You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@jena.apache.org by an...@apache.org on 2018/08/31 12:05:16 UTC
[26/27] jena git commit: JENA-1594: Interface AuthorizationService;
SecurityRegsitry is an impl
JENA-1594: Interface AuthorizationService; SecurityRegsitry is an impl
Project: http://git-wip-us.apache.org/repos/asf/jena/repo
Commit: http://git-wip-us.apache.org/repos/asf/jena/commit/3b01252f
Tree: http://git-wip-us.apache.org/repos/asf/jena/tree/3b01252f
Diff: http://git-wip-us.apache.org/repos/asf/jena/diff/3b01252f
Branch: refs/heads/master
Commit: 3b01252f9d767af3e3b119d3b34f3699a9017fdc
Parents: 20eb07c
Author: Andy Seaborne <an...@apache.org>
Authored: Tue Aug 28 16:17:03 2018 +0100
Committer: Andy Seaborne <an...@apache.org>
Committed: Tue Aug 28 16:17:03 2018 +0100
----------------------------------------------------------------------
.../sparql/core/DatasetGraphFilteredView.java | 2 +-
.../fuseki/access/AssemblerAccessDataset.java | 2 +-
.../access/AssemblerSecurityRegistry.java | 2 +-
.../fuseki/access/AuthorizationService.java | 30 ++++++++++++++++++++
.../jena/fuseki/access/DataAccessCtl.java | 22 +++++++-------
.../jena/fuseki/access/DataAccessLib.java | 21 ++++++++++----
.../access/DatasetGraphAccessControl.java | 10 +++----
.../jena/fuseki/access/SecurityRegistry.java | 15 ++--------
.../fuseki/access/TS_SecurityFiltering.java | 10 +++----
.../access/TestSecurityAssemblerBuild.java | 2 +-
.../java/org/apache/jena/fuseki/Fuseki.java | 2 +-
11 files changed, 74 insertions(+), 44 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/jena/blob/3b01252f/jena-arq/src/main/java/org/apache/jena/sparql/core/DatasetGraphFilteredView.java
----------------------------------------------------------------------
diff --git a/jena-arq/src/main/java/org/apache/jena/sparql/core/DatasetGraphFilteredView.java b/jena-arq/src/main/java/org/apache/jena/sparql/core/DatasetGraphFilteredView.java
index 4c49bd1..be2cc38 100644
--- a/jena-arq/src/main/java/org/apache/jena/sparql/core/DatasetGraphFilteredView.java
+++ b/jena-arq/src/main/java/org/apache/jena/sparql/core/DatasetGraphFilteredView.java
@@ -70,7 +70,7 @@ public class DatasetGraphFilteredView extends DatasetGraphReadOnly implements Da
super(dsg);
this.quadFilter = filter;
if ( visibleGraphs.contains(Quad.defaultGraphIRI) || visibleGraphs.contains(Quad.defaultGraphNodeGenerated) ) {
- Log.warn(DatasetGraphFilteredView.class, "default graph Node in visibleGraphs colelction - fix up applied");
+ Log.warn(DatasetGraphFilteredView.class, "default graph Node in visibleGraphs collection - fix up applied");
visibleGraphs = new HashSet<>(visibleGraphs);
visibleGraphs.remove(Quad.defaultGraphIRI);
visibleGraphs.remove(Quad.defaultGraphNodeGenerated);
http://git-wip-us.apache.org/repos/asf/jena/blob/3b01252f/jena-fuseki2/jena-fuseki-access/src/main/java/org/apache/jena/fuseki/access/AssemblerAccessDataset.java
----------------------------------------------------------------------
