You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@jena.apache.org by bu...@apache.org on 2013/09/04 21:27:19 UTC
svn commit: r877291 - in /websites/staging/jena/trunk/content: ./
documentation/security/ documentation/security/assembler.html
documentation/security/evaluator.html documentation/security/index.html
Author: buildbot
Date: Wed Sep 4 19:27:19 2013
New Revision: 877291
Log:
Staging update by buildbot for jena
Added:
websites/staging/jena/trunk/content/documentation/security/
websites/staging/jena/trunk/content/documentation/security/assembler.html
websites/staging/jena/trunk/content/documentation/security/evaluator.html
websites/staging/jena/trunk/content/documentation/security/index.html
Modified:
websites/staging/jena/trunk/content/ (props changed)
Propchange: websites/staging/jena/trunk/content/
------------------------------------------------------------------------------
--- cms:source-revision (original)
+++ cms:source-revision Wed Sep 4 19:27:19 2013
@@ -1 +1 @@
-1519914
+1520114
Added: websites/staging/jena/trunk/content/documentation/security/assembler.html
==============================================================================
--- websites/staging/jena/trunk/content/documentation/security/assembler.html (added)
+++ websites/staging/jena/trunk/content/documentation/security/assembler.html Wed Sep 4 19:27:19 2013
@@ -0,0 +1,170 @@
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
+<html>
+<head>
+<!--
+
+ Licensed to the Apache Software Foundation (ASF) under one or more
+ contributor license agreements. See the NOTICE file distributed with
+ this work for additional information regarding copyright ownership.
+ The ASF licenses this file to You under the Apache License, Version 2.0
+ (the "License"); you may not use this file except in compliance with
+ the License. You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE- 2.0
+
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+-->
+
+ <title>Apache Jena - Jena Security - Assembler For a Secured Model</title>
+ <meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
+ <meta name="viewport" content="width=device-width, initial-scale=1.0">
+
+ <link href="/css/bootstrap.min.css" rel="stylesheet" media="screen">
+ <link href="/css/bootstrap-extension.css" rel="stylesheet" type="text/css">
+ <link rel="shortcut icon" href="/images/favicon.ico" />
+
+ <script src="http://code.jquery.com/jquery-2.0.3.min.js"></script>
+ <script src="/js/jena-navigation.js" type="text/javascript"></script>
+ <script src="/js/bootstrap.min.js" type="text/javascript"></script>
+ <script src="/js/breadcrumbs.js" type="text/javascript"></script>
+
+ <!-- Uncomment to enable code coloring <link href="/css/codehilite.css" rel="stylesheet" type="text/css"> -->
+
+</head>
+
+<body>
+
+
+
+<nav class="navbar navbar-default" role="navigation">
+<div class="container">
+ <div class="navbar-header">
+
+ <button type="button" class="navbar-toggle" data-toggle="collapse" data-target=".navbar-ex1-collapse">
+ <span class="icon-bar"></span>
+ <span class="icon-bar"></span>
+ <span class="icon-bar"></span>
+ </button>
+ <a class="navbar-brand" href="/index.html">
+ <img class="logo-menu" src="/images/jena-logo/jena-logo-notext-small.png" alt="jena logo">Apache Jena</a>
+ </div>
+
+
+
+ <div class="collapse navbar-collapse navbar-ex1-collapse">
+ <ul class="nav navbar-nav">
+
+
+
+ <li id="homepage"><a href="/index.html"><span class="glyphicon glyphicon-home"></span> Home</a></li>
+ <li id="download"><a href="/download/index.html"><span class="glyphicon glyphicon-download-alt"></span> Download</a></li>
+ <li class="dropdown">
+ <a href="#" class="dropdown-toggle" data-toggle="dropdown"><span class="glyphicon glyphicon-book"></span> Learn <b class="caret"></b></a>
+ <ul class="dropdown-menu">
+ <li class="dropdown-header">Tutorials</li>
+ <li><a href="/tutorials/index.html">Overview</a></li>
+ <li><a href="/tutorials/rdf_api.html">RDF core API tutorial</a></li>
+ <li><a href="/tutorials/sparql.html">SPARQL tutorial</a></li>
+ <li><a href="/documentation/query/manipulating_sparql_using_arq.html">Manipulating SPARQL using ARQ</a></li>
+ <li><a href="/tutorials/using_jena_with_eclipse.html">Using Jena with Eclipse</a></li>
+ <li><a href="/documentation/notes/index.html">How-To's</a></li>
+ <li class="divider"></li>
+ <li class="dropdown-header">References</li>
+ <li><a href="/documentation/index.html">Overview</a></li>
+ <li><a href="/documentation/javadoc/">Javadoc</a></li>
+ <li><a href="/documentation/rdf/index.html">RDF API</a></li>
+ <li><a href="/documentation/io/">RDF I/O</a></li>
+ <li><a href="/documentation/query/index.html">ARQ (SPARQL)</a></li>
+ <li><a href="/documentation/query/text-query.html">Text Search</a></li>
+ <li><a href="/documentation/tdb/index.html">TDB</a></li>
+ <li><a href="/documentation/sdb/index.html">SDB</a></li>
+ <li><a href="/documentation/jdbc/index.html">SPARQL over JDBC</a></li>
+ <li><a href="/documentation/serving_data/index.html">Fuseki</a></li>
+ <li><a href="/documentation/assembler/index.html">Assembler</a></li>
