You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@jena.apache.org by an...@apache.org on 2018/11/17 17:20:53 UTC
[27/34] jena git commit: Support for cases such as "all graphs" and
"all users".
Support for cases such as "all graphs" and "all users".
Project: http://git-wip-us.apache.org/repos/asf/jena/repo
Commit: http://git-wip-us.apache.org/repos/asf/jena/commit/8e661d60
Tree: http://git-wip-us.apache.org/repos/asf/jena/tree/8e661d60
Diff: http://git-wip-us.apache.org/repos/asf/jena/diff/8e661d60
Branch: refs/heads/master
Commit: 8e661d60ada150fb7954e288c5af1c868030ac6c
Parents: b1f83c2
Author: Andy Seaborne <an...@apache.org>
Authored: Wed Nov 14 10:25:36 2018 +0000
Committer: Andy Seaborne <an...@apache.org>
Committed: Wed Nov 14 10:26:18 2018 +0000
----------------------------------------------------------------------
.../access/AssemblerSecurityRegistry.java | 43 ++-
.../jena/fuseki/access/DataAccessCtl.java | 2 +
.../jena/fuseki/access/DataAccessLib.java | 3 +
.../apache/jena/fuseki/access/GraphFilter.java | 11 +
.../jena/fuseki/access/SecurityContext.java | 24 +-
.../fuseki/access/SecurityContextAllowAll.java | 7 +
.../access/SecurityContextAllowNamedGraphs.java | 2 +-
.../fuseki/access/SecurityContextAllowNone.java | 10 +-
.../jena/fuseki/access/SecurityContextView.java | 9 +-
.../org/apache/jena/fuseki/access/Users.java | 35 ++
.../apache/jena/fuseki/access/TS_Access.java | 2 +-
.../fuseki/access/TestSecurityFilterLocal.java | 26 +-
.../fuseki/access/TestSecurityRegistry.java | 82 +++++
.../jena/fuseki/access/TestServiceRegistry.java | 40 ---
.../assem-security-registry-1.ttl | 32 ++
.../assem-security-registry-2.ttl | 34 ++
.../assem-security-registry.ttl | 32 --
.../AbstractTestFusekiSecurityAssembler.java | 323 +++++++++++++++++++
.../AbstractTestGraphSecurityAssembler.java | 323 -------------------
.../fuseki/main/access/TS_SecurityFuseki.java | 4 +-
.../TestFusekiSecurityAssemblerSeparate.java | 26 ++
.../TestFusekiSecurityAssemblerShared.java | 26 ++
.../TestGraphSecurityAssemblerSeparate.java | 26 --
.../TestGraphSecurityAssemblerShared.java | 26 --
.../fuseki/main/access/TestPasswordServer.java | 4 +-
.../main/access/TestPasswordServices.java | 4 +-
26 files changed, 660 insertions(+), 496 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/jena/blob/8e661d60/jena-fuseki2/jena-fuseki-access/src/main/java/org/apache/jena/fuseki/access/AssemblerSecurityRegistry.java
----------------------------------------------------------------------
diff --git a/jena-fuseki2/jena-fuseki-access/src/main/java/org/apache/jena/fuseki/access/AssemblerSecurityRegistry.java b/jena-fuseki2/jena-fuseki-access/src/main/java/org/apache/jena/fuseki/access/AssemblerSecurityRegistry.java
index afaf102..93c4cdb 100644
--- a/jena-fuseki2/jena-fuseki-access/src/main/java/org/apache/jena/fuseki/access/AssemblerSecurityRegistry.java
+++ b/jena-fuseki2/jena-fuseki-access/src/main/java/org/apache/jena/fuseki/access/AssemblerSecurityRegistry.java
@@ -21,6 +21,8 @@ package org.apache.jena.fuseki.access;
import java.util.ArrayList;
import java.util.Collection;
import java.util.List;
+import java.util.Set;
+import java.util.stream.Collectors;
import org.apache.jena.assembler.Assembler;
import org.apache.jena.assembler.Mode;
@@ -29,7 +31,6 @@ import org.apache.jena.assembler.exceptions.AssemblerException;
import org.apache.jena.ext.com.google.common.collect.ArrayListMultimap;
import org.apache.jena.ext.com.google.common.collect.Multimap;
import org.apache.jena.graph.Node;
-import org.apache.jena.graph.NodeFactory;
import org.apache.jena.rdf.model.RDFList;
import org.apache.jena.rdf.model.RDFNode;
import org.apache.jena.rdf.model.Resource;
@@ -42,7 +43,7 @@ import org.apache.jena.sparql.util.graph.GraphList;
import org.apache.jena.sparql.util.graph.GraphUtils;
public class AssemblerSecurityRegistry extends AssemblerBase {
-
+
/**
* SecurityRegistry.
* Builds a SecurityRegistry - a map fron user name to
@@ -57,14 +58,7 @@ public class AssemblerSecurityRegistry extends AssemblerBase {
* ## Drop?
* access:entry [ :user "user2" ; :graphs (<http://host/graphname3> ) ] ;
*/
-
-
- private static Node allGraphsURI = NodeFactory.createURI("urn:jena:accessAllGraphs");
- private static Node allNamedGraphsURI = NodeFactory.createURI("urn:jena:accessAllNamedGraphs");
- private static Node allNamedGraphs = NodeFactory.createLiteral("*");
- private static Node allGraphs = NodeFactory.createLiteral("**");
-
@Override
public AuthorizationService open(Assembler a, Resource root, Mode mode) {
SecurityRegistry registry = new SecurityRegistry();
@@ -125,14 +119,12 @@ public class AssemblerSecurityRegistry extends AssemblerBase {
List<Node> graphs = new ArrayList<>();
if ( x.isURIResource() ) {
//System.out.printf("S: user %s : access : %s\n", user, x.asNode());
- Node n = graphLabel(x.asNode(), root);
- graphs.add(n);
+ graphs.add(x.asNode());
} else {
// List?
RDFList list = x.as(RDFList.class);
list.iterator().forEachRemaining(rn->{
- Node n = graphLabel(rn.asNode(), root);
- graphs.add(n);
+ graphs.add(rn.asNode());
});
}
accessEntries(root, map, user, graphs);
@@ -140,25 +132,30 @@ public class AssemblerSecurityRegistry extends AssemblerBase {
}
private Node graphLabel(Node x, Resource root) {
- if ( allGraphs.equals(x) ) x = allGraphsURI;
- if ( allNamedGraphs.equals(x) ) x = allNamedGraphsURI;
+ if ( SecurityContext.allGraphsStr.equals(x) ) x = SecurityContext.allGraphs;
+ if ( SecurityContext.allNamedGraphsStr.equals(x) ) x = SecurityContext.allNamedGraphs;
if ( ! x.isURI() )
throw new AssemblerException(root, "Not a graph name: "+x);
return x;
}
- private void accessEntries(Resource root, Multimap<String, Node> map, String user, List<Node> graphs) {
- if ( graphs.contains(allGraphsURI) ) {
+ private void accessEntries(Resource root, Multimap<String, Node> map, String user, List<Node> _graphs) {
+ // Convert string names for graphs to URIs.
+ Set<Node> graphs = _graphs.stream().map(n->graphLabel(n, root)).collect(Collectors.toSet());
+
+ if ( graphs.contains(SecurityContext.allGraphs) ) {
map.removeAll(user);
- map.put(user, allGraphsURI);
+ map.put(user, SecurityContext.allGraphs);
return;
}
- if ( graphs.contains(allNamedGraphsURI) ) {
- boolean dft = dftPresent(map.get(user));
- map.removeAll(user);
- map.put(user, allNamedGraphsURI);
+ if ( graphs.contains(SecurityContext.allNamedGraphs) ) {
+ boolean dft = dftPresent(graphs);
+ Node x = SecurityContext.allNamedGraphs;
if ( dft )
- map.put(user, Quad.defaultGraphIRI);
+ // Put in "*" instead.
+ x = SecurityContext.allGraphs;
+ map.removeAll(user);
+ map.put(user, x);
return;
}
map.putAll(user, graphs);
http://git-wip-us.apache.org/repos/asf/jena/blob/8e661d60/jena-fuseki2/jena-fuseki-access/src/main/java/org/apache/jena/fuseki/access/DataAccessCtl.java
----------------------------------------------------------------------
diff --git a/jena-fuseki2/jena-fuseki-access/src/main/java/org/apache/jena/fuseki/access/DataAccessCtl.java b/jena-fuseki2/jena-fuseki-access/src/main/java/org/apache/jena/fuseki/access/DataAccessCtl.java
index a0f2847..b97aeec 100644
--- a/jena-fuseki2/jena-fuseki-access/src/main/java/org/apache/jena/fuseki/access/DataAccessCtl.java
+++ b/jena-fuseki2/jena-fuseki-access/src/main/java/org/apache/jena/fuseki/access/DataAccessCtl.java
@@ -112,6 +112,8 @@ public class DataAccessCtl {
/**
* Return a read-only {@link DatasetGraphFilteredView} that fulfils the {@link SecurityContext}.
+ * See also {@link SecurityContext#filterTDB} which is more efficient.
+ * This code creates a general solution.