diff --git a/jena-fuseki2/jena-fuseki-access/src/main/java/org/apache/jena/fuseki/access/AssemblerAccessDataset.java b/jena-fuseki2/jena-fuseki-access/src/main/java/org/apache/jena/fuseki/access/AssemblerAccessDataset.java
index 75cb155..71a89db 100644
--- a/jena-fuseki2/jena-fuseki-access/src/main/java/org/apache/jena/fuseki/access/AssemblerAccessDataset.java
+++ b/jena-fuseki2/jena-fuseki-access/src/main/java/org/apache/jena/fuseki/access/AssemblerAccessDataset.java
@@ -47,7 +47,7 @@ public class AssemblerAccessDataset extends AssemblerBase {
RDFNode rnRegistry = root.getProperty(VocabSecurity.pSecurityRegistry).getObject();
RDFNode rnDataset = root.getProperty(VocabSecurity.pDataset).getObject();
- SecurityRegistry sr = (SecurityRegistry)a.open(rnRegistry.asResource()) ;
+ AuthorizationService sr = (AuthorizationService)a.open(rnRegistry.asResource()) ;
Dataset ds = (Dataset)a.open(rnDataset.asResource()) ;
DatasetGraph dsg = new DatasetGraphAccessControl(ds.asDatasetGraph(), sr);
http://git-wip-us.apache.org/repos/asf/jena/blob/3b01252f/jena-fuseki2/jena-fuseki-access/src/main/java/org/apache/jena/fuseki/access/AssemblerSecurityRegistry.java
----------------------------------------------------------------------
diff --git a/jena-fuseki2/jena-fuseki-access/src/main/java/org/apache/jena/fuseki/access/AssemblerSecurityRegistry.java b/jena-fuseki2/jena-fuseki-access/src/main/java/org/apache/jena/fuseki/access/AssemblerSecurityRegistry.java
index dc66768..00c27b9 100644
--- a/jena-fuseki2/jena-fuseki-access/src/main/java/org/apache/jena/fuseki/access/AssemblerSecurityRegistry.java
+++ b/jena-fuseki2/jena-fuseki-access/src/main/java/org/apache/jena/fuseki/access/AssemblerSecurityRegistry.java
@@ -52,7 +52,7 @@ public class AssemblerSecurityRegistry extends AssemblerBase {
*/
@Override
- public SecurityRegistry open(Assembler a, Resource root, Mode mode) {
+ public AuthorizationService open(Assembler a, Resource root, Mode mode) {
SecurityRegistry registry = new SecurityRegistry();
// Java walking gives better error messages.
StmtIterator sIter = root.listProperties(VocabSecurity.pEntry);
http://git-wip-us.apache.org/repos/asf/jena/blob/3b01252f/jena-fuseki2/jena-fuseki-access/src/main/java/org/apache/jena/fuseki/access/AuthorizationService.java
----------------------------------------------------------------------
diff --git a/jena-fuseki2/jena-fuseki-access/src/main/java/org/apache/jena/fuseki/access/AuthorizationService.java b/jena-fuseki2/jena-fuseki-access/src/main/java/org/apache/jena/fuseki/access/AuthorizationService.java
new file mode 100644
index 0000000..dd8e7c6
--- /dev/null
+++ b/jena-fuseki2/jena-fuseki-access/src/main/java/org/apache/jena/fuseki/access/AuthorizationService.java
@@ -0,0 +1,30 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.jena.fuseki.access;
+
+import java.util.concurrent.ConcurrentHashMap;
+
+/**
+ * A {@link AuthorizationService} implemented with a {@link ConcurrentHashMap}.
