphEventManager
@Override
public synchronized GraphEventManager unregister(
- final GraphListener listener )
- {
+ final GraphListener listener) {
final Stack<SecuredGraphListener> sgl = listenerMap.get(listener);
- if (sgl != null)
- {
- if (sgl.size() == 1)
- {
+ if (sgl != null) {
+ if (sgl.size() == 1) {
listenerMap.remove(listener);
}
- else
- {
+ else {
sgl.pop();
listenerMap.put(listener, sgl);
}
http://git-wip-us.apache.org/repos/asf/jena/blob/23d1bde2/jena-security/src/main/java/org/apache/jena/security/impl/CachedSecurityEvaluator.java
----------------------------------------------------------------------
diff --git a/jena-security/src/main/java/org/apache/jena/security/impl/CachedSecurityEvaluator.java b/jena-security/src/main/java/org/apache/jena/security/impl/CachedSecurityEvaluator.java
index 342f35b..ffc2868 100644
--- a/jena-security/src/main/java/org/apache/jena/security/impl/CachedSecurityEvaluator.java
+++ b/jena-security/src/main/java/org/apache/jena/security/impl/CachedSecurityEvaluator.java
@@ -6,9 +6,9 @@
* to you under the Apache License, Version 2.0 (the
* "License"); you may not use this file except in compliance
* with the License. You may obtain a copy of the License at
- *
+ *
* http://www.apache.org/licenses/LICENSE-2.0
- *
+ *
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
@@ -17,91 +17,74 @@
*/
package org.apache.jena.security.impl;
-import java.lang.reflect.InvocationHandler;
-import java.lang.reflect.Method;
-import java.lang.reflect.Proxy;
-import java.util.LinkedHashSet;
import java.util.Set;
-import org.apache.commons.lang.ClassUtils;
import org.apache.jena.security.SecurityEvaluator;
/**
* A SecurityEvaluator that can be cached for later use.
*/
-public class CachedSecurityEvaluator implements InvocationHandler
-{
+public class CachedSecurityEvaluator implements SecurityEvaluator {
private final SecurityEvaluator wrapped;
private final Object origPrincipal;
- // The getPrincipal() method.
- private static Method GET_PRINCIPAL;
+ /**
+ *
+ * @param wrapped
+ * @param runAs
+ */
+ public CachedSecurityEvaluator(final SecurityEvaluator wrapped,
+ final Object runAs) {
+ this.origPrincipal = runAs;
+ this.wrapped = wrapped;
+ }
- static
- {
- try
- {
- CachedSecurityEvaluator.GET_PRINCIPAL = SecurityEvaluator.class
- .getMethod("getPrincipal");
- }
- catch (final SecurityException e)
- {
- throw new RuntimeException(e);
- }
- catch (final NoSuchMethodException e)
- {
- throw new RuntimeException(e);
- }
+ @Override
+ public boolean evaluate(final Object principal, final Action action,
+ final SecNode graphIRI) {
+ return wrapped.evaluate(principal, action, graphIRI);
}
- /**
- * Create an instance.
- * @param evaluator The security evaluator we are caching.
- * @param runAs The principal that we want to use when checking the permissions.
- * @return The proxied SecurityEvaluator.