+ <li><a href="/documentation/ontology/">Ontology API</a></li>
+ <li><a href="/documentation/inference/index.html">Inference API</a></li>
+ <li><a href="/documentation/tools/index.html">Command-line tools</a></li>
+ </ul>
+ </li>
+ <li id="ask"><a href="/help_and_support/index.html"><span class="glyphicon glyphicon-question-sign"></span> Ask</a></li>
+
+ <li class="dropdown">
+ <a href="#" class="dropdown-toggle" data-toggle="dropdown"><span class="glyphicon glyphicon-bullhorn"></span> Get involved <b class="caret"></b></a>
+ <ul class="dropdown-menu">
+ <li><a href="/getting_involved/index.html">Contribute</a></li>
+ <li><a href="/help_and_support/bugs_and_suggestions.html">Report a bug</a></li>
+ <li class="divider"></li>
+ <li class="dropdown-header">Project</li>
+ <li><a href="/about_jena/about.html">About Jena</a></li>
+ <li><a href="/about_jena/roadmap.html">Roadmap</a></li>
+ <li><a href="/about_jena/architecture.html">Architecture</a></li>
+ <li><a href="/about_jena/team.html">Project team</a></li>
+ <li><a href="/about_jena/contributions.html">Related projects</a></li>
+ <li class="divider"></li>
+ <li class="dropdown-header">ASF</li>
+ <li><a href="http://www.apache.org/">Apache Software Foundation</a></li>
+ <li><a href="http://www.apache.org/licenses/LICENSE-2.0">License</a></li>
+ <li><a href="http://www.apache.org/foundation/thanks.html">Thanks</a></li>
+ <li><a href="http://www.apache.org/foundation/sponsorship.html">Become a Sponsor</a></li>
+ <li><a href="http://www.apache.org/security/">Security</a></li>
+ </ul>
+ </li>
+
+
+ </ul>
+ </div>
+</div>
+</nav>
+
+
+<div class="container">
+ <div class="row">
+ <div class="col-md-12">
+ <div id="breadcrumbs"></div>
+ <h1 class="title">Jena Security - Assembler For a Secured Model</h1>
+ <p>Jena Security provides a standard Jena assembler making it easy to use the SecuredModel in an Assembler based
+environment. To use the security assembler the assembler file must contain the lines:</p>
+<div class="codehilite"><pre><span class="o"><></span><span class="p">;</span> <span class="n">ja</span><span class="p">:</span><span class="n">loadClass</span> "<span class="n">org</span><span class="p">.</span><span class="n">apache</span><span class="p">.</span><span class="n">jena</span><span class="p">.</span><span class="n">security</span><span class="p">.</span><span class="n">SecuredAssembler</span>" <span class="p">.</span>
+<span class="nb">sec</span><span class="p">:</span><span class="n">Model</span> <span class="n">rdfs</span><span class="p">:</span><span class="n">subClassOf</span> <span class="n">ja</span><span class="p">:</span><span class="n">NamedModel</span> <span class="p">.</span>
+</pre></div>
+
+
+<p>and a model definition something like:</p>
+<div class="codehilite"><pre><span class="p">[]</span> <span class="n">a</span> <span class="n">ja</span><span class="p">:</span><span class="n">Model</span> <span class="p">;</span>
+ <span class="nb">sec</span><span class="p">:</span><span class="n">baseModel</span> <span class="n">jena</span><span class="p">:</span><span class="n">model</span> <span class="p">;</span>
+ <span class="n">ja</span><span class="p">:</span><span class="n">modelName</span> "<span class="n">modelName</span>"<span class="p">;</span>
+ <span class="nb">sec</span><span class="p">:</span><span class="n">evaluatorFactory</span> "<span class="n">javaclass</span>"<span class="p">;</span>
+ <span class="p">.</span>
+</pre></div>
+
+
+<p>where:
+- <code>jena:model</code> is a model defined in the assembler file. In this example there would be a like in the file
+something like <code>jena:model a ja:Model</code>.<br />
+- <code>modelName</code> is the name of the model as identified in the security manager.
+- <code>javaclass</code> is the java class name that implements an Evaluator Factory. The Factory must have static method
+<code>getInstance()</code> that returns a SecurityEvaluator instance.</p>
+ </div>
+</div>
+
+</div><!--/.container -->
+
+ <footer class="footer">
+ <div class="container">
+ <p>Copyright © 2011–2013 The Apache Software Foundation, Licensed under
+ the <a href="http://www.apache.org/licenses/LICENSE-2.0">Apache License, Version 2.0</a>.
+ </p>
+ <p>
+ Apache Jena, Jena, the Apache Jena project logo,
+ Apache and the Apache feather logos are trademarks of The Apache Software Foundation.
+ </p>
+ </div>
+ </footer>
+
+
+</body>
+</html>
Added: websites/staging/jena/trunk/content/documentation/security/evaluator.html
==============================================================================
--- websites/staging/jena/trunk/content/documentation/security/evaluator.html (added)
+++ websites/staging/jena/trunk/content/documentation/security/evaluator.html Wed Sep 4 19:27:19 2013
@@ -0,0 +1,337 @@
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
+<html>
+<head>
+<!--
+
+ Licensed to the Apache Software Foundation (ASF) under one or more
+ contributor license agreements. See the NOTICE file distributed with
+ this work for additional information regarding copyright ownership.