*/
public static DatasetGraph filteredDataset(DatasetGraph dsg, SecurityContext sCxt) {
if ( sCxt instanceof SecurityContextAllowAll )
http://git-wip-us.apache.org/repos/asf/jena/blob/8e661d60/jena-fuseki2/jena-fuseki-access/src/main/java/org/apache/jena/fuseki/access/DataAccessLib.java
----------------------------------------------------------------------
diff --git a/jena-fuseki2/jena-fuseki-access/src/main/java/org/apache/jena/fuseki/access/DataAccessLib.java b/jena-fuseki2/jena-fuseki-access/src/main/java/org/apache/jena/fuseki/access/DataAccessLib.java
index 9b99f27..0f04b81 100644
--- a/jena-fuseki2/jena-fuseki-access/src/main/java/org/apache/jena/fuseki/access/DataAccessLib.java
+++ b/jena-fuseki2/jena-fuseki-access/src/main/java/org/apache/jena/fuseki/access/DataAccessLib.java
@@ -38,6 +38,9 @@ class DataAccessLib {
SecurityContext sCxt = null;
String user = requestUser.apply(action);
+
+ // User "*", users "_";
+
sCxt = registry.get(user);
if ( sCxt == null )
sCxt = noSecurityPolicy();
http://git-wip-us.apache.org/repos/asf/jena/blob/8e661d60/jena-fuseki2/jena-fuseki-access/src/main/java/org/apache/jena/fuseki/access/GraphFilter.java
----------------------------------------------------------------------
diff --git a/jena-fuseki2/jena-fuseki-access/src/main/java/org/apache/jena/fuseki/access/GraphFilter.java b/jena-fuseki2/jena-fuseki-access/src/main/java/org/apache/jena/fuseki/access/GraphFilter.java
index 33283d6..6059ed1 100644
--- a/jena-fuseki2/jena-fuseki-access/src/main/java/org/apache/jena/fuseki/access/GraphFilter.java
+++ b/jena-fuseki2/jena-fuseki-access/src/main/java/org/apache/jena/fuseki/access/GraphFilter.java
@@ -24,6 +24,7 @@ import java.util.Set;
import java.util.function.Predicate;
import org.apache.jena.atlas.lib.tuple.Tuple;
+import org.apache.jena.sparql.core.DatasetGraph;
import org.apache.jena.sparql.util.Symbol;
/**
@@ -48,6 +49,16 @@ public abstract class GraphFilter<X> implements Predicate<Tuple<X>> {
this.matchDefaultGraph = matchDefaultGraph;
}
+ public static Symbol getContextKey(DatasetGraph dsg) {
+ dsg = DatasetGraphAccessControl.removeWrapper(dsg);
+
+ if ( org.apache.jena.tdb.sys.TDBInternal.isTDB1(dsg) )
+ return org.apache.jena.tdb.sys.SystemTDB.symTupleFilter;
+ if ( org.apache.jena.tdb2.sys.TDBInternal.isTDB2(dsg) )
+ return org.apache.jena.tdb2.sys.SystemTDB.symTupleFilter;
+ throw new IllegalArgumentException("Not a TDB database");
+ }
+
public abstract Symbol getContextKey();
@Override
http://git-wip-us.apache.org/repos/asf/jena/blob/8e661d60/jena-fuseki2/jena-fuseki-access/src/main/java/org/apache/jena/fuseki/access/SecurityContext.java
----------------------------------------------------------------------
diff --git a/jena-fuseki2/jena-fuseki-access/src/main/java/org/apache/jena/fuseki/access/SecurityContext.java b/jena-fuseki2/jena-fuseki-access/src/main/java/org/apache/jena/fuseki/access/SecurityContext.java
index 6322de2..d6ae465 100644
--- a/jena-fuseki2/jena-fuseki-access/src/main/java/org/apache/jena/fuseki/access/SecurityContext.java
+++ b/jena-fuseki2/jena-fuseki-access/src/main/java/org/apache/jena/fuseki/access/SecurityContext.java
@@ -24,24 +24,31 @@ import java.util.stream.Collectors;
import org.apache.jena.atlas.iterator.Iter;
import org.apache.jena.graph.Node;
+import org.apache.jena.graph.NodeFactory;
import org.apache.jena.query.Query;
import org.apache.jena.query.QueryExecution;
import org.apache.jena.query.QueryFactory;
import org.apache.jena.sparql.core.DatasetGraph;
import org.apache.jena.sparql.core.Quad;
+import org.apache.jena.sparql.util.Context;
/** A {@link SecurityContext} is the things actor (user, role) is allowed to do.
* Currently version: the set of graphs, by graph name, they can access.
* It can be inverted into a "deny" policy with {@link Predicate#negate()}.
*/
public interface SecurityContext {
- public static SecurityContext NONE = new SecurityContextAllowNone();
- public static SecurityContext ALL = new SecurityContextAllowAll();
+ public static final SecurityContext NONE = new SecurityContextAllowNone();
+ public static final SecurityContext ALL = new SecurityContextAllowAll();
public static SecurityContext ALL_NG(DatasetGraph dsg) {
Collection<Node> names = Iter.toList(dsg.listGraphNodes());
//return new SecurityContextAllowNamedGraphs(dsg);
return new SecurityContextView(names);
}
+
+ public static final Node allGraphs = NodeFactory.createURI("urn:jena:accessAllGraphs");
+ public static final Node allNamedGraphs = NodeFactory.createURI("urn:jena:accessAllNamedGraphs");
+ public static final Node allNamedGraphsStr = NodeFactory.createLiteral("*");
+ public static final Node allGraphsStr = NodeFactory.createLiteral("**");
/**
* Collection of visible graph names. This method return null for null for "all" to avoid
@@ -76,5 +83,16 @@ public interface SecurityContext {
* efficient.
*/
public Predicate<Quad> predicateQuad();
-
+
+ /**
+ * Apply a filter suitable for the TDB-backed {@link DatasetGraph}, to the {@link Context} of the
+ * {@link QueryExecution}. This does not modify the {@link DatasetGraph}.
+ * Throws {@link IllegalArgumentException} if {@link DatasetGraph} is not a TDB1 or TDB2 backed dataset.
+ * May throw {@link UnsupportedOperationException}.
+ */
+ public default void filterTDB(DatasetGraph dsg, QueryExecution qExec) {
+ if ( ! org.apache.jena.tdb.sys.TDBInternal.isTDB1(dsg) || ! org.apache.jena.tdb2.sys.TDBInternal.isTDB2(dsg) )
+ throw new IllegalArgumentException("Not a TDB database");
+ throw new UnsupportedOperationException();
+ }
}
http://git-wip-us.apache.org/repos/asf/jena/blob/8e661d60/jena-fuseki2/jena-fuseki-access/src/main/java/org/apache/jena/fuseki/access/SecurityContextAllowAll.java
----------------------------------------------------------------------
diff --git a/jena-fuseki2/jena-fuseki-access/src/main/java/org/apache/jena/fuseki/access/SecurityContextAllowAll.java b/jena-fuseki2/jena-fuseki-access/src/main/java/org/apache/jena/fuseki/access/SecurityContextAllowAll.java
index fb53250..9ab7053 100644
--- a/jena-fuseki2/jena-fuseki-access/src/main/java/org/apache/jena/fuseki/access/SecurityContextAllowAll.java
+++ b/jena-fuseki2/jena-fuseki-access/src/main/java/org/apache/jena/fuseki/access/SecurityContextAllowAll.java
@@ -54,4 +54,11 @@ public class SecurityContextAllowAll implements SecurityContext {
*/
@Override
public Predicate<Quad> predicateQuad() { return q->true; }
+
+ @Override
+ public void filterTDB(DatasetGraph dsg, QueryExecution qExec) {
+ // No filter necessary.
+// Predicate<?> pred = tuple->true;
+// qExec.getContext().set(GraphFilter.getContextKey(dsg), pred);
+ }
}
http://git-wip-us.apache.org/repos/asf/jena/blob/8e661d60/jena-fuseki2/jena-fuseki-access/src/main/java/org/apache/jena/fuseki/access/SecurityContextAllowNamedGraphs.java
----------------------------------------------------------------------
diff --git a/jena-fuseki2/jena-fuseki-access/src/main/java/org/apache/jena/fuseki/access/SecurityContextAllowNamedGraphs.java b/jena-fuseki2/jena-fuseki-access/src/main/java/org/apache/jena/fuseki/access/SecurityContextAllowNamedGraphs.java
index 171e79b..bae61bb 100644
--- a/jena-fuseki2/jena-fuseki-access/src/main/java/org/apache/jena/fuseki/access/SecurityContextAllowNamedGraphs.java
+++ b/jena-fuseki2/jena-fuseki-access/src/main/java/org/apache/jena/fuseki/access/SecurityContextAllowNamedGraphs.java
@@ -54,5 +54,5 @@ public class SecurityContextAllowNamedGraphs implements SecurityContext {
* efficient.