- */
- public static SecurityEvaluator getInstance(
- final SecurityEvaluator evaluator, final Object runAs )
- {
- final Set<Class<?>> ifac = new LinkedHashSet<Class<?>>();
- if (evaluator.getClass().isInterface())
- {
- ifac.add(evaluator.getClass());
- }
- ifac.addAll(ClassUtils.getAllInterfaces(evaluator.getClass()));
+ @Override
+ public boolean evaluate(final Object principal, final Action action,
+ final SecNode graphIRI, final SecTriple triple) {
+ return wrapped.evaluate(principal, action, graphIRI, triple);
+ }
- return (SecurityEvaluator) Proxy.newProxyInstance(
- SecuredItemImpl.class.getClassLoader(),
- ifac.toArray(new Class<?>[ifac.size()]),
- new CachedSecurityEvaluator(evaluator, runAs));
+ @Override
+ public boolean evaluate(final Object principal, final Set<Action> actions,
+ final SecNode graphIRI) {
+ return wrapped.evaluate(principal, actions, graphIRI);
}
- /**
- *
- * @param wrapped
- * @param runAs
- */
- private CachedSecurityEvaluator( final SecurityEvaluator wrapped,
- final Object runAs )
- {
- origPrincipal = runAs;
- this.wrapped = wrapped;
+ @Override
+ public boolean evaluate(final Object principal, final Set<Action> actions,
+ final SecNode graphIRI, final SecTriple triple) {
+ return wrapped.evaluate(principal, actions, graphIRI, triple);
}
@Override
- public Object invoke( final Object proxy, final Method method,
- final Object[] args ) throws Throwable
- {
- // check for the special case methods
- if (CachedSecurityEvaluator.GET_PRINCIPAL.equals(method))
- {
- return origPrincipal;
- }
+ public boolean evaluateAny(final Object principal,
+ final Set<Action> actions, final SecNode graphIRI) {
+ return wrapped.evaluateAny(principal, actions, graphIRI);
+ }
- // if we get here then the method is not being proxied so call the
- // original method
- // on the base item.
- return method.invoke(wrapped, args);
+ @Override
+ public boolean evaluateAny(final Object principal,
+ final Set<Action> actions, final SecNode graphIRI,
+ final SecTriple triple) {
+ return wrapped.evaluateAny(principal, actions, graphIRI, triple);
+ }
+
+ @Override
+ public boolean evaluateUpdate(final Object principal,
+ final SecNode graphIRI, final SecTriple from, final SecTriple to) {
+ return wrapped.evaluateUpdate(principal, graphIRI, from, to);
+ }
+ @Override
+ public Object getPrincipal() {
+ return origPrincipal;
}
+
}
http://git-wip-us.apache.org/repos/asf/jena/blob/23d1bde2/jena-security/src/main/java/org/apache/jena/security/impl/SecuredItemImpl.java
----------------------------------------------------------------------
diff --git a/jena-security/src/main/java/org/apache/jena/security/impl/SecuredItemImpl.java b/jena-security/src/main/java/org/apache/jena/security/impl/SecuredItemImpl.java
index b095356..dac1036 100644
--- a/jena-security/src/main/java/org/apache/jena/security/impl/SecuredItemImpl.java
+++ b/jena-security/src/main/java/org/apache/jena/security/impl/SecuredItemImpl.java
@@ -334,7 +334,7 @@ public abstract class SecuredItemImpl implements SecuredItem
Boolean retval = cacheGet(key);
if (retval == null)
{
- retval = securityEvaluator.evaluate(Action.Create, modelNode);
+ retval = securityEvaluator.evaluate(securityEvaluator.getPrincipal(),Action.Create, modelNode);