+ The ASF licenses this file to You under the Apache License, Version 2.0
+ (the "License"); you may not use this file except in compliance with
+ the License. You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE- 2.0
+
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+-->
+
+ <title>Apache Jena - Jena Security - SecurityEvaluator implementation</title>
+ <meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
+ <meta name="viewport" content="width=device-width, initial-scale=1.0">
+
+ <link href="/css/bootstrap.min.css" rel="stylesheet" media="screen">
+ <link href="/css/bootstrap-extension.css" rel="stylesheet" type="text/css">
+ <link rel="shortcut icon" href="/images/favicon.ico" />
+
+ <script src="http://code.jquery.com/jquery-2.0.3.min.js"></script>
+ <script src="/js/jena-navigation.js" type="text/javascript"></script>
+ <script src="/js/bootstrap.min.js" type="text/javascript"></script>
+ <script src="/js/breadcrumbs.js" type="text/javascript"></script>
+
+ <!-- Uncomment to enable code coloring <link href="/css/codehilite.css" rel="stylesheet" type="text/css"> -->
+
+</head>
+
+<body>
+
+
+
+<nav class="navbar navbar-default" role="navigation">
+<div class="container">
+ <div class="navbar-header">
+
+ <button type="button" class="navbar-toggle" data-toggle="collapse" data-target=".navbar-ex1-collapse">
+ <span class="icon-bar"></span>
+ <span class="icon-bar"></span>
+ <span class="icon-bar"></span>
+ </button>
+ <a class="navbar-brand" href="/index.html">
+ <img class="logo-menu" src="/images/jena-logo/jena-logo-notext-small.png" alt="jena logo">Apache Jena</a>
+ </div>
+
+
+
+ <div class="collapse navbar-collapse navbar-ex1-collapse">
+ <ul class="nav navbar-nav">
+
+
+
+ <li id="homepage"><a href="/index.html"><span class="glyphicon glyphicon-home"></span> Home</a></li>
+ <li id="download"><a href="/download/index.html"><span class="glyphicon glyphicon-download-alt"></span> Download</a></li>
+ <li class="dropdown">
+ <a href="#" class="dropdown-toggle" data-toggle="dropdown"><span class="glyphicon glyphicon-book"></span> Learn <b class="caret"></b></a>
+ <ul class="dropdown-menu">
+ <li class="dropdown-header">Tutorials</li>
+ <li><a href="/tutorials/index.html">Overview</a></li>
+ <li><a href="/tutorials/rdf_api.html">RDF core API tutorial</a></li>
+ <li><a href="/tutorials/sparql.html">SPARQL tutorial</a></li>
+ <li><a href="/documentation/query/manipulating_sparql_using_arq.html">Manipulating SPARQL using ARQ</a></li>
+ <li><a href="/tutorials/using_jena_with_eclipse.html">Using Jena with Eclipse</a></li>
+ <li><a href="/documentation/notes/index.html">How-To's</a></li>
+ <li class="divider"></li>
+ <li class="dropdown-header">References</li>
+ <li><a href="/documentation/index.html">Overview</a></li>
+ <li><a href="/documentation/javadoc/">Javadoc</a></li>
+ <li><a href="/documentation/rdf/index.html">RDF API</a></li>
+ <li><a href="/documentation/io/">RDF I/O</a></li>
+ <li><a href="/documentation/query/index.html">ARQ (SPARQL)</a></li>
+ <li><a href="/documentation/query/text-query.html">Text Search</a></li>
+ <li><a href="/documentation/tdb/index.html">TDB</a></li>
+ <li><a href="/documentation/sdb/index.html">SDB</a></li>
+ <li><a href="/documentation/jdbc/index.html">SPARQL over JDBC</a></li>
+ <li><a href="/documentation/serving_data/index.html">Fuseki</a></li>
+ <li><a href="/documentation/assembler/index.html">Assembler</a></li>
+ <li><a href="/documentation/ontology/">Ontology API</a></li>
+ <li><a href="/documentation/inference/index.html">Inference API</a></li>
+ <li><a href="/documentation/tools/index.html">Command-line tools</a></li>
+ </ul>
+ </li>
+ <li id="ask"><a href="/help_and_support/index.html"><span class="glyphicon glyphicon-question-sign"></span> Ask</a></li>
+
+ <li class="dropdown">
+ <a href="#" class="dropdown-toggle" data-toggle="dropdown"><span class="glyphicon glyphicon-bullhorn"></span> Get involved <b class="caret"></b></a>
+ <ul class="dropdown-menu">
+ <li><a href="/getting_involved/index.html">Contribute</a></li>
+ <li><a href="/help_and_support/bugs_and_suggestions.html">Report a bug</a></li>
+ <li class="divider"></li>
+ <li class="dropdown-header">Project</li>
+ <li><a href="/about_jena/about.html">About Jena</a></li>
+ <li><a href="/about_jena/roadmap.html">Roadmap</a></li>
+ <li><a href="/about_jena/architecture.html">Architecture</a></li>
+ <li><a href="/about_jena/team.html">Project team</a></li>
+ <li><a href="/about_jena/contributions.html">Related projects</a></li>
+ <li class="divider"></li>
+ <li class="dropdown-header">ASF</li>
+ <li><a href="http://www.apache.org/">Apache Software Foundation</a></li>
+ <li><a href="http://www.apache.org/licenses/LICENSE-2.0">License</a></li>
+ <li><a href="http://www.apache.org/foundation/thanks.html">Thanks</a></li>
+ <li><a href="http://www.apache.org/foundation/sponsorship.html">Become a Sponsor</a></li>
+ <li><a href="http://www.apache.org/security/">Security</a></li>
+ </ul>
+ </li>
+
+
+ </ul>
+ </div>
+</div>
+</nav>
+
+
+<div class="container">
+ <div class="row">
+ <div class="col-md-12">
+ <div id="breadcrumbs"></div>
+ <h1 class="title">Jena Security - SecurityEvaluator implementation</h1>
+ <h2 id="overview">Overview</h2>
+<p>The SecurityEvaluator interface defines the access control operations. It provides the interface between the
+authentication (answers the question: "who are you?") and the authorization (answers the question: "what can you
+do?"), as such it provides access to the current principal (user). The javadocs contain detailed
+requirements for implementations of the SecurityEvaluator interface, short notes are provided below.</p>
+<p><strong>NOTE</strong> The security system caches intermediate results and will only call the evaluator if the answer is not
+already in the cache. There is little or advantage to implementing caching in the SecurityEvaluator itself.</p>