+ */
+public interface AuthorizationService {
+
+ /** Return the security context for a geiven actor (user) */
+ public SecurityContext get(String actor);
+}
http://git-wip-us.apache.org/repos/asf/jena/blob/3b01252f/jena-fuseki2/jena-fuseki-access/src/main/java/org/apache/jena/fuseki/access/DataAccessCtl.java
----------------------------------------------------------------------
diff --git a/jena-fuseki2/jena-fuseki-access/src/main/java/org/apache/jena/fuseki/access/DataAccessCtl.java b/jena-fuseki2/jena-fuseki-access/src/main/java/org/apache/jena/fuseki/access/DataAccessCtl.java
index f1bf7d3..f1399f2 100644
--- a/jena-fuseki2/jena-fuseki-access/src/main/java/org/apache/jena/fuseki/access/DataAccessCtl.java
+++ b/jena-fuseki2/jena-fuseki-access/src/main/java/org/apache/jena/fuseki/access/DataAccessCtl.java
@@ -38,7 +38,7 @@ import org.apache.jena.sparql.util.Symbol;
import org.apache.jena.sys.JenaSystem;
import org.eclipse.jetty.security.SecurityHandler;
-/** A library of operations related to data acess sexurity for Fuseki */
+/** A library of operations related to data access security for Fuseki */
public class DataAccessCtl {
static { JenaSystem.init(); }
@@ -46,14 +46,14 @@ public class DataAccessCtl {
* Flag for whether this is data access controlled or not - boolean false or undef for "not
* controlled". This is an alternative to {@link DatasetGraphAccessControl}.
*/
- public static final Symbol symControlledAccess = Symbol.create(VocabSecurity.getURI() + "controlled");
+ public static final Symbol symControlledAccess = Symbol.create(VocabSecurity.getURI() + "controlled");
/**
- * Symbol for the {@link SecurityRegistry}. Must be present if
+ * Symbol for the {@link AuthorizationService}. Must be present if
* {@link #symControlledAccess} indicates data access control.
* This is an alternative to {@link DatasetGraphAccessControl}.
*/
- public static final Symbol symSecurityRegistry = Symbol.create(VocabSecurity.getURI() + "registry");
+ public static final Symbol symAuthorizationService = Symbol.create(VocabSecurity.getURI() + "authService");
/** Get the user from the servlet context via {@link HttpServletRequest#getRemoteUser} */
public static final Function<HttpAction, String> requestUserServlet = (action)->action.request.getRemoteUser();
@@ -68,16 +68,16 @@ public class DataAccessCtl {
* Add data access control information on a {@link DatasetGraph}. This modifies the
* {@link DatasetGraph}'s {@link Context}.
*/
- private static void addSecurityRegistry(DatasetGraph dsg, SecurityRegistry reg) {
+ private static void addAuthorizatonService(DatasetGraph dsg, AuthorizationService authService) {
dsg.getContext().set(symControlledAccess, true);
- dsg.getContext().set(symSecurityRegistry, reg);
+ dsg.getContext().set(symAuthorizationService, authService);
}
/**
* Return a {@link DatasetGraph} with added data access control.
* Use of the original {@code DatasetGraph} is not controlled.
*/
- public static Dataset controlledDataset(Dataset dsBase, SecurityRegistry reg) {
+ public static Dataset controlledDataset(Dataset dsBase, AuthorizationService reg) {
DatasetGraph dsg = controlledDataset(dsBase.asDatasetGraph(), reg);
return DatasetFactory.wrap(dsg);
}
@@ -86,12 +86,12 @@ public class DataAccessCtl {
* Return a {@link DatasetGraph} with added data access control. Use of the original
* {@code DatasetGraph} is not controlled.