*/
@Override
- public Predicate<Quad> predicateQuad() { return q->true; }
+ public Predicate<Quad> predicateQuad() { return q-> ! Quad.isDefaultGraph(q.getGraph()); }
}
http://git-wip-us.apache.org/repos/asf/jena/blob/8e661d60/jena-fuseki2/jena-fuseki-access/src/main/java/org/apache/jena/fuseki/access/SecurityContextAllowNone.java
----------------------------------------------------------------------
diff --git a/jena-fuseki2/jena-fuseki-access/src/main/java/org/apache/jena/fuseki/access/SecurityContextAllowNone.java b/jena-fuseki2/jena-fuseki-access/src/main/java/org/apache/jena/fuseki/access/SecurityContextAllowNone.java
index 9cf4f18..ed5defb 100644
--- a/jena-fuseki2/jena-fuseki-access/src/main/java/org/apache/jena/fuseki/access/SecurityContextAllowNone.java
+++ b/jena-fuseki2/jena-fuseki-access/src/main/java/org/apache/jena/fuseki/access/SecurityContextAllowNone.java
@@ -47,7 +47,13 @@ public class SecurityContextAllowNone implements SecurityContext {
public QueryExecution createQueryExecution(Query query, DatasetGraph dsg) {
return QueryExecutionFactory.create(query, new DatasetGraphSink());
}
-
+
@Override
- public Predicate<Quad> predicateQuad() { return q->! Quad.isDefaultGraph(q.getGraph()); }
+ public Predicate<Quad> predicateQuad() { return q -> false ; }
+
+ @Override
+ public void filterTDB(DatasetGraph dsg, QueryExecution qExec) {
+ Predicate<?> pred = tuple->false;
+ qExec.getContext().set(GraphFilter.getContextKey(dsg), pred);
+ }
}
http://git-wip-us.apache.org/repos/asf/jena/blob/8e661d60/jena-fuseki2/jena-fuseki-access/src/main/java/org/apache/jena/fuseki/access/SecurityContextView.java
----------------------------------------------------------------------
diff --git a/jena-fuseki2/jena-fuseki-access/src/main/java/org/apache/jena/fuseki/access/SecurityContextView.java b/jena-fuseki2/jena-fuseki-access/src/main/java/org/apache/jena/fuseki/access/SecurityContextView.java
index 0a16f5b..8660b2c 100644
--- a/jena-fuseki2/jena-fuseki-access/src/main/java/org/apache/jena/fuseki/access/SecurityContextView.java
+++ b/jena-fuseki2/jena-fuseki-access/src/main/java/org/apache/jena/fuseki/access/SecurityContextView.java
@@ -105,9 +105,10 @@ public class SecurityContextView implements SecurityContext {
/**
* Apply a filter suitable for the TDB-backed {@link DatasetGraph}, to the {@link Context} of the
- * {@link QueryExecution}. This does not modify the {@link DatasetGraph}
+ * {@link QueryExecution}. This does not modify the {@link DatasetGraph}.
*/
- /*package*/ void filterTDB(DatasetGraph dsg, QueryExecution qExec) {
+ @Override
+ public void filterTDB(DatasetGraph dsg, QueryExecution qExec) {
GraphFilter<?> predicate = predicate(dsg);
qExec.getContext().set(predicate.getContextKey(), predicate);
}
@@ -137,7 +138,7 @@ public class SecurityContextView implements SecurityContext {
* if not a TDB database, or a {@link DatasetGraphAccessControl} wrapped
* TDB database.
*/
- private GraphFilter<?> predicate(DatasetGraph dsg) {
+ protected GraphFilter<?> predicate(DatasetGraph dsg) {
dsg = DatasetGraphAccessControl.removeWrapper(dsg);
// dsg has to be the database dataset, not wrapped.
// DatasetGraphSwitchable is wrapped but should not be unwrapped.
@@ -148,7 +149,7 @@ public class SecurityContextView implements SecurityContext {
throw new IllegalArgumentException("Not a TDB1 or TDB2 database: "+dsg.getClass().getSimpleName());
}
- private static boolean isAccessControlledTDB(DatasetGraph dsg) {
+ protected static boolean isAccessControlledTDB(DatasetGraph dsg) {
DatasetGraph dsgBase = DatasetGraphAccessControl.unwrapOrNull(dsg);
if ( dsgBase == null )
return false;
http://git-wip-us.apache.org/repos/asf/jena/blob/8e661d60/jena-fuseki2/jena-fuseki-access/src/main/java/org/apache/jena/fuseki/access/Users.java
----------------------------------------------------------------------
diff --git a/jena-fuseki2/jena-fuseki-access/src/main/java/org/apache/jena/fuseki/access/Users.java b/jena-fuseki2/jena-fuseki-access/src/main/java/org/apache/jena/fuseki/access/Users.java
new file mode 100644
index 0000000..62e2bab
--- /dev/null
+++ b/jena-fuseki2/jena-fuseki-access/src/main/java/org/apache/jena/fuseki/access/Users.java
@@ -0,0 +1,35 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.jena.fuseki.access;
+
+public class Users {
+
+
+ /**
+ * Reserved user role name: Name of the user role for any authenticated user of the system.
+ * In the servlet API, this equates to {@code getRemoteUser() != null}.
+ */
+ public static String UserAnyLoggedIn = "*" ;
+
+ /**
+ * Reserved user role name: Name of the user role for any authenticated user of the system
+ * In the servlet API, this includes {@code getRemoteUser() != null}.
+ */
+ public static String UserAny = "_" ;
+}
http://git-wip-us.apache.org/repos/asf/jena/blob/8e661d60/jena-fuseki2/jena-fuseki-access/src/test/java/org/apache/jena/fuseki/access/TS_Access.java
----------------------------------------------------------------------
diff --git a/jena-fuseki2/jena-fuseki-access/src/test/java/org/apache/jena/fuseki/access/TS_Access.java b/jena-fuseki2/jena-fuseki-access/src/test/java/org/apache/jena/fuseki/access/TS_Access.java
index cf719ac..103f75e 100644
--- a/jena-fuseki2/jena-fuseki-access/src/test/java/org/apache/jena/fuseki/access/TS_Access.java
+++ b/jena-fuseki2/jena-fuseki-access/src/test/java/org/apache/jena/fuseki/access/TS_Access.java
@@ -26,7 +26,7 @@ import org.junit.runners.Suite;
// Much of testing can only be done with a running server.
// These integration test are in jena-fuseki-main:org.apache.jena.fuseki.main.access
TestSecurityFilterLocal.class
- , TestServiceRegistry.class
+ , TestSecurityRegistry.class
})
public class TS_Access {
http://git-wip-us.apache.org/repos/asf/jena/blob/8e661d60/jena-fuseki2/jena-fuseki-access/src/test/java/org/apache/jena/fuseki/access/TestSecurityFilterLocal.java
----------------------------------------------------------------------
diff --git a/jena-fuseki2/jena-fuseki-access/src/test/java/org/apache/jena/fuseki/access/TestSecurityFilterLocal.java b/jena-fuseki2/jena-fuseki-access/src/test/java/org/apache/jena/fuseki/access/TestSecurityFilterLocal.java
index b9cbe82..0f9bd11 100644
--- a/jena-fuseki2/jena-fuseki-access/src/test/java/org/apache/jena/fuseki/access/TestSecurityFilterLocal.java
+++ b/jena-fuseki2/jena-fuseki-access/src/test/java/org/apache/jena/fuseki/access/TestSecurityFilterLocal.java
@@ -21,12 +21,7 @@ package org.apache.jena.fuseki.access;
import static org.junit.Assert.assertEquals;
import static org.junit.Assert.assertTrue;
-import java.util.ArrayList;
-import java.util.Arrays;
-import java.util.HashSet;
-import java.util.List;
-import java.util.Objects;
-import java.util.Set;
+import java.util.*;
import java.util.function.Function;
import java.util.stream.Stream;
@@ -104,6 +99,12 @@ public class TestSecurityFilterLocal {
reg.put("user0", new SecurityContextView(Quad.defaultGraphIRI.getURI()));
reg.put("user1", new SecurityContextView("http://test/g1", Quad.defaultGraphIRI.getURI()));
reg.put("user2", new SecurityContextView("http://test/g1", "http://test/g2", "http://test/g3"));
+
+ // and graphs "**", "*"
+ reg.put("*", new SecurityContextView("http://test/g1"));
+ reg.put("_", new SecurityContextView("http://test/g1"));
+
+
testdsg = DataAccessCtl.controlledDataset(dsgBase, reg);
this.applyFilterTDB = applyFilterTDB;
this.applyFilterDSG = ! applyFilterTDB;
@@ -124,8 +125,11 @@ public class TestSecurityFilterLocal {
return
Txn.calculateRead(ds, ()->{
try(QueryExecution qExec = QueryExecutionFactory.create(queryString, ds)) {
+// if ( applyFilterTDB && ! sCxt.equals(SecurityContext.NONE)) {
+// ((SecurityContextView)sCxt).filterTDB(dsg1, qExec);
+// }
if ( applyFilterTDB )
- ((SecurityContextView)sCxt).filterTDB(dsg1, qExec);
+ sCxt.filterTDB(dsg1, qExec);
List<QuerySolution> results = Iter.toList(qExec.execSelect());
Stream<Node> stream = results.stream()
.map(qs->qs.get("s"))
@@ -141,12 +145,15 @@ public class TestSecurityFilterLocal {
? DataAccessCtl.filteredDataset(dsg, sCxt)
: dsg;
Graph graph = graphChoice.apply(dsg1);
+ if ( graph == null )
+ // Can't see the graph.