+<h3 id="actions">Actions</h3>
+<p>Principals may perform Create, Read, Action or Delete operations on
+secured resources. These operations are defined in the <code>Action</code> enum in the SecurtyEvaluator interface.</p>
+<h3 id="secnode">SecNode</h3>
+<p>The security node is a class that tracks the type and node value. SecNodes are one of the four enumerated Types
+found in the SecNodes class:</p>
+<ul>
+<li><strong>URI</strong> A URI node.</li>
+<li><strong>Literal</strong> A Literal node.</li>
+<li><strong>Anonymous</strong> An anonymous node. Also called a "blank" node.</li>
+<li><strong>Any</strong> Any node. This is a special case used for wild card matching.</li>
+</ul>
+<p>SecNode defines three static nodes:</p>
+<ul>
+<li><code>SecNode.ANY = new SecNode(Type.Any, "any")</code> Matches any node in the security system.</li>
+<li><code>SecNode.VARIABLE = new SecNode(Type.Any, "variable")</code> Indicates a variable in the triple.</li>
+<li><code>SecNode.FUTURE = new SecNode(Type.Anonymous, "")</code> This is an anonymous node that will be created in the future.</li>
+</ul>
+<h3 id="sectriple">SecTriple</h3>
+<p>The security triple is a class that provides a triple of SecNode objects. SecTriple also defines a single static
+triple:</p>
+<ul>
+<li><code>SecTriple.ANY</code> = new SecTriple(SecNode.ANY, SeccNode.ANY, SecNode.ANY)` Matches any SecTriple.</li>
+</ul>
+<h3 id="evaluator-methods">Evaluator Methods</h3>
+<div class="codehilite"><pre><span class="n">public</span> <span class="n">boolean</span> <span class="n">evaluate</span><span class="p">(</span> <span class="n">Action</span> <span class="n">action</span><span class="p">,</span> <span class="n">SecNode</span> <span class="n">graphIRI</span> <span class="p">);</span>
+</pre></div>
+
+
+<p>Determine if the action is permitted within the graph.</p>
+<div class="codehilite"><pre><span class="n">public</span> <span class="n">boolean</span> <span class="n">evaluate</span><span class="p">(</span> <span class="n">Action</span> <span class="n">action</span><span class="p">,</span> <span class="n">SecNode</span> <span class="n">graphIRI</span><span class="p">,</span> <span class="n">SecTriple</span> <span class="n">triple</span> <span class="p">);</span>
+</pre></div>
+
+
+<p>Determine if the action is allowed on the triple within the graph.</p>
+<div class="codehilite"><pre><span class="n">public</span> <span class="n">boolean</span> <span class="n">evaluate</span><span class="p">(</span> <span class="n">Set</span><span class="o"><</span><span class="n">Action</span><span class="o">></span> <span class="n">actions</span><span class="p">,</span> <span class="n">SecNode</span> <span class="n">graphIRI</span> <span class="p">);</span>
+</pre></div>
+
+
+<p>Determine if all actions are allowed on the graph.</p>
+<div class="codehilite"><pre><span class="n">public</span> <span class="n">boolean</span> <span class="n">evaluate</span><span class="p">(</span> <span class="n">Set</span><span class="o"><</span><span class="n">Action</span><span class="o">></span> <span class="n">actions</span><span class="p">,</span> <span class="n">SecNode</span> <span class="n">graphIRI</span><span class="p">,</span> <span class="n">SecTriple</span> <span class="n">triple</span> <span class="p">);</span>
+</pre></div>
+
+
+<p>Determine if all the actions are allowed on the triple within the graph. </p>
+<div class="codehilite"><pre><span class="n">public</span> <span class="n">boolean</span> <span class="n">evaluateAny</span><span class="p">(</span> <span class="n">Set</span><span class="o"><</span><span class="n">Action</span><span class="o">></span> <span class="n">actions</span><span class="p">,</span> <span class="n">SecNode</span> <span class="n">graphIRI</span> <span class="p">);</span>
+</pre></div>
+
+
+<p>Determine if any of the actions are allowed on the graph.</p>
+<div class="codehilite"><pre><span class="n">public</span> <span class="n">boolean</span> <span class="n">evaluateAny</span><span class="p">(</span> <span class="n">Set</span><span class="o"><</span><span class="n">Action</span><span class="o">></span> <span class="n">actions</span><span class="p">,</span> <span class="n">SecNode</span> <span class="n">graphIRI</span><span class="p">,</span> <span class="n">SecTriple</span> <span class="n">triple</span> <span class="p">);</span>
+</pre></div>
+
+
+<p>Determine if any of the actions are allowed on the triple within the graph.</p>
+<div class="codehilite"><pre><span class="n">public</span> <span class="n">boolean</span> <span class="n">evaluateUpdate</span><span class="p">(</span> <span class="n">SecNode</span> <span class="n">graphIRI</span><span class="p">,</span> <span class="n">SecTriple</span> <span class="n">from</span><span class="p">,</span> <span class="n">SecTriple</span> <span class="n">to</span> <span class="p">);</span>
+</pre></div>
+
+
+<p>Determine if the user is allowed to update the "from" triple to the "to" triple. </p>
+<div class="codehilite"><pre><span class="n">public</span> <span class="n">Principal</span> <span class="n">getPrincipal</span><span class="p">();</span>
+</pre></div>
+
+
+<p>returns the current principal or null if there is no current principal. </p>
+<h2 id="sample-implementation">Sample Implementation</h2>
+<p>This sample is for a graph that contains a set of messages, access to the messages are limited to
+principals that the messages are to or from. Any triple that is not a message is not affected. This
+implementation simply has a <code>setPrincipal(String name)</code> method. A real implementation would request the
+user principal or name from the authentication system. This implementation also requires access to the underlying
+model to determine if the user has access, however, that is not a requirement of the SecurityEvaluator in general.