*/
- public static DatasetGraph controlledDataset(DatasetGraph dsgBase, SecurityRegistry reg) {
+ public static DatasetGraph controlledDataset(DatasetGraph dsgBase, AuthorizationService reg) {
if ( dsgBase instanceof DatasetGraphAccessControl ) {
DatasetGraphAccessControl dsgx = (DatasetGraphAccessControl)dsgBase;
- if ( reg == dsgx.getRegistry() )
+ if ( reg == dsgx.getAuthService() )
return dsgx;
- throw new IllegalArgumentException("DatasetGraph is alerady wrapped on a DatasetGraphAccessControl with a different SecurityRegistry");
+ throw new IllegalArgumentException("DatasetGraph is alerady wrapped on a DatasetGraphAccessControl with a different AuthorizationService");
}
DatasetGraphAccessControl dsg1 = new DatasetGraphAccessControl(dsgBase, reg);
@@ -149,7 +149,7 @@ public class DataAccessCtl {
return true;
if ( dsg.getContext().isDefined(DataAccessCtl.symControlledAccess) )
return true;
- if ( dsg.getContext().isDefined(DataAccessCtl.symSecurityRegistry) )
+ if ( dsg.getContext().isDefined(DataAccessCtl.symAuthorizationService) )
return true;
return false;
}
http://git-wip-us.apache.org/repos/asf/jena/blob/3b01252f/jena-fuseki2/jena-fuseki-access/src/main/java/org/apache/jena/fuseki/access/DataAccessLib.java
----------------------------------------------------------------------
diff --git a/jena-fuseki2/jena-fuseki-access/src/main/java/org/apache/jena/fuseki/access/DataAccessLib.java b/jena-fuseki2/jena-fuseki-access/src/main/java/org/apache/jena/fuseki/access/DataAccessLib.java
index c9b98bf..9b99f27 100644
--- a/jena-fuseki2/jena-fuseki-access/src/main/java/org/apache/jena/fuseki/access/DataAccessLib.java
+++ b/jena-fuseki2/jena-fuseki-access/src/main/java/org/apache/jena/fuseki/access/DataAccessLib.java
@@ -20,6 +20,9 @@ package org.apache.jena.fuseki.access;
import java.util.function.Function;
+import javax.servlet.ServletContext;
+
+import org.apache.jena.fuseki.Fuseki;
import org.apache.jena.fuseki.servlets.HttpAction;
import org.apache.jena.fuseki.servlets.ServletOps;
import org.apache.jena.sparql.core.DatasetGraph;
@@ -29,7 +32,7 @@ class DataAccessLib {
/** Determine the {@link SecurityContext} for this request */
static SecurityContext getSecurityContext(HttpAction action, DatasetGraph dataset, Function<HttpAction, String> requestUser) {
- SecurityRegistry registry = getSecurityRegistry(action, dataset);
+ AuthorizationService registry = getAuthorizationService(action, dataset);
if ( registry == null )
ServletOps.errorOccurred("Internal Server Error");
@@ -41,11 +44,11 @@ class DataAccessLib {
return sCxt;
}
- /** Get the {@link SecurityRegistry} for an action/query/dataset */
- static SecurityRegistry getSecurityRegistry(HttpAction action, DatasetGraph dsg) {
+ /** Get the {@link AuthorizationService} for an action/query/dataset */
+ static AuthorizationService getAuthorizationService(HttpAction action, DatasetGraph dsg) {
if ( dsg instanceof DatasetGraphAccessControl )
- return ((DatasetGraphAccessControl)dsg).getRegistry();
- return dsg.getContext().get(DataAccessCtl.symSecurityRegistry);
+ return ((DatasetGraphAccessControl)dsg).getAuthService();
+ return dsg.getContext().get(DataAccessCtl.symAuthorizationService);
}
static SecurityContext noSecurityPolicy() {
@@ -66,5 +69,13 @@ class DataAccessLib {
dsg = DataAccessCtl.filteredDataset(dsg, sCxt);
return dsg;
}
+
+ static void set(ServletContext cxt, AuthorizationService authorizationService) {
+ cxt.setAttribute(Fuseki.attrAuthorizationService, authorizationService);
+ }
+
+ static AuthorizationService get(ServletContext cxt) {