+ return Collections.emptySet();
Model model = ModelFactory.createModelForGraph(graph);
return
Txn.calculateRead(testdsg, ()->{
try(QueryExecution qExec = QueryExecutionFactory.create(queryString, model)) {
if ( applyFilterTDB )
- ((SecurityContextView)sCxt).filterTDB(dsg1, qExec);
+ sCxt.filterTDB(dsg1, qExec);
List<QuerySolution> results = Iter.toList(qExec.execSelect());
Stream<Node> stream = results.stream().map(qs->qs.get("s")).filter(Objects::nonNull).map(RDFNode::asNode);
return SetUtils.toSet(stream);
@@ -155,6 +162,7 @@ public class TestSecurityFilterLocal {
}
private Set<Node> graphs(DatasetGraph dsg, SecurityContext sCxt) {
+ // Either applyFilterDSG or applyFilterTDB
final DatasetGraph dsg1 = applyFilterDSG
? DataAccessCtl.filteredDataset(dsg, sCxt)
: dsg;
@@ -163,7 +171,7 @@ public class TestSecurityFilterLocal {
Txn.calculateRead(ds, ()->{
try(QueryExecution qExec = QueryExecutionFactory.create(queryGraphNames, ds)) {
if ( applyFilterTDB )
- ((SecurityContextView)sCxt).filterTDB(dsg1, qExec);
+ sCxt.filterTDB(dsg1, qExec);
List<QuerySolution> results = Iter.toList(qExec.execSelect());
Stream<Node> stream = results.stream().map(qs->qs.get("g")).filter(Objects::nonNull).map(RDFNode::asNode);
return SetUtils.toSet(stream);
http://git-wip-us.apache.org/repos/asf/jena/blob/8e661d60/jena-fuseki2/jena-fuseki-access/src/test/java/org/apache/jena/fuseki/access/TestSecurityRegistry.java
----------------------------------------------------------------------
diff --git a/jena-fuseki2/jena-fuseki-access/src/test/java/org/apache/jena/fuseki/access/TestSecurityRegistry.java b/jena-fuseki2/jena-fuseki-access/src/test/java/org/apache/jena/fuseki/access/TestSecurityRegistry.java
new file mode 100644
index 0000000..d6b7c1b
--- /dev/null
+++ b/jena-fuseki2/jena-fuseki-access/src/test/java/org/apache/jena/fuseki/access/TestSecurityRegistry.java
@@ -0,0 +1,82 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.jena.fuseki.access;
+
+import static org.junit.Assert.assertEquals;
+import static org.junit.Assert.assertNotNull;
+
+import org.apache.jena.graph.Node;
+import org.apache.jena.sparql.core.assembler.AssemblerUtils;
+import org.apache.jena.sys.JenaSystem;
+import org.junit.Test;
+
+/** Test parsing of assemblers with security aspects */
+public class TestSecurityRegistry {
+ static { JenaSystem.init(); }
+ static final String DIR = "testing/SecurityRegistry/";
+
+ @Test public void assemblerFile_1() {
+ AuthorizationService authService = (AuthorizationService)AssemblerUtils.build(DIR+"assem-security-registry-1.ttl", VocabSecurity.tSecurityRegistry);
+ assertNotNull(authService);
+ SecurityRegistry sReg = (SecurityRegistry)authService;
+ assertEquals(4, sReg.keys().size());
+ assertEquals(3, sReg.get("user1").visibleGraphs().size());
+ }
+
+ @Test public void assemblerFile_2() {
+ // WIP
+ // user1, all named graphs
+ // user2, all graphs
+ // user3, all named graphs +dft == all graphs
+ // any user, graph1
+ AuthorizationService authService = (AuthorizationService)AssemblerUtils.build(DIR+"assem-security-registry-2.ttl", VocabSecurity.tSecurityRegistry);
+ assertNotNull(authService);
+
+// {
+// SecurityContext sCxt = authService.get("user1");
+// assertEquals(1, sCxt.visibleGraphs().size());
+// Node x = sCxt.visibleGraphs().stream().findFirst().get();
+// assertEquals(SecurityContext.allNamedGraphs, x);
+// }
+//
+// {
+// SecurityContext sCxt = authService.get("user2");
+// assertEquals(1, sCxt.visibleGraphs().size());
+// Node x = sCxt.visibleGraphs().stream().findFirst().get();
+// assertEquals(SecurityContext.allGraphs, x);
+// }
+//
+ {
+ SecurityContext sCxt = authService.get("user3");
+ assertEquals(1, sCxt.visibleGraphs().size());
+ Node x = sCxt.visibleGraphs().stream().findFirst().get();
+ assertEquals(SecurityContext.allGraphs, x);
+ }
+
+ {
+ SecurityContext sCxt = authService.get("*");
+ assertEquals(1, sCxt.visibleGraphs().size());
+ String x = sCxt.visibleGraphNames().stream().findFirst().get();
+ assertEquals("http://host/graphname1", x);
+ }
+
+
+ }
+
+}
http://git-wip-us.apache.org/repos/asf/jena/blob/8e661d60/jena-fuseki2/jena-fuseki-access/src/test/java/org/apache/jena/fuseki/access/TestServiceRegistry.java
----------------------------------------------------------------------
diff --git a/jena-fuseki2/jena-fuseki-access/src/test/java/org/apache/jena/fuseki/access/TestServiceRegistry.java b/jena-fuseki2/jena-fuseki-access/src/test/java/org/apache/jena/fuseki/access/TestServiceRegistry.java
deleted file mode 100644
index ffd12e8..0000000
--- a/jena-fuseki2/jena-fuseki-access/src/test/java/org/apache/jena/fuseki/access/TestServiceRegistry.java
+++ /dev/null
@@ -1,40 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-package org.apache.jena.fuseki.access;
-
-import static org.junit.Assert.assertEquals;
-import static org.junit.Assert.assertNotNull;
-
-import org.apache.jena.sparql.core.assembler.AssemblerUtils;
-import org.apache.jena.sys.JenaSystem;
-import org.junit.Test;
-
-/** Test parsing of assemblers with security aspects */
-public class TestServiceRegistry {
- static { JenaSystem.init(); }
- static final String DIR = "testing/SecurityRegistry/";
-
- @Test public void assemblerFile() {
- AuthorizationService authService = (AuthorizationService)AssemblerUtils.build(DIR+"assem-security-registry.ttl", VocabSecurity.tSecurityRegistry);
- assertNotNull(authService);
- SecurityRegistry sReg = (SecurityRegistry)authService;
- assertEquals(4, sReg.keys().size());
- assertEquals(3, sReg.get("user1").visibleGraphs().size());
- }
-}
http://git-wip-us.apache.org/repos/asf/jena/blob/8e661d60/jena-fuseki2/jena-fuseki-access/testing/SecurityRegistry/assem-security-registry-1.ttl
----------------------------------------------------------------------
diff --git a/jena-fuseki2/jena-fuseki-access/testing/SecurityRegistry/assem-security-registry-1.ttl b/jena-fuseki2/jena-fuseki-access/testing/SecurityRegistry/assem-security-registry-1.ttl
new file mode 100644
index 0000000..da6983a
--- /dev/null
+++ b/jena-fuseki2/jena-fuseki-access/testing/SecurityRegistry/assem-security-registry-1.ttl
@@ -0,0 +1,32 @@
+# Licensed to the Apache Software Foundation (ASF) under one
+# or more contributor license agreements. See the NOTICE file
+# distributed with this work for additional information
+# regarding copyright ownership. The ASF licenses this file
+# to you under the Apache License, Version 2.0 (the
+# "License"); you may not use this file except in compliance
+# with the License. You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+PREFIX : <#>
+PREFIX fuseki: <http://jena.apache.org/fuseki#>
+PREFIX rdf: <http://www.w3.org/1999/02/22-rdf-syntax-ns#>
+PREFIX rdfs: <http://www.w3.org/2000/01/rdf-schema#>
+PREFIX tdb2: <http://jena.apache.org/2016/tdb#>
+PREFIX ja: <http://jena.hpl.hp.com/2005/11/Assembler#>
+PREFIX access: <http://jena.apache.org/access#>
+
+<#securityRegistry> rdf:type access:SecurityRegistry ;
+ access:entry ("user1" <http://host/graphname1> <http://host/graphname2> ) ;
+ access:entry [ access:user "user1" ; access:graphs <http://host/graphname3> ] ;
+ access:entry ("user2" <http://host/graphname9> ) ;
+ access:entry [ access:user "user3" ; access:graphs (<http://host/graphname3> <http://host/graphname4> ) ] ;
+ access:entry [ access:user "user3" ; access:graphs <http://host/graphname5> ] ;
+ access:entry [ access:user "userZ" ; access:graphs <http://host/graphnameZ> ] ;
+ .
http://git-wip-us.apache.org/repos/asf/jena/blob/8e661d60/jena-fuseki2/jena-fuseki-access/testing/SecurityRegistry/assem-security-registry-2.ttl
----------------------------------------------------------------------
diff --git a/jena-fuseki2/jena-fuseki-access/testing/SecurityRegistry/assem-security-registry-2.ttl b/jena-fuseki2/jena-fuseki-access/testing/SecurityRegistry/assem-security-registry-2.ttl
new file mode 100644
index 0000000..a9099ce
--- /dev/null
+++ b/jena-fuseki2/jena-fuseki-access/testing/SecurityRegistry/assem-security-registry-2.ttl
@@ -0,0 +1,34 @@
+# Licensed to the Apache Software Foundation (ASF) under one
+# or more contributor license agreements. See the NOTICE file
+# distributed with this work for additional information
+# regarding copyright ownership. The ASF licenses this file
+# to you under the Apache License, Version 2.0 (the
+# "License"); you may not use this file except in compliance
+# with the License. You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+PREFIX : <#>
+PREFIX fuseki: <http://jena.apache.org/fuseki#>
+PREFIX rdf: <http://www.w3.org/1999/02/22-rdf-syntax-ns#>
+PREFIX rdfs: <http://www.w3.org/2000/01/rdf-schema#>
+PREFIX tdb2: <http://jena.apache.org/2016/tdb#>
+PREFIX ja: <http://jena.hpl.hp.com/2005/11/Assembler#>
+PREFIX access: <http://jena.apache.org/access#>
+
+<#securityRegistry> rdf:type access:SecurityRegistry ;
+ ## user1, all named graphs
+ access:entry ("user1" "*") ;
+ ## user2, all graphs
+ access:entry ("user2" "**") ;
+ ## user3, all graphs, as named + dft.