+Determining access from the information provided is an exercise for the implementer. </p>
+<!-- language: lang-java -->
+
+<div class="codehilite"><pre><span class="n">public</span> <span class="n">class</span> <span class="n">ExampleEvaluator</span> <span class="n">implements</span> <span class="n">SecurityEvaluator</span> <span class="p">{</span>
+
+ <span class="n">private</span> <span class="n">Principal</span> <span class="n">principal</span><span class="p">;</span>
+ <span class="n">private</span> <span class="n">Model</span> <span class="n">model</span><span class="p">;</span>
+ <span class="n">private</span> <span class="n">RDFNode</span> <span class="n">msgType</span> <span class="p">=</span> <span class="n">ResourceFactory</span><span class="p">.</span><span class="n">createResource</span><span class="p">(</span> "<span class="n">http</span><span class="p">:</span><span class="o">//</span><span class="n">example</span><span class="p">.</span><span class="n">com</span><span class="o">/</span><span class="n">msg</span>" <span class="p">);</span>
+ <span class="n">private</span> <span class="n">Property</span> <span class="n">pTo</span> <span class="p">=</span> <span class="n">ResourceFactory</span><span class="p">.</span><span class="n">createProperty</span><span class="p">(</span> "<span class="n">http</span><span class="p">:</span><span class="o">//</span><span class="n">example</span><span class="p">.</span><span class="n">com</span><span class="o">/</span><span class="n">to</span>" <span class="p">);</span>
+ <span class="n">private</span> <span class="n">Property</span> <span class="n">pFrom</span> <span class="p">=</span> <span class="n">ResourceFactory</span><span class="p">.</span><span class="n">createProperty</span><span class="p">(</span> "<span class="n">http</span><span class="p">:</span><span class="o">//</span><span class="n">example</span><span class="p">.</span><span class="n">com</span><span class="o">/</span><span class="n">from</span>" <span class="p">);</span>
+
+ <span class="o">/**</span>
+ <span class="o">*</span>
+ <span class="o">*</span> <span class="p">@</span><span class="n">param</span> <span class="n">model</span> <span class="n">The</span> <span class="n">graph</span> <span class="n">we</span> <span class="n">are</span> <span class="n">going</span> <span class="n">to</span> <span class="n">evaluate</span> <span class="n">against</span><span class="p">.</span>
+ <span class="o">*/</span>
+ <span class="n">public</span> <span class="n">ExampleEvaluator</span><span class="p">(</span> <span class="n">Model</span> <span class="n">model</span> <span class="p">)</span>
+ <span class="p">{</span>
+ <span class="n">this</span><span class="p">.</span><span class="n">model</span> <span class="p">=</span> <span class="n">model</span><span class="p">;</span>
+ <span class="p">}</span>
+
+ <span class="p">@</span><span class="n">Override</span>
+ <span class="n">public</span> <span class="n">boolean</span> <span class="n">evaluate</span><span class="p">(</span><span class="n">Action</span> <span class="n">action</span><span class="p">,</span> <span class="n">SecNode</span> <span class="n">graphIRI</span><span class="p">)</span> <span class="p">{</span>
+ <span class="o">//</span> <span class="n">we</span> <span class="n">allow</span> <span class="n">any</span> <span class="n">action</span> <span class="n">on</span> <span class="n">a</span> <span class="n">graph</span><span class="p">.</span>
+ <span class="k">return</span> <span class="n">true</span><span class="p">;</span>
+ <span class="p">}</span>
+
+ <span class="n">private</span> <span class="n">boolean</span> <span class="n">evaluate</span><span class="p">(</span> <span class="n">Resource</span> <span class="n">r</span> <span class="p">)</span>
+ <span class="p">{</span>
+ <span class="o">//</span> <span class="n">a</span> <span class="n">message</span> <span class="n">is</span> <span class="n">only</span> <span class="n">available</span> <span class="n">to</span> <span class="n">sender</span> <span class="n">or</span> <span class="n">recipient</span>
+ <span class="k">if</span> <span class="p">(</span><span class="n">r</span><span class="p">.</span><span class="n">hasProperty</span><span class="p">(</span> <span class="n">RDF</span><span class="p">.</span><span class="n">type</span><span class="p">,</span> <span class="n">msgType</span> <span class="p">))</span>
+ <span class="p">{</span>
+ <span class="k">return</span> <span class="n">r</span><span class="p">.</span><span class="n">hasProperty</span><span class="p">(</span> <span class="n">pTo</span><span class="p">,</span> <span class="n">principal</span><span class="p">.</span><span class="n">getName</span><span class="p">()</span> <span class="p">)</span> <span class="o">||</span>
+ <span class="n">r</span><span class="p">.</span><span class="n">hasProperty</span><span class="p">(</span> <span class="n">pFrom</span><span class="p">,</span> <span class="n">principal</span><span class="p">.</span><span class="n">getName</span><span class="p">());</span>
+ <span class="p">}</span>
+ <span class="k">return</span> <span class="n">true</span><span class="p">;</span>
+ <span class="p">}</span>
+
+ <span class="n">private</span> <span class="n">boolean</span> <span class="n">evaluate</span><span class="p">(</span> <span class="n">SecNode</span> <span class="n">node</span> <span class="p">)</span>
+ <span class="p">{</span>
+ <span class="k">if</span> <span class="p">(</span><span class="n">node</span><span class="p">.</span><span class="n">equals</span><span class="p">(</span> <span class="n">SecNode</span><span class="p">.</span><span class="n">ANY</span> <span class="p">))</span> <span class="p">{</span>
+ <span class="k">return</span> <span class="n">false</span><span class="p">;</span> <span class="o">//</span> <span class="n">all</span> <span class="n">wild</span> <span class="n">cards</span> <span class="n">are</span> <span class="n">false</span>
+ <span class="p">}</span>
+
+ <span class="k">if</span> <span class="p">(</span><span class="n">node</span><span class="p">.</span><span class="n">getType</span><span class="p">().</span><span class="n">equals</span><span class="p">(</span> <span class="n">SecNode</span><span class="p">.</span><span class="n">Type</span><span class="p">.</span><span class="n">URI</span><span class="p">))</span> <span class="p">{</span>
+ <span class="n">Resource</span> <span class="n">r</span> <span class="p">=</span> <span class="n">model</span><span class="p">.</span><span class="n">createResource</span><span class="p">(</span> <span class="n">node</span><span class="p">.</span><span class="n">getValue</span><span class="p">()</span> <span class="p">);</span>
+ <span class="k">return</span> <span class="n">evaluate</span><span class="p">(</span> <span class="n">r</span> <span class="p">);</span>
+ <span class="p">}</span>
+ <span class="k">else</span> <span class="k">if</span> <span class="p">(</span><span class="n">node</span><span class="p">.</span><span class="n">getType</span><span class="p">().</span><span class="n">equals</span><span class="p">(</span> <span class="n">SecNode</span><span class="p">.</span><span class="n">Type</span><span class="p">.</span><span class="n">Anonymous</span><span class="p">))</span> <span class="p">{</span>