+ return (AuthorizationService)cxt.getAttribute(Fuseki.attrAuthorizationService);
+ }
}
http://git-wip-us.apache.org/repos/asf/jena/blob/3b01252f/jena-fuseki2/jena-fuseki-access/src/main/java/org/apache/jena/fuseki/access/DatasetGraphAccessControl.java
----------------------------------------------------------------------
diff --git a/jena-fuseki2/jena-fuseki-access/src/main/java/org/apache/jena/fuseki/access/DatasetGraphAccessControl.java b/jena-fuseki2/jena-fuseki-access/src/main/java/org/apache/jena/fuseki/access/DatasetGraphAccessControl.java
index f58bdcd..a518f75 100644
--- a/jena-fuseki2/jena-fuseki-access/src/main/java/org/apache/jena/fuseki/access/DatasetGraphAccessControl.java
+++ b/jena-fuseki2/jena-fuseki-access/src/main/java/org/apache/jena/fuseki/access/DatasetGraphAccessControl.java
@@ -23,17 +23,17 @@ import java.util.Objects;
import org.apache.jena.sparql.core.DatasetGraph;
import org.apache.jena.sparql.core.DatasetGraphWrapper;
-/** DatasetGraph layer that carries a SecurityRegistry. */
+/** DatasetGraph layer that carries an {@link AuthorizationService}. */
class DatasetGraphAccessControl extends DatasetGraphWrapper {
- private SecurityRegistry registry = null;
+ private AuthorizationService registry = null;
- public DatasetGraphAccessControl(DatasetGraph dsg, SecurityRegistry registry) {
+ public DatasetGraphAccessControl(DatasetGraph dsg, AuthorizationService authService) {
super(Objects.requireNonNull(dsg));
- this.registry = Objects.requireNonNull(registry);
+ this.registry = Objects.requireNonNull(authService);
}
- public SecurityRegistry getRegistry() {
+ public AuthorizationService getAuthService() {
return registry;
}
http://git-wip-us.apache.org/repos/asf/jena/blob/3b01252f/jena-fuseki2/jena-fuseki-access/src/main/java/org/apache/jena/fuseki/access/SecurityRegistry.java
----------------------------------------------------------------------
diff --git a/jena-fuseki2/jena-fuseki-access/src/main/java/org/apache/jena/fuseki/access/SecurityRegistry.java b/jena-fuseki2/jena-fuseki-access/src/main/java/org/apache/jena/fuseki/access/SecurityRegistry.java
index 10b9a08..7629cd2 100644
--- a/jena-fuseki2/jena-fuseki-access/src/main/java/org/apache/jena/fuseki/access/SecurityRegistry.java
+++ b/jena-fuseki2/jena-fuseki-access/src/main/java/org/apache/jena/fuseki/access/SecurityRegistry.java
@@ -20,26 +20,15 @@ package org.apache.jena.fuseki.access;
import java.util.StringJoiner;
-import javax.servlet.ServletContext;
-
import org.apache.jena.atlas.lib.Registry;
-import org.apache.jena.fuseki.Fuseki;
/**
- * A {@link SecurityRegistry} is mapping from a string (typically a user name or role
+ * Am {@link AuthorizationService} implements as a mapping from a string (typically a user name or role
* name) to a {@link SecurityContext}, where the {@link SecurityContext}
* is the access control operations for the user/role.
*/
-public class SecurityRegistry extends Registry<String, SecurityContext>{
-
- public static SecurityRegistry get(ServletContext cxt) {
- return (SecurityRegistry)cxt.getAttribute(Fuseki.attrSecurityRegistry);
- }
+public class SecurityRegistry extends Registry<String, SecurityContext> implements AuthorizationService {
- public static void set(ServletContext cxt, SecurityRegistry securityRegistry) {
- cxt.setAttribute(Fuseki.attrSecurityRegistry, securityRegistry);
- }
-
public SecurityRegistry() {}
@Override
http://git-wip-us.apache.org/repos/asf/jena/blob/3b01252f/jena-fuseki2/jena-fuseki-access/src/test/java/org/apache/jena/fuseki/access/TS_SecurityFiltering.java