+ access:entry ("user3" "*" <urn:x-arq:DefaultGraph>) ;
+ ## any user
+ access:entry ("*" <http://host/graphname1> ) ;
+ .
http://git-wip-us.apache.org/repos/asf/jena/blob/8e661d60/jena-fuseki2/jena-fuseki-access/testing/SecurityRegistry/assem-security-registry.ttl
----------------------------------------------------------------------
diff --git a/jena-fuseki2/jena-fuseki-access/testing/SecurityRegistry/assem-security-registry.ttl b/jena-fuseki2/jena-fuseki-access/testing/SecurityRegistry/assem-security-registry.ttl
deleted file mode 100644
index da6983a..0000000
--- a/jena-fuseki2/jena-fuseki-access/testing/SecurityRegistry/assem-security-registry.ttl
+++ /dev/null
@@ -1,32 +0,0 @@
-# Licensed to the Apache Software Foundation (ASF) under one
-# or more contributor license agreements. See the NOTICE file
-# distributed with this work for additional information
-# regarding copyright ownership. The ASF licenses this file
-# to you under the Apache License, Version 2.0 (the
-# "License"); you may not use this file except in compliance
-# with the License. You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-PREFIX : <#>
-PREFIX fuseki: <http://jena.apache.org/fuseki#>
-PREFIX rdf: <http://www.w3.org/1999/02/22-rdf-syntax-ns#>
-PREFIX rdfs: <http://www.w3.org/2000/01/rdf-schema#>
-PREFIX tdb2: <http://jena.apache.org/2016/tdb#>
-PREFIX ja: <http://jena.hpl.hp.com/2005/11/Assembler#>
-PREFIX access: <http://jena.apache.org/access#>
-
-<#securityRegistry> rdf:type access:SecurityRegistry ;
- access:entry ("user1" <http://host/graphname1> <http://host/graphname2> ) ;
- access:entry [ access:user "user1" ; access:graphs <http://host/graphname3> ] ;
- access:entry ("user2" <http://host/graphname9> ) ;
- access:entry [ access:user "user3" ; access:graphs (<http://host/graphname3> <http://host/graphname4> ) ] ;
- access:entry [ access:user "user3" ; access:graphs <http://host/graphname5> ] ;
- access:entry [ access:user "userZ" ; access:graphs <http://host/graphnameZ> ] ;
- .
http://git-wip-us.apache.org/repos/asf/jena/blob/8e661d60/jena-fuseki2/jena-fuseki-main/src/test/java/org/apache/jena/fuseki/main/access/AbstractTestFusekiSecurityAssembler.java
----------------------------------------------------------------------
diff --git a/jena-fuseki2/jena-fuseki-main/src/test/java/org/apache/jena/fuseki/main/access/AbstractTestFusekiSecurityAssembler.java b/jena-fuseki2/jena-fuseki-main/src/test/java/org/apache/jena/fuseki/main/access/AbstractTestFusekiSecurityAssembler.java
new file mode 100644
index 0000000..7369c4f
--- /dev/null
+++ b/jena-fuseki2/jena-fuseki-main/src/test/java/org/apache/jena/fuseki/main/access/AbstractTestFusekiSecurityAssembler.java
@@ -0,0 +1,323 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.jena.fuseki.main.access;
+
+import static org.apache.jena.fuseki.main.access.AccessTestLib.assertSeen;
+import static org.junit.Assert.assertEquals;
+import static org.junit.Assert.fail;
+
+import java.util.HashSet;
+import java.util.List;
+import java.util.Objects;
+import java.util.Set;
+import java.util.concurrent.atomic.AtomicReference;
+
+import org.apache.jena.atlas.iterator.Iter;
+import org.apache.jena.atlas.lib.SetUtils;
+import org.apache.jena.atlas.lib.StrUtils;
+import org.apache.jena.atlas.web.HttpException;
+import org.apache.jena.fuseki.main.FusekiLib;
+import org.apache.jena.fuseki.main.FusekiServer;
+import org.apache.jena.fuseki.system.FusekiNetLib;
+import org.apache.jena.graph.Node;
+import org.apache.jena.query.Dataset;
+import org.apache.jena.query.QuerySolution;
+import org.apache.jena.rdf.model.Model;
+import org.apache.jena.rdf.model.RDFNode;
+import org.apache.jena.rdf.model.Resource;
+import org.apache.jena.rdfconnection.RDFConnection;
+import org.apache.jena.rdfconnection.RDFConnectionFactory;
+import org.apache.jena.sparql.core.DatasetGraph;
+import org.apache.jena.sparql.core.Quad;
+import org.apache.jena.sparql.sse.SSE;
+import org.apache.jena.sys.JenaSystem;
+import org.apache.jena.system.Txn;
+import org.junit.AfterClass;
+import org.junit.Before;
+import org.junit.Test;
+
+/**
+ * Test on the assembler for data access control.
+ * <ul>
+ * <li>assem-security.ttl - two services "/database" and "/plain" each with their own dataset.
+ * <li>assem-security-shared.ttl - two services "/database" and "/plain" with a shared dataset.
+ * </ul>
+ *
+ * @see TestSecurityFilterFuseki TestSecurityFilterFuseki for other HTTP tests.
+ */
+
+public abstract class AbstractTestFusekiSecurityAssembler {
+ static { JenaSystem.init(); }
+ static final String DIR = "testing/Access/";
+
+ private final String assemblerFile;
+ private static AtomicReference<String> user = new AtomicReference<>();
+
+ private boolean sharedDatabase;
+
+ // Parameterized tests don't provide a convenient way to run code at the start and end of each parameter run and access the parameters.
+ private static FusekiServer server;
+ private FusekiServer getServer() {
+ if ( server == null )
+ server = setup(assemblerFile, false);
+ return server;
+ }
+ @AfterClass public static void afterClass() {
+ server.stop();
+ server = null;
+ user.set(null);
+ }
+
+ @Before
+ public void before() {
+ user.set(null);
+ }
+
+ private String getURL() {
+ getServer();
+ int port = server.getPort();
+ return "http://localhost:"+port+"/database";
+ }
+
+ private static FusekiServer setup(String assembler, boolean sharedDatabase) {
+ int port = FusekiNetLib.choosePort();
+
+ FusekiServer server = FusekiServer.create()
+ .port(port)
+ .parseConfigFile(assembler)
+ .build();
+ // Special way to get the servelty remote user (the authorized principle).
+ FusekiLib.modifyForAccessCtl(server, (a)->user.get());
+ server.start();
+
+ if ( sharedDatabase ) {
+ String data = StrUtils.strjoinNL
+ ("PREFIX : <http://example/>"
+ ,"INSERT DATA {"
+ ," :s0 :p :o ."
+ ," GRAPH <http://host/graphname1> {:s1 :p :o}"
+ ," GRAPH <http://host/graphname3> {:s3 :p :o}"
+ ," GRAPH <http://host/graphname9> {:s9 :p :o}"
+ ,"}"
+ );
+ String plainUrl = "http://localhost:"+server.getPort()+"/plain";
+ try(RDFConnection conn = RDFConnectionFactory.connect(plainUrl)) {
+ conn.update(data);
+ }
+ } else {
+ DatasetGraph dsg = server.getDataAccessPointRegistry().get("/database").getDataService().getDataset();
+ Txn.executeWrite(dsg, ()->{
+ dsg.add(SSE.parseQuad("(<http://host/graphname1> :s1 :p :o)"));
+ dsg.add(SSE.parseQuad("(<http://host/graphname3> :s3 :p :o)"));
+ dsg.add(SSE.parseQuad("(<http://host/graphname9> :s9 :p :o)"));
+ });
+ }
+ return server;
+ }
+
+ protected AbstractTestFusekiSecurityAssembler(String assemberFile, boolean sharedDatabase) {
+ this.assemblerFile = assemberFile;
+ this.sharedDatabase = sharedDatabase ;
+ }
+
+ private static Node s1 = SSE.parseNode(":s1");
+ private static Node s2 = SSE.parseNode(":s2");
+ private static Node s3 = SSE.parseNode(":s3");
+ private static Node s9 = SSE.parseNode(":s9");
+
+ // The access controlled dataset.