+ <span class="n">Resource</span> <span class="n">r</span> <span class="p">=</span> <span class="n">model</span><span class="p">.</span><span class="n">getRDFNode</span><span class="p">(</span> <span class="n">NodeFactory</span><span class="p">.</span><span class="n">createAnon</span><span class="p">(</span> <span class="n">new</span> <span class="n">AnonId</span><span class="p">(</span> <span class="n">node</span><span class="p">.</span><span class="n">getValue</span><span class="p">())</span> <span class="p">)</span> <span class="p">).</span><span class="n">asResource</span><span class="p">();</span>
+ <span class="k">return</span> <span class="n">evaluate</span><span class="p">(</span> <span class="n">r</span> <span class="p">);</span>
+ <span class="p">}</span>
+ <span class="k">else</span>
+ <span class="p">{</span>
+ <span class="k">return</span> <span class="n">true</span><span class="p">;</span>
+ <span class="p">}</span>
+
+ <span class="p">}</span>
+
+ <span class="n">private</span> <span class="n">boolean</span> <span class="n">evaluate</span><span class="p">(</span> <span class="n">SecTriple</span> <span class="n">triple</span> <span class="p">)</span> <span class="p">{</span>
+ <span class="k">return</span> <span class="n">evaluate</span><span class="p">(</span> <span class="n">triple</span><span class="p">.</span><span class="n">getSubject</span><span class="p">())</span> <span class="o">&&</span>
+ <span class="n">evaluate</span><span class="p">(</span> <span class="n">triple</span><span class="p">.</span><span class="n">getObject</span><span class="p">())</span> <span class="o">&&</span>
+ <span class="n">evaluate</span><span class="p">(</span> <span class="n">triple</span><span class="p">.</span><span class="n">getPredicate</span><span class="p">());</span>
+ <span class="p">}</span>
+
+ <span class="p">@</span><span class="n">Override</span>
+ <span class="n">public</span> <span class="n">boolean</span> <span class="n">evaluate</span><span class="p">(</span><span class="n">Action</span> <span class="n">action</span><span class="p">,</span> <span class="n">SecNode</span> <span class="n">graphIRI</span><span class="p">,</span> <span class="n">SecTriple</span> <span class="n">triple</span><span class="p">)</span> <span class="p">{</span>
+ <span class="k">return</span> <span class="n">evaluate</span><span class="p">(</span> <span class="n">triple</span> <span class="p">);</span>
+ <span class="p">}</span>
+
+ <span class="p">@</span><span class="n">Override</span>
+ <span class="n">public</span> <span class="n">boolean</span> <span class="n">evaluate</span><span class="p">(</span><span class="n">Set</span><span class="o"><</span><span class="n">Action</span><span class="o">></span> <span class="n">actions</span><span class="p">,</span> <span class="n">SecNode</span> <span class="n">graphIRI</span><span class="p">)</span> <span class="p">{</span>
+ <span class="k">return</span> <span class="n">true</span><span class="p">;</span>
+ <span class="p">}</span>
+
+ <span class="p">@</span><span class="n">Override</span>
+ <span class="n">public</span> <span class="n">boolean</span> <span class="n">evaluate</span><span class="p">(</span><span class="n">Set</span><span class="o"><</span><span class="n">Action</span><span class="o">></span> <span class="n">actions</span><span class="p">,</span> <span class="n">SecNode</span> <span class="n">graphIRI</span><span class="p">,</span>
+ <span class="n">SecTriple</span> <span class="n">triple</span><span class="p">)</span> <span class="p">{</span>
+ <span class="k">return</span> <span class="n">evaluate</span><span class="p">(</span> <span class="n">triple</span> <span class="p">);</span>
+ <span class="p">}</span>
+
+ <span class="p">@</span><span class="n">Override</span>
+ <span class="n">public</span> <span class="n">boolean</span> <span class="n">evaluateAny</span><span class="p">(</span><span class="n">Set</span><span class="o"><</span><span class="n">Action</span><span class="o">></span> <span class="n">actions</span><span class="p">,</span> <span class="n">SecNode</span> <span class="n">graphIRI</span><span class="p">)</span> <span class="p">{</span>
+ <span class="k">return</span> <span class="n">true</span><span class="p">;</span>
+ <span class="p">}</span>
+
+ <span class="p">@</span><span class="n">Override</span>
+ <span class="n">public</span> <span class="n">boolean</span> <span class="n">evaluateAny</span><span class="p">(</span><span class="n">Set</span><span class="o"><</span><span class="n">Action</span><span class="o">></span> <span class="n">actions</span><span class="p">,</span> <span class="n">SecNode</span> <span class="n">graphIRI</span><span class="p">,</span>
+ <span class="n">SecTriple</span> <span class="n">triple</span><span class="p">)</span> <span class="p">{</span>
+ <span class="k">return</span> <span class="n">evaluate</span><span class="p">(</span> <span class="n">triple</span> <span class="p">);</span>
+ <span class="p">}</span>
+
+ <span class="p">@</span><span class="n">Override</span>
+ <span class="n">public</span> <span class="n">boolean</span> <span class="n">evaluateUpdate</span><span class="p">(</span><span class="n">SecNode</span> <span class="n">graphIRI</span><span class="p">,</span> <span class="n">SecTriple</span> <span class="n">from</span><span class="p">,</span> <span class="n">SecTriple</span> <span class="n">to</span><span class="p">)</span> <span class="p">{</span>
+ <span class="k">return</span> <span class="n">evaluate</span><span class="p">(</span> <span class="n">from</span> <span class="p">)</span> <span class="o">&&</span> <span class="n">evaluate</span><span class="p">(</span> <span class="n">to</span> <span class="p">);</span>
+ <span class="p">}</span>
+
+ <span class="n">public</span> <span class="n">void</span> <span class="n">setPrincipal</span><span class="p">(</span> <span class="n">String</span> <span class="n">userName</span> <span class="p">)</span>
+ <span class="p">{</span>
+ <span class="k">if</span> <span class="p">(</span><span class="n">userName</span> <span class="o">==</span> <span class="n">null</span><span class="p">)</span>
+ <span class="p">{</span>
+ <span class="n">principal</span> <span class="p">=</span> <span class="n">null</span><span class="p">;</span>
+ <span class="p">}</span>
+ <span class="n">principal</span> <span class="p">=</span> <span class="n">new</span> <span class="n">BasicUserPrincipal</span><span class="p">(</span> <span class="n">userName</span> <span class="p">);</span>
+ <span class="p">}</span>
+ <span class="p">@</span><span class="n">Override</span>
+ <span class="n">public</span> <span class="n">Principal</span> <span class="n">getPrincipal</span><span class="p">()</span> <span class="p">{</span>
+ <span class="k">return</span> <span class="n">principal</span><span class="p">;</span>
+ <span class="p">}</span>
+
+<span class="p">}</span>
+</pre></div>
+ </div>
+</div>
+
+</div><!--/.container -->
+
+ <footer class="footer">
+ <div class="container">
+ <p>Copyright © 2011–2013 The Apache Software Foundation, Licensed under
+ the <a href="http://www.apache.org/licenses/LICENSE-2.0">Apache License, Version 2.0</a>.