cachePut(key, retval);
}
return retval;
@@ -352,7 +352,7 @@ public abstract class SecuredItemImpl implements SecuredItem
Boolean retval = cacheGet(key);
if (retval == null)
{
- retval = securityEvaluator.evaluate(Action.Create, modelNode, t);
+ retval = securityEvaluator.evaluate(securityEvaluator.getPrincipal(),Action.Create, modelNode, t);
cachePut(key, retval);
}
return retval;
@@ -375,7 +375,7 @@ public abstract class SecuredItemImpl implements SecuredItem
Boolean retval = cacheGet(key);
if (retval == null)
{
- retval = securityEvaluator.evaluate(Action.Delete, modelNode);
+ retval = securityEvaluator.evaluate(securityEvaluator.getPrincipal(),Action.Delete, modelNode);
cachePut(key, retval);
}
return retval;
@@ -393,7 +393,7 @@ public abstract class SecuredItemImpl implements SecuredItem
Boolean retval = cacheGet(key);
if (retval == null)
{
- retval = securityEvaluator.evaluate(Action.Delete, modelNode, t);
+ retval = securityEvaluator.evaluate(securityEvaluator.getPrincipal(),Action.Delete, modelNode, t);
cachePut(key, retval);
}
return retval;
@@ -416,7 +416,7 @@ public abstract class SecuredItemImpl implements SecuredItem
Boolean retval = cacheGet(key);
if (retval == null)
{
- retval = securityEvaluator.evaluate(Action.Read, modelNode);
+ retval = securityEvaluator.evaluate(securityEvaluator.getPrincipal(),Action.Read, modelNode);
cachePut(key, retval);
}
return retval;
@@ -434,7 +434,7 @@ public abstract class SecuredItemImpl implements SecuredItem
Boolean retval = cacheGet(key);
if (retval == null)
{
- retval = securityEvaluator.evaluate(Action.Read, modelNode, t);
+ retval = securityEvaluator.evaluate(securityEvaluator.getPrincipal(),Action.Read, modelNode, t);
cachePut(key, retval);
}
return retval;
@@ -457,7 +457,7 @@ public abstract class SecuredItemImpl implements SecuredItem
Boolean retval = cacheGet(key);
if (retval == null)
{
- retval = securityEvaluator.evaluate(Action.Update, modelNode);
+ retval = securityEvaluator.evaluate(securityEvaluator.getPrincipal(),Action.Update, modelNode);
cachePut(key, retval);
}
return retval;
@@ -477,7 +477,7 @@ public abstract class SecuredItemImpl implements SecuredItem
Boolean retval = cacheGet(key);
if (retval == null)
{
- retval = securityEvaluator.evaluateUpdate(modelNode, from, to);
+ retval = securityEvaluator.evaluateUpdate(securityEvaluator.getPrincipal(),modelNode, from, to);
cachePut(key, retval);
}
return retval;
http://git-wip-us.apache.org/repos/asf/jena/blob/23d1bde2/jena-security/src/main/java/org/apache/jena/security/model/impl/SecuredRDFListImpl.java
----------------------------------------------------------------------
diff --git a/jena-security/src/main/java/org/apache/jena/security/model/impl/SecuredRDFListImpl.java b/jena-security/src/main/java/org/apache/jena/security/model/impl/SecuredRDFListImpl.java
index d0b07c0..4397244 100644
--- a/jena-security/src/main/java/org/apache/jena/security/model/impl/SecuredRDFListImpl.java
+++ b/jena-security/src/main/java/org/apache/jena/security/model/impl/SecuredRDFListImpl.java
@@ -895,7 +895,7 @@ public class SecuredRDFListImpl extends SecuredResourceImpl implements
// have to be able to read and delete to delete all.
