You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@jena.apache.org by cl...@apache.org on 2013/09/10 22:10:36 UTC

svn commit: r1521622 - /jena/site/trunk/content/documentation/security/index.mdtext

Author: claude
Date: Tue Sep 10 20:10:36 2013
New Revision: 1521622

URL: http://svn.apache.org/r1521622
Log:
Fixed some formatting issues

Modified:
    jena/site/trunk/content/documentation/security/index.mdtext

Modified: jena/site/trunk/content/documentation/security/index.mdtext
URL: http://svn.apache.org/viewvc/jena/site/trunk/content/documentation/security/index.mdtext?rev=1521622&r1=1521621&r2=1521622&view=diff
==============================================================================
--- jena/site/trunk/content/documentation/security/index.mdtext (original)
+++ jena/site/trunk/content/documentation/security/index.mdtext Tue Sep 10 20:10:36 2013
@@ -67,17 +67,23 @@ this is done correctly.  The required pe
 Conceptually the framework implements 2 levels of security: graph and triple.
 
 The graph restrictions are applied before triple restrictions.  So the system will call 
+
     evaluate( Action action, SecNode graphIRI );
+    
 to ask can the current user "Read" (Action)  graph X (graphIRI)  as `evaluate( Action.READ, X )`.
 
 if the answer is yes then the system will call
+
     evaluate( Action action, SecNode graphIRI, SecTriple triple );
+    
 to ask if the current user can "Read" (Action) from graph X (graphIRI) all triples (SecTriple) as 
 `evaluate( Action.READ, X, SecTriple.ALL )`.
 
 if the answer is yes then the system will execute the call, if the answer is no then for each 
 potential triple the user might read the system will call
+
     evaluate( Action action, SecNode graphIRI, SecTriple triple );
+    
 to ask if the current user can "Read" (Action) from graph X (graphIRI) the triple in question 
 (<triple>) as `evaluate( Action.READ, X, <triple> )`.
 
@@ -94,9 +100,13 @@ Jena-security provides three special nod
 
 This is similar to the Jena `Node.ANY` node.  It matches any node.  In general the system will ask if 
 the user can access a graph by executing 
+
     evaluate( Action, GraphIRI )
+    
 if the user can access the graph then the system will execute
+
     evaluate( Action, GraphIRI, <SecNode.ANY, SecNode.ANY, SecNode.ANY )
+    
 to determine if the user can perform the action on all triples.  If not then the system will attempt to 
 determine if the user perform the action on each specific triple.  In some cases the system can determine that
 the range of nodes involved in the action a sub set of all nodes and will call `evaluate` with some constant 
@@ -156,11 +166,15 @@ Insertions pose a different set of probl
 inserted.  For example when concatenating one RDFList with another (`rdfList.concatenate( rdfList2 )`) the system
 will create a series of anonymous nodes.  To check for these the `SecNode.FUTURE` is used. Initially the system will
 call 
+
     evaluate( Action.CREATE, X, <SecNode.FUTURE, RDF.first, SecNode.ANY ) 
+    
 to ascertain if the user can create a triple in graph X that has an anonymous node (SecNode.FUTURE) as the subject,
 RDF.first as the predicate and any node as the object.  If this is not allowed then for every node in `rdfList2` 
 the system will call
+
     evaluate( Action.CREATE, X, <SecNode.FUTURE, RDF.first, node ) 
+    
 where `node` is the node from `rdfList2` to be added.