+ </p>
+ <p>
+ Apache Jena, Jena, the Apache Jena project logo,
+ Apache and the Apache feather logos are trademarks of The Apache Software Foundation.
+ </p>
+ </div>
+ </footer>
+
+
+</body>
+</html>
Added: websites/staging/jena/trunk/content/documentation/security/index.html
==============================================================================
--- websites/staging/jena/trunk/content/documentation/security/index.html (added)
+++ websites/staging/jena/trunk/content/documentation/security/index.html Wed Sep 4 19:27:19 2013
@@ -0,0 +1,186 @@
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
+<html>
+<head>
+<!--
+
+ Licensed to the Apache Software Foundation (ASF) under one or more
+ contributor license agreements. See the NOTICE file distributed with
+ this work for additional information regarding copyright ownership.
+ The ASF licenses this file to You under the Apache License, Version 2.0
+ (the "License"); you may not use this file except in compliance with
+ the License. You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE- 2.0
+
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+-->
+
+ <title>Apache Jena - Jena Security - A Security (Permissions) wrapper around Jena RDF implementation.</title>
+ <meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
+ <meta name="viewport" content="width=device-width, initial-scale=1.0">
+
+ <link href="/css/bootstrap.min.css" rel="stylesheet" media="screen">
+ <link href="/css/bootstrap-extension.css" rel="stylesheet" type="text/css">
+ <link rel="shortcut icon" href="/images/favicon.ico" />
+
+ <script src="http://code.jquery.com/jquery-2.0.3.min.js"></script>
+ <script src="/js/jena-navigation.js" type="text/javascript"></script>
+ <script src="/js/bootstrap.min.js" type="text/javascript"></script>
+ <script src="/js/breadcrumbs.js" type="text/javascript"></script>
+
+ <!-- Uncomment to enable code coloring <link href="/css/codehilite.css" rel="stylesheet" type="text/css"> -->
+
+</head>
+
+<body>
+
+
+
+<nav class="navbar navbar-default" role="navigation">
+<div class="container">
+ <div class="navbar-header">
+
+ <button type="button" class="navbar-toggle" data-toggle="collapse" data-target=".navbar-ex1-collapse">
+ <span class="icon-bar"></span>
+ <span class="icon-bar"></span>
+ <span class="icon-bar"></span>
+ </button>
+ <a class="navbar-brand" href="/index.html">
+ <img class="logo-menu" src="/images/jena-logo/jena-logo-notext-small.png" alt="jena logo">Apache Jena</a>
+ </div>
+
+
+
+ <div class="collapse navbar-collapse navbar-ex1-collapse">
+ <ul class="nav navbar-nav">
+
+
+
+ <li id="homepage"><a href="/index.html"><span class="glyphicon glyphicon-home"></span> Home</a></li>
+ <li id="download"><a href="/download/index.html"><span class="glyphicon glyphicon-download-alt"></span> Download</a></li>
+ <li class="dropdown">
+ <a href="#" class="dropdown-toggle" data-toggle="dropdown"><span class="glyphicon glyphicon-book"></span> Learn <b class="caret"></b></a>
+ <ul class="dropdown-menu">
+ <li class="dropdown-header">Tutorials</li>
+ <li><a href="/tutorials/index.html">Overview</a></li>
+ <li><a href="/tutorials/rdf_api.html">RDF core API tutorial</a></li>
+ <li><a href="/tutorials/sparql.html">SPARQL tutorial</a></li>
+ <li><a href="/documentation/query/manipulating_sparql_using_arq.html">Manipulating SPARQL using ARQ</a></li>
+ <li><a href="/tutorials/using_jena_with_eclipse.html">Using Jena with Eclipse</a></li>
+ <li><a href="/documentation/notes/index.html">How-To's</a></li>
+ <li class="divider"></li>
+ <li class="dropdown-header">References</li>
+ <li><a href="/documentation/index.html">Overview</a></li>
+ <li><a href="/documentation/javadoc/">Javadoc</a></li>
+ <li><a href="/documentation/rdf/index.html">RDF API</a></li>
+ <li><a href="/documentation/io/">RDF I/O</a></li>
+ <li><a href="/documentation/query/index.html">ARQ (SPARQL)</a></li>
+ <li><a href="/documentation/query/text-query.html">Text Search</a></li>
+ <li><a href="/documentation/tdb/index.html">TDB</a></li>
+ <li><a href="/documentation/sdb/index.html">SDB</a></li>
+ <li><a href="/documentation/jdbc/index.html">SPARQL over JDBC</a></li>
+ <li><a href="/documentation/serving_data/index.html">Fuseki</a></li>
+ <li><a href="/documentation/assembler/index.html">Assembler</a></li>
+ <li><a href="/documentation/ontology/">Ontology API</a></li>
+ <li><a href="/documentation/inference/index.html">Inference API</a></li>
+ <li><a href="/documentation/tools/index.html">Command-line tools</a></li>
+ </ul>
+ </li>
+ <li id="ask"><a href="/help_and_support/index.html"><span class="glyphicon glyphicon-question-sign"></span> Ask</a></li>
+
+ <li class="dropdown">
+ <a href="#" class="dropdown-toggle" data-toggle="dropdown"><span class="glyphicon glyphicon-bullhorn"></span> Get involved <b class="caret"></b></a>
+ <ul class="dropdown-menu">
+ <li><a href="/getting_involved/index.html">Contribute</a></li>
+ <li><a href="/help_and_support/bugs_and_suggestions.html">Report a bug</a></li>