final Set<Action> perms = SecurityEvaluator.Util.asSet(new Action[] {
Action.Delete, Action.Read });
- if (getSecurityEvaluator().evaluate(perms, this.getModelNode(),
+ if (getSecurityEvaluator().evaluate(getSecurityEvaluator().getPrincipal(), perms, this.getModelNode(),
SecuredItemImpl.convert(t)))
{
holder.getBaseItem().removeList();
http://git-wip-us.apache.org/repos/asf/jena/blob/23d1bde2/jena-security/src/main/java/org/apache/jena/security/model/impl/SecuredRSIterator.java
----------------------------------------------------------------------
diff --git a/jena-security/src/main/java/org/apache/jena/security/model/impl/SecuredRSIterator.java b/jena-security/src/main/java/org/apache/jena/security/model/impl/SecuredRSIterator.java
index 15d5626..3eae571 100644
--- a/jena-security/src/main/java/org/apache/jena/security/model/impl/SecuredRSIterator.java
+++ b/jena-security/src/main/java/org/apache/jena/security/model/impl/SecuredRSIterator.java
@@ -55,7 +55,7 @@ public class SecuredRSIterator implements RSIterator
@Override
public boolean accept( final ReifiedStatement t )
{
- return evaluator.evaluateAny(actions, modelNode,
+ return evaluator.evaluateAny(evaluator.getPrincipal(), actions, modelNode,
SecuredItemImpl.convert(t.getStatement().asTriple()));
}
http://git-wip-us.apache.org/repos/asf/jena/blob/23d1bde2/jena-security/src/main/java/org/apache/jena/security/query/SecuredQueryEngine.java
----------------------------------------------------------------------
diff --git a/jena-security/src/main/java/org/apache/jena/security/query/SecuredQueryEngine.java b/jena-security/src/main/java/org/apache/jena/security/query/SecuredQueryEngine.java
index 2068f65..b6e5e07 100644
--- a/jena-security/src/main/java/org/apache/jena/security/query/SecuredQueryEngine.java
+++ b/jena-security/src/main/java/org/apache/jena/security/query/SecuredQueryEngine.java
@@ -93,49 +93,49 @@ public class SecuredQueryEngine extends QueryEngineMain
this.securityEvaluator = new SecurityEvaluator() {
@Override
- public boolean evaluate( final Action action,
+ public boolean evaluate( final Object principal, final Action action,
final SecNode graphIRI )
{
return true;
}
@Override
- public boolean evaluate( final Action action,
+ public boolean evaluate( final Object principal, final Action action,
final SecNode graphIRI, final SecTriple triple )
{
return true;
}
@Override
- public boolean evaluate( final Set<Action> action,
+ public boolean evaluate( final Object principal, final Set<Action> action,
final SecNode graphIRI )
{
return true;
}
@Override
- public boolean evaluate( final Set<Action> action,
+ public boolean evaluate( final Object principal, final Set<Action> action,
final SecNode graphIRI, final SecTriple triple )
{
return true;
}
@Override
- public boolean evaluateAny( final Set<Action> action,
+ public boolean evaluateAny( final Object principal, final Set<Action> action,
final SecNode graphIRI )
{
return true;
}
@Override
- public boolean evaluateAny( final Set<Action> action,
+ public boolean evaluateAny( final Object principal, final Set<Action> action,
final SecNode graphIRI, final SecTriple triple )
{
return true;
}
@Override
- public boolean evaluateUpdate( final SecNode graphIRI,
+ public boolean evaluateUpdate( final Object principal, final SecNode graphIRI,
final SecTriple from, final SecTriple to )
{
return true;
http://git-wip-us.apache.org/repos/asf/jena/blob/23d1bde2/jena-security/src/main/java/org/apache/jena/security/query/rewriter/OpRewriter.java
----------------------------------------------------------------------
diff --git a/jena-security/src/main/java/org/apache/jena/security/query/rewriter/OpRewriter.java b/jena-security/src/main/java/org/apache/jena/security/query/rewriter/OpRewriter.java
index 4659d06..263c742 100644