----------------------------------------------------------------------
diff --git a/jena-fuseki2/jena-fuseki-access/src/test/java/org/apache/jena/fuseki/access/TS_SecurityFiltering.java b/jena-fuseki2/jena-fuseki-access/src/test/java/org/apache/jena/fuseki/access/TS_SecurityFiltering.java
index 981a205..715054d 100644
--- a/jena-fuseki2/jena-fuseki-access/src/test/java/org/apache/jena/fuseki/access/TS_SecurityFiltering.java
+++ b/jena-fuseki2/jena-fuseki-access/src/test/java/org/apache/jena/fuseki/access/TS_SecurityFiltering.java
@@ -35,10 +35,10 @@ import org.junit.runners.Suite;
public class TS_SecurityFiltering {
@BeforeClass public static void setupForFusekiServer() {
- LogCtl.setLevel(Fuseki.serverLogName, "WARN");
- LogCtl.setLevel(Fuseki.actionLogName, "WARN");
- LogCtl.setLevel(Fuseki.requestLogName, "WARN");
- LogCtl.setLevel(Fuseki.adminLogName, "WARN");
- LogCtl.setLevel("org.eclipse.jetty", "WARN");
+ LogCtl.setLevel(Fuseki.serverLogName, "WARN");
+ LogCtl.setLevel(Fuseki.actionLogName, "WARN");
+ LogCtl.setLevel(Fuseki.requestLogName, "WARN");
+ LogCtl.setLevel(Fuseki.adminLogName, "WARN");
+ LogCtl.setLevel("org.eclipse.jetty", "WARN");
}
}
http://git-wip-us.apache.org/repos/asf/jena/blob/3b01252f/jena-fuseki2/jena-fuseki-access/src/test/java/org/apache/jena/fuseki/access/TestSecurityAssemblerBuild.java
----------------------------------------------------------------------
diff --git a/jena-fuseki2/jena-fuseki-access/src/test/java/org/apache/jena/fuseki/access/TestSecurityAssemblerBuild.java b/jena-fuseki2/jena-fuseki-access/src/test/java/org/apache/jena/fuseki/access/TestSecurityAssemblerBuild.java
index 14610b1..54cab0d 100644
--- a/jena-fuseki2/jena-fuseki-access/src/test/java/org/apache/jena/fuseki/access/TestSecurityAssemblerBuild.java
+++ b/jena-fuseki2/jena-fuseki-access/src/test/java/org/apache/jena/fuseki/access/TestSecurityAssemblerBuild.java
@@ -40,7 +40,7 @@ public class TestSecurityAssemblerBuild {
private void assemblerFile(String assemblerFile) {
Dataset ds = (Dataset)AssemblerUtils.build(assemblerFile, VocabSecurity.tAccessControlledDataset);
DatasetGraphAccessControl dsg = (DatasetGraphAccessControl)ds.asDatasetGraph();
- SecurityRegistry securityRegistry = dsg.getRegistry();
+ AuthorizationService securityRegistry = dsg.getAuthService();
assertNotNull(securityRegistry);
}
}
http://git-wip-us.apache.org/repos/asf/jena/blob/3b01252f/jena-fuseki2/jena-fuseki-core/src/main/java/org/apache/jena/fuseki/Fuseki.java
----------------------------------------------------------------------
diff --git a/jena-fuseki2/jena-fuseki-core/src/main/java/org/apache/jena/fuseki/Fuseki.java b/jena-fuseki2/jena-fuseki-core/src/main/java/org/apache/jena/fuseki/Fuseki.java
index ec1126a..4e5f1ac 100644
--- a/jena-fuseki2/jena-fuseki-core/src/main/java/org/apache/jena/fuseki/Fuseki.java
+++ b/jena-fuseki2/jena-fuseki-core/src/main/java/org/apache/jena/fuseki/Fuseki.java
@@ -189,7 +189,7 @@ public class Fuseki {
public static final String attrVerbose = "org.apache.jena.fuseki:verbose";
public static final String attrNameRegistry = "org.apache.jena.fuseki:DataAccessPointRegistry";
public static final String attrServiceRegistry = "org.apache.jena.fuseki:ServiceDispatchRegistry";
- public static final String attrSecurityRegistry = "org.apache.jena.fuseki:SecurityRegistry";
+ public static final String attrAuthorizationService = "org.apache.jena.fuseki:AuthorizationService";
public static void setVerbose(ServletContext cxt, boolean verbose) {
cxt.setAttribute(attrVerbose, Boolean.valueOf(verbose));