+ <li class="divider"></li>
+ <li class="dropdown-header">Project</li>
+ <li><a href="/about_jena/about.html">About Jena</a></li>
+ <li><a href="/about_jena/roadmap.html">Roadmap</a></li>
+ <li><a href="/about_jena/architecture.html">Architecture</a></li>
+ <li><a href="/about_jena/team.html">Project team</a></li>
+ <li><a href="/about_jena/contributions.html">Related projects</a></li>
+ <li class="divider"></li>
+ <li class="dropdown-header">ASF</li>
+ <li><a href="http://www.apache.org/">Apache Software Foundation</a></li>
+ <li><a href="http://www.apache.org/licenses/LICENSE-2.0">License</a></li>
+ <li><a href="http://www.apache.org/foundation/thanks.html">Thanks</a></li>
+ <li><a href="http://www.apache.org/foundation/sponsorship.html">Become a Sponsor</a></li>
+ <li><a href="http://www.apache.org/security/">Security</a></li>
+ </ul>
+ </li>
+
+
+ </ul>
+ </div>
+</div>
+</nav>
+
+
+<div class="container">
+ <div class="row">
+ <div class="col-md-12">
+ <div id="breadcrumbs"></div>
+ <h1 class="title">Jena Security - A Security (Permissions) wrapper around Jena RDF implementation.</h1>
+ <p>JenaSecurity is a SecurityEvaluator interface and a set of dynamic proxies that apply that interface to Jena Graphs,
+Models, and associated methods and classes.</p>
+<h2 id="documentation">Documentation</h2>
+<ul>
+<li><a href="#overview">Overview</a></li>
+<li><a href="#usage-notes">Usage Notes</a></li>
+<li><a href="#evaluator.html">Security Evaluator</a></li>
+</ul>
+<h2 id="overview">Overview</h2>
+<p>Jena-security transparently intercepts calls to the Graph or Model interface, evaluates access restrictions and
+either allows or rejects the access. The system is authentication agnostic and will work with most authentication
+systems. The system uses dynamic proxies to wrap any Graph or Model implementation.
+The jena-security module includes an Assembler module to extend the standard Assembler to include the ability to
+create secured models and graphs. A complete example application is also available.</p>
+<p>The developer using jena-security is required to implement a SecurityEvaluator that provides access to the Principal
+(User) using the system and also determines if that Principal has the proper access to execute a method. Through the
+SecurityEvaluator the developer may apply full CRUD (Create, Read, Update, and Delete) restrictions to graphs and
+optionally triples within the graphs. </p>
+<p>The javadocs have additional annotations that specify what permissions at graph and triple levels are required for
+the user to execute the method.</p>
+<h2 id="usage-notes">Usage Notes</h2>
+<p>When the system is correctly configured the developer creates a SecuredGraph by calling
+<code>Factory.getInstance( SecurityEvaluator, String, Graph );</code>. Once created the resulting graph automatically
+makes the appropriate calls to the SecurityEvaluator before passing any approved requests to the underlying graph.</p>
+<p>Secured models are created by calling <code>Factory.getInstance( SecurityEvaluator, String, Model );</code> or
+<code>ModelFactory.createModelForGraph( SecuredGraph );</code></p>
+<p><strong>NOTE:</strong> when creating a model by wrapping a secured graph (e.g. <code>ModelFactory.createModelForGraph( SecuredGraph );</code>)
+the resulting Model does not have the same security requirements that the standard secured model. For example
+When creating a list on a secured model calling <code>model.createList( RDFNode[] );</code>, the standard secured
+model verifies that the user has the right to <strong>update</strong> the triples and allows or denies the entire operation
+accordingly. The wrapped secured graph does not have visibility to the <code>createList()</code> command and can only operate
+on the instructions issued by the <code>model.createList()</code> implementation. In the standard implementation the model
+requests the graph to delete one triple and then insert another. Thus the user must have <strong>delete</strong> and <strong>add</strong>
+permissions, not the <strong>update</strong> permission.</p>
+<p>There are several other cases where the difference in the layer can trip up the security system. In all known cases
+the result is a tighter security definition than was requested. For simplicity sake we recommend that the wrapped
+secured graph only be used in cases where access to the graph as a whole is granted/denied. In these cases the user
+either has all CRUD capabilities or none.</p>
+ </div>
+</div>
+
+</div><!--/.container -->
+
+ <footer class="footer">
+ <div class="container">
+ <p>Copyright © 2011–2013 The Apache Software Foundation, Licensed under
+ the <a href="http://www.apache.org/licenses/LICENSE-2.0">Apache License, Version 2.0</a>.
+ </p>
+ <p>
+ Apache Jena, Jena, the Apache Jena project logo,
+ Apache and the Apache feather logos are trademarks of The Apache Software Foundation.
+ </p>
+ </div>
+ </footer>
+
+
+</body>
+</html>