+
+// { SecurityRegistry
+// user1 -> dft:false / [http://host/graphname2, http://host/graphname1, http://host/graphname3]
+// user2 -> dft:false / [http://host/graphname9]
+// userZ -> dft:false / [http://host/graphnameZ]
+// user3 -> dft:false / [http://host/graphname4, http://host/graphname3, http://host/graphname5]
+// }
+
+
+ @Test public void query_user1() {
+ user.set("user1");
+ try(RDFConnection conn = RDFConnectionFactory.connect(getURL())) {
+ Set<Node> visible = query(conn, "SELECT * { GRAPH ?g { ?s ?p ?o }}");
+ assertSeen(visible, s1, s3);
+ }
+ }
+
+ @Test public void query_userX() {
+ user.set("userX"); // No such user in the registry
+ try(RDFConnection conn = RDFConnectionFactory.connect(getURL())) {
+ Set<Node> visible = query(conn, "SELECT * { GRAPH ?g { ?s ?p ?o }}");
+ assertSeen(visible);
+ }
+ }
+
+ @Test public void query_no_user() {
+ user.set(null); // No user.
+ try(RDFConnection conn = RDFConnectionFactory.connect(getURL())) {
+ Set<Node> visible = query(conn, "SELECT * { GRAPH ?g { ?s ?p ?o }}");
+ assertSeen(visible);
+ }
+ }
+
+ @Test public void query_user2() {
+ user.set("user2");
+ try(RDFConnection conn = RDFConnectionFactory.connect(getURL())) {
+ Set<Node> visible = query(conn, "SELECT * { GRAPH ?g { ?s ?p ?o }}");
+ assertSeen(visible, s9);
+ }
+ }
+
+ @Test public void query_userZ() {
+ user.set("userZ"); // No graphs with data.
+ try(RDFConnection conn = RDFConnectionFactory.connect(getURL())) {
+ Set<Node> visible = query(conn, "SELECT * { GRAPH ?g { ?s ?p ?o }}");
+ assertSeen(visible);
+ }
+ }
+
+ // GSP. "http://host/graphname1"
+ @Test public void gsp_dft_user1() {
+ user.set("user1");
+ try(RDFConnection conn = RDFConnectionFactory.connect(getURL())) {
+ Set<Node> visible = gsp(conn, null);
+ assertSeen(visible);
+ }
+ }
+
+ @Test public void gsp_ng_user1() {
+ user.set("user1");
+ try(RDFConnection conn = RDFConnectionFactory.connect(getURL())) {
+ Set<Node> visible = gsp(conn, "http://host/graphname1");
+ assertSeen(visible, s1);
+ }
+ }
+
+ @Test public void gsp_dft_user2() {
+ user.set("user2");
+ try(RDFConnection conn = RDFConnectionFactory.connect(getURL())) {
+ gsp404(conn, null);
+ }
+ }
+
+ @Test public void gsp_ng_user2() {
+ user.set("user2");
+ try(RDFConnection conn = RDFConnectionFactory.connect(getURL())) {
+ gsp404(conn, "http://host/graphname1");
+ }
+ }
+
+ @Test public void gsp_dft_userX() {
+ user.set("userX");
+ try(RDFConnection conn = RDFConnectionFactory.connect(getURL())) {
+ gsp404(conn, null);
+ }
+ }
+
+ @Test public void gsp_ng_userX() {
+ user.set("userX");
+ try(RDFConnection conn = RDFConnectionFactory.connect(getURL())) {
+ gsp404(conn, "http://host/graphname1");
+ }
+ }
+
+ @Test public void gsp_dft_user_null() {
+ user.set(null);
+ try(RDFConnection conn = RDFConnectionFactory.connect(getURL())) {
+ gsp404(conn, null);
+ }
+ }
+
+ @Test public void gsp_ng_user_null() {
+ try(RDFConnection conn = RDFConnectionFactory.connect(getURL())) {
+ gsp404(conn, "http://host/graphname1");
+ }
+ }
+
+// // Quads
+// user.set("user1");
+// try(RDFConnection conn = RDFConnectionFactory.connect(getURL())) {
+// Set<Node> visible = dataset(conn);
+// assertSeen(visible, s1, s3);
+// }
+// user.set("user2");
+// try(RDFConnection conn = RDFConnectionFactory.connect(getURL())) {
+// Set<Node> visible = dataset(conn);
+// assertSeen(visible, s9);
+// }
+// user.set("userX");
+// try(RDFConnection conn = RDFConnectionFactory.connect(getURL())) {
+// Set<Node> visible = dataset(conn);
+// assertSeen(visible);
+// }
+// user.set(null);
+// try(RDFConnection conn = RDFConnectionFactory.connect(getURL())) {
+// Set<Node> visible = dataset(conn);
+// assertSeen(visible);
+// }
+
+
+ private Set<Node> gsp(RDFConnection conn, String graphName) {
+ Set<Node> results = new HashSet<>();
+ Model model = graphName == null ? conn.fetch() : conn.fetch(graphName);
+ // Extract subjects.
+ Set<Node> seen =
+ SetUtils.toSet(
+ Iter.asStream(model.listSubjects())
+ .map(Resource::asNode)
+ );
+ return seen;
+ }
+
+ private void gsp404(RDFConnection conn, String graphName) {
+ gspHttp(conn, 404, graphName);
+ }
+
+ private void gspHttp(RDFConnection conn, int statusCode, String graphName) {
+ try {
+ gsp(conn, graphName);
+ if ( statusCode < 200 && statusCode > 299 )
+ fail("Should have responded with "+statusCode);
+ } catch (HttpException ex) {
+ assertEquals(statusCode, ex.getResponseCode());
+ }
+ }
+
+ private Set<Node> dataset(RDFConnection conn) {
+ Dataset ds = conn.fetchDataset();
+ Set<Node> seen =
+ SetUtils.toSet(
+ Iter.asStream(ds.asDatasetGraph().find())
+ .map(Quad::getSubject)
+ );
+ return seen;
+ }
+
+ private Set<Node> query(RDFConnection conn, String queryString) {
+ Set<Node> results = new HashSet<>();
+ conn.queryResultSet(queryString, rs->{
+ List<QuerySolution> list = Iter.toList(rs);
+ list.stream()
+ .map(qs->qs.get("s"))
+ .filter(Objects::nonNull)
+ .map(RDFNode::asNode)
+ .forEach(n->results.add(n));
+ });
+ return results;
+ }
+}
http://git-wip-us.apache.org/repos/asf/jena/blob/8e661d60/jena-fuseki2/jena-fuseki-main/src/test/java/org/apache/jena/fuseki/main/access/AbstractTestGraphSecurityAssembler.java
----------------------------------------------------------------------
diff --git a/jena-fuseki2/jena-fuseki-main/src/test/java/org/apache/jena/fuseki/main/access/AbstractTestGraphSecurityAssembler.java b/jena-fuseki2/jena-fuseki-main/src/test/java/org/apache/jena/fuseki/main/access/AbstractTestGraphSecurityAssembler.java
deleted file mode 100644
index 48382a0..0000000
--- a/jena-fuseki2/jena-fuseki-main/src/test/java/org/apache/jena/fuseki/main/access/AbstractTestGraphSecurityAssembler.java
+++ /dev/null
@@ -1,323 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-package org.apache.jena.fuseki.main.access;
-
-import static org.apache.jena.fuseki.main.access.AccessTestLib.assertSeen;
-import static org.junit.Assert.assertEquals;
-import static org.junit.Assert.fail;
-
-import java.util.HashSet;
-import java.util.List;
-import java.util.Objects;
-import java.util.Set;
-import java.util.concurrent.atomic.AtomicReference;
-
-import org.apache.jena.atlas.iterator.Iter;
-import org.apache.jena.atlas.lib.SetUtils;
-import org.apache.jena.atlas.lib.StrUtils;
-import org.apache.jena.atlas.web.HttpException;
-import org.apache.jena.fuseki.main.FusekiLib;
-import org.apache.jena.fuseki.main.FusekiServer;
-import org.apache.jena.fuseki.system.FusekiNetLib;
-import org.apache.jena.graph.Node;
-import org.apache.jena.query.Dataset;
-import org.apache.jena.query.QuerySolution;
-import org.apache.jena.rdf.model.Model;
-import org.apache.jena.rdf.model.RDFNode;
-import org.apache.jena.rdf.model.Resource;
-import org.apache.jena.rdfconnection.RDFConnection;
-import org.apache.jena.rdfconnection.RDFConnectionFactory;
-import org.apache.jena.sparql.core.DatasetGraph;
-import org.apache.jena.sparql.core.Quad;
-import org.apache.jena.sparql.sse.SSE;
-import org.apache.jena.sys.JenaSystem;
-import org.apache.jena.system.Txn;
-import org.junit.AfterClass;
-import org.junit.Before;
-import org.junit.Test;
-
-/**
- * Test on the assembler for data access control.
- * <ul>
- * <li>assem-security.ttl - two services "/database" and "/plain" each with their own dataset.
- * <li>assem-security-shared.ttl - two services "/database" and "/plain" with a shared dataset.
- * </ul>
- *
- * @see TestSecurityFilterFuseki TestSecurityFilterFuseki for other HTTP tests.