--- a/jena-security/src/main/java/org/apache/jena/security/query/rewriter/OpRewriter.java
+++ b/jena-security/src/main/java/org/apache/jena/security/query/rewriter/OpRewriter.java
@@ -242,7 +242,8 @@ public class OpRewriter implements OpVisitor
@Override
public void visit( final OpBGP opBGP )
{
- if (!securityEvaluator.evaluate(Action.Read, graphIRI))
+ Object principal = securityEvaluator.getPrincipal();
+ if (!securityEvaluator.evaluate(principal, Action.Read, graphIRI))
{
if (silentFail)
{
@@ -255,7 +256,7 @@ public class OpRewriter implements OpVisitor
}
// if the user can read any triple just add the opBGP
- if (securityEvaluator.evaluate(Action.Read, graphIRI, SecTriple.ANY))
+ if (securityEvaluator.evaluate(principal, Action.Read, graphIRI, SecTriple.ANY))
{
addOp(opBGP);
}
http://git-wip-us.apache.org/repos/asf/jena/blob/23d1bde2/jena-security/src/main/java/org/apache/jena/security/query/rewriter/SecuredFunction.java
----------------------------------------------------------------------
diff --git a/jena-security/src/main/java/org/apache/jena/security/query/rewriter/SecuredFunction.java b/jena-security/src/main/java/org/apache/jena/security/query/rewriter/SecuredFunction.java
index 5cd84d0..3675ec8 100644
--- a/jena-security/src/main/java/org/apache/jena/security/query/rewriter/SecuredFunction.java
+++ b/jena-security/src/main/java/org/apache/jena/security/query/rewriter/SecuredFunction.java
@@ -71,10 +71,11 @@ public class SecuredFunction extends ExprFunctionN
private boolean checkAccess( Binding values )
{
+ Object principal = securityEvaluator.getPrincipal();
for (final Triple t : bgp)
{
final SecTriple secT = createSecTriple(t, values);
- if (!securityEvaluator.evaluate(Action.Read, graphIRI, secT))
+ if (!securityEvaluator.evaluate(principal, Action.Read, graphIRI, secT))
{
return false;
}
http://git-wip-us.apache.org/repos/asf/jena/blob/23d1bde2/jena-security/src/main/java/org/apache/jena/security/utils/PermStatementFilter.java
----------------------------------------------------------------------
diff --git a/jena-security/src/main/java/org/apache/jena/security/utils/PermStatementFilter.java b/jena-security/src/main/java/org/apache/jena/security/utils/PermStatementFilter.java
index 8e8bb43..41c163a 100644
--- a/jena-security/src/main/java/org/apache/jena/security/utils/PermStatementFilter.java
+++ b/jena-security/src/main/java/org/apache/jena/security/utils/PermStatementFilter.java
@@ -39,6 +39,7 @@ public class PermStatementFilter extends Filter<Statement>
private final SecurityEvaluator evaluator;
private final SecNode modelNode;
private final Set<Action> actions;
+ private final Object principal;
/**
* Creates a filter that requires that the user have all the permissions
@@ -55,6 +56,7 @@ public class PermStatementFilter extends Filter<Statement>
this.modelNode = securedItem.getModelNode();
this.actions = SecurityEvaluator.Util.asSet(new Action[] { action });
this.evaluator = securedItem.getSecurityEvaluator();
+ this.principal = evaluator.getPrincipal();
}
/**
@@ -74,6 +76,7 @@ public class PermStatementFilter extends Filter<Statement>
this.modelNode = securedItem.getModelNode();
this.actions = SecurityEvaluator.Util.asSet(new Action[] { action });
this.evaluator = evaluator;
+ this.principal = evaluator.getPrincipal();
}
/**
@@ -91,6 +94,7 @@ public class PermStatementFilter extends Filter<Statement>
this.modelNode = securedItem.getModelNode();
this.actions = SecurityEvaluator.Util.asSet(actions);
this.evaluator = securedItem.getSecurityEvaluator();
+ this.principal = evaluator.getPrincipal();
}
/**
@@ -110,6 +114,7 @@ public class PermStatementFilter extends Filter<Statement>
this.modelNode = securedItem.getModelNode();
this.actions = SecurityEvaluator.Util.asSet(actions);
this.evaluator = evaluator;
+ this.principal = evaluator.getPrincipal();
}
/**
@@ -127,6 +132,7 @@ public class PermStatementFilter extends Filter<Statement>
this.modelNode = securedItem.getModelNode();
this.actions = SecurityEvaluator.Util.asSet(actions);
this.evaluator = securedItem.getSecurityEvaluator();
+ this.principal = evaluator.getPrincipal();
}
/**
@@ -146,12 +152,13 @@ public class PermStatementFilter extends Filter<Statement>
this.modelNode = securedItem.getModelNode();
this.actions = SecurityEvaluator.Util.asSet(actions);
this.evaluator = evaluator;
+ this.principal = evaluator.getPrincipal();
}
@Override
public boolean accept( final Statement s )
{
- return evaluator.evaluateAny(actions, modelNode,
+ return evaluator.evaluateAny(principal, actions, modelNode,
SecuredItemImpl.convert(s.asTriple()));
}
http://git-wip-us.apache.org/repos/asf/jena/blob/23d1bde2/jena-security/src/main/java/org/apache/jena/security/utils/PermTripleFilter.java
----------------------------------------------------------------------
diff --git a/jena-security/src/main/java/org/apache/jena/security/utils/PermTripleFilter.java b/jena-security/src/main/java/org/apache/jena/security/utils/PermTripleFilter.java
index f8d2fa6..505d7f8 100644
--- a/jena-security/src/main/java/org/apache/jena/security/utils/PermTripleFilter.java
+++ b/jena-security/src/main/java/org/apache/jena/security/utils/PermTripleFilter.java
@@ -39,6 +39,7 @@ public class PermTripleFilter extends Filter<Triple>
private final SecurityEvaluator evaluator;
private final SecNode modelNode;
private final Set<Action> actions;
+ private final Object principal;
/**
* Creates a filter that requires that the user have all the permissions
@@ -54,6 +55,7 @@ public class PermTripleFilter extends Filter<Triple>
this.modelNode = securedItem.getModelNode();
this.actions = SecurityEvaluator.Util.asSet(new Action[] { action });
this.evaluator = securedItem.getSecurityEvaluator();
+ this.principal = evaluator.getPrincipal();
}
/**
@@ -73,6 +75,7 @@ public class PermTripleFilter extends Filter<Triple>
this.modelNode = securedItem.getModelNode();
this.actions = SecurityEvaluator.Util.asSet(new Action[] { action });
this.evaluator = evaluator;
+ this.principal = evaluator.getPrincipal();
}
/**
@@ -90,6 +93,7 @@ public class PermTripleFilter extends Filter<Triple>
this.modelNode = securedItem.getModelNode();
this.actions = SecurityEvaluator.Util.asSet(actions);
this.evaluator = securedItem.getSecurityEvaluator();
+ this.principal = evaluator.getPrincipal();
}
/**
@@ -109,6 +113,7 @@ public class PermTripleFilter extends Filter<Triple>
this.modelNode = securedItem.getModelNode();
this.actions = SecurityEvaluator.Util.asSet(actions);
this.evaluator = evaluator;
+ this.principal = evaluator.getPrincipal();
}
/**
@@ -126,6 +131,7 @@ public class PermTripleFilter extends Filter<Triple>
this.modelNode = securedItem.getModelNode();
this.actions = SecurityEvaluator.Util.asSet(actions);
this.evaluator = securedItem.getSecurityEvaluator();
+ this.principal = evaluator.getPrincipal();
}
/**
@@ -145,12 +151,13 @@ public class PermTripleFilter extends Filter<Triple>
this.modelNode = securedItem.getModelNode();
this.actions = SecurityEvaluator.Util.asSet(actions);
this.evaluator = evaluator;
+ this.principal = evaluator.getPrincipal();
}
@Override
public boolean accept( final Triple t )
{
- return evaluator.evaluateAny(actions, modelNode,
+ return evaluator.evaluateAny(principal, actions, modelNode,
SecuredItemImpl.convert(t));
}
http://git-wip-us.apache.org/repos/asf/jena/blob/23d1bde2/jena-security/src/main/java/org/apache/jena/security/utils/RDFListSecFilter.java
----------------------------------------------------------------------