- */
-
-public abstract class AbstractTestGraphSecurityAssembler {
- static { JenaSystem.init(); }
- static final String DIR = "testing/Access/";
-
- private final String assemblerFile;
- private static AtomicReference<String> user = new AtomicReference<>();
-
- private boolean sharedDatabase;
-
- // Parameterized tests don't provide a convenient way to run code at the start and end of each parameter run and access the parameters.
- private static FusekiServer server;
- private FusekiServer getServer() {
- if ( server == null )
- server = setup(assemblerFile, false);
- return server;
- }
- @AfterClass public static void afterClass() {
- server.stop();
- server = null;
- user.set(null);
- }
-
- @Before
- public void before() {
- user.set(null);
- }
-
- private String getURL() {
- getServer();
- int port = server.getPort();
- return "http://localhost:"+port+"/database";
- }
-
- private static FusekiServer setup(String assembler, boolean sharedDatabase) {
- int port = FusekiNetLib.choosePort();
-
- FusekiServer server = FusekiServer.create()
- .port(port)
- .parseConfigFile(assembler)
- .build();
- // Special way to get the servelty remote user (the authorized principle).
- FusekiLib.modifyForAccessCtl(server, (a)->user.get());
- server.start();
-
- if ( sharedDatabase ) {
- String data = StrUtils.strjoinNL
- ("PREFIX : <http://example/>"
- ,"INSERT DATA {"
- ," :s0 :p :o ."
- ," GRAPH <http://host/graphname1> {:s1 :p :o}"
- ," GRAPH <http://host/graphname3> {:s3 :p :o}"
- ," GRAPH <http://host/graphname9> {:s9 :p :o}"
- ,"}"
- );
- String plainUrl = "http://localhost:"+server.getPort()+"/plain";
- try(RDFConnection conn = RDFConnectionFactory.connect(plainUrl)) {
- conn.update(data);
- }
- } else {
- DatasetGraph dsg = server.getDataAccessPointRegistry().get("/database").getDataService().getDataset();
- Txn.executeWrite(dsg, ()->{
- dsg.add(SSE.parseQuad("(<http://host/graphname1> :s1 :p :o)"));
- dsg.add(SSE.parseQuad("(<http://host/graphname3> :s3 :p :o)"));
- dsg.add(SSE.parseQuad("(<http://host/graphname9> :s9 :p :o)"));
- });
- }
- return server;
- }
-
- protected AbstractTestGraphSecurityAssembler(String assemberFile, boolean sharedDatabase) {
- this.assemblerFile = assemberFile;
- this.sharedDatabase = sharedDatabase ;
- }
-
- private static Node s1 = SSE.parseNode(":s1");
- private static Node s2 = SSE.parseNode(":s2");
- private static Node s3 = SSE.parseNode(":s3");
- private static Node s9 = SSE.parseNode(":s9");
-
- // The access controlled dataset.
-
-// { SecurityRegistry
-// user1 -> dft:false / [http://host/graphname2, http://host/graphname1, http://host/graphname3]
-// user2 -> dft:false / [http://host/graphname9]
-// userZ -> dft:false / [http://host/graphnameZ]
-// user3 -> dft:false / [http://host/graphname4, http://host/graphname3, http://host/graphname5]
-// }
-
-
- @Test public void query_user1() {
- user.set("user1");
- try(RDFConnection conn = RDFConnectionFactory.connect(getURL())) {
- Set<Node> visible = query(conn, "SELECT * { GRAPH ?g { ?s ?p ?o }}");
- assertSeen(visible, s1, s3);
- }
- }
-
- @Test public void query_userX() {
- user.set("userX"); // No such user in the registry
- try(RDFConnection conn = RDFConnectionFactory.connect(getURL())) {
- Set<Node> visible = query(conn, "SELECT * { GRAPH ?g { ?s ?p ?o }}");
- assertSeen(visible);
- }
- }
-
- @Test public void query_no_user() {
- user.set(null); // No user.
- try(RDFConnection conn = RDFConnectionFactory.connect(getURL())) {
- Set<Node> visible = query(conn, "SELECT * { GRAPH ?g { ?s ?p ?o }}");
- assertSeen(visible);
- }
- }
-
- @Test public void query_user2() {
- user.set("user2");
- try(RDFConnection conn = RDFConnectionFactory.connect(getURL())) {
- Set<Node> visible = query(conn, "SELECT * { GRAPH ?g { ?s ?p ?o }}");
- assertSeen(visible, s9);
- }
- }
-
- @Test public void query_userZ() {
- user.set("userZ"); // No graphs with data.
- try(RDFConnection conn = RDFConnectionFactory.connect(getURL())) {
- Set<Node> visible = query(conn, "SELECT * { GRAPH ?g { ?s ?p ?o }}");
- assertSeen(visible);
- }
- }
-
- // GSP. "http://host/graphname1"
- @Test public void gsp_dft_user1() {
- user.set("user1");
- try(RDFConnection conn = RDFConnectionFactory.connect(getURL())) {
- Set<Node> visible = gsp(conn, null);
- assertSeen(visible);
- }
- }
-
- @Test public void gsp_ng_user1() {
- user.set("user1");
- try(RDFConnection conn = RDFConnectionFactory.connect(getURL())) {
- Set<Node> visible = gsp(conn, "http://host/graphname1");
- assertSeen(visible, s1);
- }
- }
-
- @Test public void gsp_dft_user2() {
- user.set("user2");
- try(RDFConnection conn = RDFConnectionFactory.connect(getURL())) {
- gsp404(conn, null);
- }
- }
-
- @Test public void gsp_ng_user2() {
- user.set("user2");
- try(RDFConnection conn = RDFConnectionFactory.connect(getURL())) {
- gsp404(conn, "http://host/graphname1");
- }
- }
-
- @Test public void gsp_dft_userX() {
- user.set("userX");
- try(RDFConnection conn = RDFConnectionFactory.connect(getURL())) {
- gsp404(conn, null);
- }
- }
-
- @Test public void gsp_ng_userX() {
- user.set("userX");
- try(RDFConnection conn = RDFConnectionFactory.connect(getURL())) {
- gsp404(conn, "http://host/graphname1");
- }
- }
-
- @Test public void gsp_dft_user_null() {
- user.set(null);
- try(RDFConnection conn = RDFConnectionFactory.connect(getURL())) {
- gsp404(conn, null);
- }
- }
-
- @Test public void gsp_ng_user_null() {
- try(RDFConnection conn = RDFConnectionFactory.connect(getURL())) {
- gsp404(conn, "http://host/graphname1");
- }
- }
-
-// // Quads
-// user.set("user1");
-// try(RDFConnection conn = RDFConnectionFactory.connect(getURL())) {
-// Set<Node> visible = dataset(conn);
-// assertSeen(visible, s1, s3);
-// }
-// user.set("user2");
-// try(RDFConnection conn = RDFConnectionFactory.connect(getURL())) {
-// Set<Node> visible = dataset(conn);
-// assertSeen(visible, s9);
-// }
-// user.set("userX");
-// try(RDFConnection conn = RDFConnectionFactory.connect(getURL())) {
-// Set<Node> visible = dataset(conn);
-// assertSeen(visible);
-// }
-// user.set(null);
-// try(RDFConnection conn = RDFConnectionFactory.connect(getURL())) {
-// Set<Node> visible = dataset(conn);
-// assertSeen(visible);
-// }
-
-
- private Set<Node> gsp(RDFConnection conn, String graphName) {
- Set<Node> results = new HashSet<>();
- Model model = graphName == null ? conn.fetch() : conn.fetch(graphName);
- // Extract subjects.