diff --git a/jena-security/src/main/java/org/apache/jena/security/utils/RDFListSecFilter.java b/jena-security/src/main/java/org/apache/jena/security/utils/RDFListSecFilter.java
index bfe6a98..286be4a 100644
--- a/jena-security/src/main/java/org/apache/jena/security/utils/RDFListSecFilter.java
+++ b/jena-security/src/main/java/org/apache/jena/security/utils/RDFListSecFilter.java
@@ -31,9 +31,9 @@ import org.apache.jena.security.impl.SecuredItemImpl;
public class RDFListSecFilter<T extends RDFList> extends Filter<T>
{
-
- private SecuredItem securedItem;
- private Set<Action> perms;
+ private final SecuredItem securedItem;
+ private final Set<Action> perms;
+ private final Object principal;
public RDFListSecFilter( final SecuredItem securedItem, final Action perm )
{
@@ -45,13 +45,14 @@ public class RDFListSecFilter<T extends RDFList> extends Filter<T>
{
this.securedItem = securedItem;
this.perms = perms;
+ this.principal = securedItem.getSecurityEvaluator().getPrincipal();
}
@Override
public boolean accept( final RDFList o )
{
final Statement s = o.getRequiredProperty(RDF.first);
- return securedItem.getSecurityEvaluator().evaluate(perms,
+ return securedItem.getSecurityEvaluator().evaluate(principal, perms,
securedItem.getModelNode(),
SecuredItemImpl.convert(s.asTriple()));
}
http://git-wip-us.apache.org/repos/asf/jena/blob/23d1bde2/jena-security/src/test/java/org/apache/jena/security/MockSecurityEvaluator.java
----------------------------------------------------------------------
diff --git a/jena-security/src/test/java/org/apache/jena/security/MockSecurityEvaluator.java b/jena-security/src/test/java/org/apache/jena/security/MockSecurityEvaluator.java
index c00602e..0981664 100644
--- a/jena-security/src/test/java/org/apache/jena/security/MockSecurityEvaluator.java
+++ b/jena-security/src/test/java/org/apache/jena/security/MockSecurityEvaluator.java
@@ -87,13 +87,13 @@ public class MockSecurityEvaluator implements SecurityEvaluator
}
@Override
- public boolean evaluate( final Action action, final SecNode uri )
+ public boolean evaluate( final Object principal, final Action action, final SecNode uri )
{
return evaluate(action);
}
@Override
- public boolean evaluate( final Action action, final SecNode graphIRI,
+ public boolean evaluate( final Object principal, final Action action, final SecNode graphIRI,
final SecTriple triple )
{
if (forceTripleChecks)
@@ -141,13 +141,13 @@ public class MockSecurityEvaluator implements SecurityEvaluator
}
@Override
- public boolean evaluate( final Set<Action> action, final SecNode uri )
+ public boolean evaluate( final Object principal, final Set<Action> action, final SecNode uri )
{
return evaluate(action);
}
@Override
- public boolean evaluate( final Set<Action> action, final SecNode graphIRI,
+ public boolean evaluate( final Object principal, final Set<Action> action, final SecNode graphIRI,
final SecTriple triple )
{
for (final Action a : action)
@@ -161,7 +161,7 @@ public class MockSecurityEvaluator implements SecurityEvaluator
}
@Override
- public boolean evaluateAny( final Set<Action> action, final SecNode graphIRI )
+ public boolean evaluateAny( final Object principal, final Set<Action> action, final SecNode graphIRI )
{
for (final Action a : action)
{
@@ -174,14 +174,14 @@ public class MockSecurityEvaluator implements SecurityEvaluator
}
@Override
- public boolean evaluateAny( final Set<Action> action,
+ public boolean evaluateAny( final Object principal, final Set<Action> action,
final SecNode graphIRI, final SecTriple triple )
{
- return evaluateAny(action, graphIRI);
+ return evaluateAny( principal, action, graphIRI);
}
@Override
- public boolean evaluateUpdate( final SecNode graphIRI,
+ public boolean evaluateUpdate( final Object principal, final SecNode graphIRI,
final SecTriple from, final SecTriple to )
{
return evaluate(Action.Update);