- Set<Node> seen =
- SetUtils.toSet(
- Iter.asStream(model.listSubjects())
- .map(Resource::asNode)
- );
- return seen;
- }
-
- private void gsp404(RDFConnection conn, String graphName) {
- gspHttp(conn, 404, graphName);
- }
-
- private void gspHttp(RDFConnection conn, int statusCode, String graphName) {
- try {
- gsp(conn, graphName);
- if ( statusCode < 200 && statusCode > 299 )
- fail("Should have responded with "+statusCode);
- } catch (HttpException ex) {
- assertEquals(statusCode, ex.getResponseCode());
- }
- }
-
- private Set<Node> dataset(RDFConnection conn) {
- Dataset ds = conn.fetchDataset();
- Set<Node> seen =
- SetUtils.toSet(
- Iter.asStream(ds.asDatasetGraph().find())
- .map(Quad::getSubject)
- );
- return seen;
- }
-
- private Set<Node> query(RDFConnection conn, String queryString) {
- Set<Node> results = new HashSet<>();
- conn.queryResultSet(queryString, rs->{
- List<QuerySolution> list = Iter.toList(rs);
- list.stream()
- .map(qs->qs.get("s"))
- .filter(Objects::nonNull)
- .map(RDFNode::asNode)
- .forEach(n->results.add(n));
- });
- return results;
- }
-}
http://git-wip-us.apache.org/repos/asf/jena/blob/8e661d60/jena-fuseki2/jena-fuseki-main/src/test/java/org/apache/jena/fuseki/main/access/TS_SecurityFuseki.java
----------------------------------------------------------------------
diff --git a/jena-fuseki2/jena-fuseki-main/src/test/java/org/apache/jena/fuseki/main/access/TS_SecurityFuseki.java b/jena-fuseki2/jena-fuseki-main/src/test/java/org/apache/jena/fuseki/main/access/TS_SecurityFuseki.java
index 6f4d2b7..d34023c 100644
--- a/jena-fuseki2/jena-fuseki-main/src/test/java/org/apache/jena/fuseki/main/access/TS_SecurityFuseki.java
+++ b/jena-fuseki2/jena-fuseki-main/src/test/java/org/apache/jena/fuseki/main/access/TS_SecurityFuseki.java
@@ -28,8 +28,8 @@ import org.junit.runners.Suite;
@Suite.SuiteClasses( {
TestAuthorizedRequest.class
, TestSecurityFilterFuseki.class
- , TestGraphSecurityAssemblerSeparate.class
- , TestGraphSecurityAssemblerShared.class
+ , TestFusekiSecurityAssemblerSeparate.class
+ , TestFusekiSecurityAssemblerShared.class
, TestPasswordServer.class
, TestPasswordServices.class
http://git-wip-us.apache.org/repos/asf/jena/blob/8e661d60/jena-fuseki2/jena-fuseki-main/src/test/java/org/apache/jena/fuseki/main/access/TestFusekiSecurityAssemblerSeparate.java
----------------------------------------------------------------------
diff --git a/jena-fuseki2/jena-fuseki-main/src/test/java/org/apache/jena/fuseki/main/access/TestFusekiSecurityAssemblerSeparate.java b/jena-fuseki2/jena-fuseki-main/src/test/java/org/apache/jena/fuseki/main/access/TestFusekiSecurityAssemblerSeparate.java
new file mode 100644
index 0000000..ed2b80f
--- /dev/null
+++ b/jena-fuseki2/jena-fuseki-main/src/test/java/org/apache/jena/fuseki/main/access/TestFusekiSecurityAssemblerSeparate.java
@@ -0,0 +1,26 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.jena.fuseki.main.access;
+
+public class TestFusekiSecurityAssemblerSeparate extends AbstractTestFusekiSecurityAssembler {
+
+ public TestFusekiSecurityAssemblerSeparate() {
+ super(DIR+"assem-security.ttl", false);
+ }
+}
http://git-wip-us.apache.org/repos/asf/jena/blob/8e661d60/jena-fuseki2/jena-fuseki-main/src/test/java/org/apache/jena/fuseki/main/access/TestFusekiSecurityAssemblerShared.java
----------------------------------------------------------------------
diff --git a/jena-fuseki2/jena-fuseki-main/src/test/java/org/apache/jena/fuseki/main/access/TestFusekiSecurityAssemblerShared.java b/jena-fuseki2/jena-fuseki-main/src/test/java/org/apache/jena/fuseki/main/access/TestFusekiSecurityAssemblerShared.java
new file mode 100644
index 0000000..4163e7d
--- /dev/null
+++ b/jena-fuseki2/jena-fuseki-main/src/test/java/org/apache/jena/fuseki/main/access/TestFusekiSecurityAssemblerShared.java
@@ -0,0 +1,26 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.jena.fuseki.main.access;
+
+public class TestFusekiSecurityAssemblerShared extends AbstractTestFusekiSecurityAssembler {
+
+ public TestFusekiSecurityAssemblerShared() {
+ super(DIR+"assem-security-shared.ttl", true);
+ }
+}
http://git-wip-us.apache.org/repos/asf/jena/blob/8e661d60/jena-fuseki2/jena-fuseki-main/src/test/java/org/apache/jena/fuseki/main/access/TestGraphSecurityAssemblerSeparate.java
----------------------------------------------------------------------
diff --git a/jena-fuseki2/jena-fuseki-main/src/test/java/org/apache/jena/fuseki/main/access/TestGraphSecurityAssemblerSeparate.java b/jena-fuseki2/jena-fuseki-main/src/test/java/org/apache/jena/fuseki/main/access/TestGraphSecurityAssemblerSeparate.java
deleted file mode 100644
index 7106bf4..0000000
--- a/jena-fuseki2/jena-fuseki-main/src/test/java/org/apache/jena/fuseki/main/access/TestGraphSecurityAssemblerSeparate.java
+++ /dev/null
@@ -1,26 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-package org.apache.jena.fuseki.main.access;
-
-public class TestGraphSecurityAssemblerSeparate extends AbstractTestGraphSecurityAssembler {
-
- public TestGraphSecurityAssemblerSeparate() {
- super(DIR+"assem-security.ttl", false);
- }
-}
http://git-wip-us.apache.org/repos/asf/jena/blob/8e661d60/jena-fuseki2/jena-fuseki-main/src/test/java/org/apache/jena/fuseki/main/access/TestGraphSecurityAssemblerShared.java
----------------------------------------------------------------------
diff --git a/jena-fuseki2/jena-fuseki-main/src/test/java/org/apache/jena/fuseki/main/access/TestGraphSecurityAssemblerShared.java b/jena-fuseki2/jena-fuseki-main/src/test/java/org/apache/jena/fuseki/main/access/TestGraphSecurityAssemblerShared.java
deleted file mode 100644
index 44bec47..0000000
--- a/jena-fuseki2/jena-fuseki-main/src/test/java/org/apache/jena/fuseki/main/access/TestGraphSecurityAssemblerShared.java
+++ /dev/null
@@ -1,26 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-package org.apache.jena.fuseki.main.access;
-
-public class TestGraphSecurityAssemblerShared extends AbstractTestGraphSecurityAssembler {
-
- public TestGraphSecurityAssemblerShared() {
- super(DIR+"assem-security-shared.ttl", true);
- }
-}
http://git-wip-us.apache.org/repos/asf/jena/blob/8e661d60/jena-fuseki2/jena-fuseki-main/src/test/java/org/apache/jena/fuseki/main/access/TestPasswordServer.java
----------------------------------------------------------------------
diff --git a/jena-fuseki2/jena-fuseki-main/src/test/java/org/apache/jena/fuseki/main/access/TestPasswordServer.java b/jena-fuseki2/jena-fuseki-main/src/test/java/org/apache/jena/fuseki/main/access/TestPasswordServer.java
index 89c359a..d24c701 100644
--- a/jena-fuseki2/jena-fuseki-main/src/test/java/org/apache/jena/fuseki/main/access/TestPasswordServer.java
+++ b/jena-fuseki2/jena-fuseki-main/src/test/java/org/apache/jena/fuseki/main/access/TestPasswordServer.java
@@ -24,14 +24,14 @@ import org.apache.http.client.HttpClient;
import org.apache.jena.atlas.web.HttpException;
import org.apache.jena.atlas.web.TypedInputStream;
import org.apache.jena.atlas.web.WebLib;
-import org.apache.jena.fuseki.access.AuthSetup;
-import org.apache.jena.fuseki.access.LibSec;
import org.apache.jena.fuseki.jetty.JettyLib;
import org.apache.jena.fuseki.main.FusekiServer;
+import org.apache.jena.rdfconnection.LibSec;
import org.apache.jena.rdfconnection.RDFConnection;
import org.apache.jena.rdfconnection.RDFConnectionRemote;
import org.apache.jena.riot.web.HttpOp;
import org.apache.jena.sparql.engine.http.QueryExceptionHTTP;
+import org.apache.jena.web.AuthSetup;
import org.apache.jena.web.HttpSC;
import org.eclipse.jetty.security.ConstraintSecurityHandler;
import org.eclipse.jetty.security.UserStore;
http://git-wip-us.apache.org/repos/asf/jena/blob/8e661d60/jena-fuseki2/jena-fuseki-main/src/test/java/org/apache/jena/fuseki/main/access/TestPasswordServices.java
----------------------------------------------------------------------
diff --git a/jena-fuseki2/jena-fuseki-main/src/test/java/org/apache/jena/fuseki/main/access/TestPasswordServices.java b/jena-fuseki2/jena-fuseki-main/src/test/java/org/apache/jena/fuseki/main/access/TestPasswordServices.java
index 071fc8d..0b1e4cf 100644
--- a/jena-fuseki2/jena-fuseki-main/src/test/java/org/apache/jena/fuseki/main/access/TestPasswordServices.java
+++ b/jena-fuseki2/jena-fuseki-main/src/test/java/org/apache/jena/fuseki/main/access/TestPasswordServices.java
@@ -27,18 +27,18 @@ import org.apache.jena.atlas.logging.LogCtl;
import org.apache.jena.atlas.web.HttpException;
import org.apache.jena.atlas.web.TypedInputStream;
import org.apache.jena.atlas.web.WebLib;
-import org.apache.jena.fuseki.access.AuthSetup;
-import org.apache.jena.fuseki.access.LibSec;
import org.apache.jena.fuseki.build.FusekiBuilder;
import org.apache.jena.fuseki.build.RequestAuthorization;
import org.apache.jena.fuseki.jetty.JettyLib;
import org.apache.jena.fuseki.main.FusekiServer;
import org.apache.jena.fuseki.server.DataService;
import org.apache.jena.query.DatasetFactory;
+import org.apache.jena.rdfconnection.LibSec;
import org.apache.jena.riot.web.HttpCaptureResponse;
import org.apache.jena.riot.web.HttpOp;
import org.apache.jena.riot.web.HttpOp.CaptureInput;
import org.apache.jena.sparql.core.DatasetGraphFactory;
+import org.apache.jena.web.AuthSetup;
import org.apache.jena.web.HttpSC;
import org.eclipse.jetty.security.ConstraintSecurityHandler;
import org.eclipse.jetty.security.UserStore;