You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@clerezza.apache.org by re...@apache.org on 2010/07/15 16:40:52 UTC
svn commit: r964446 -
/incubator/clerezza/issues/CLEREZZA-253/org.apache.clerezza.rdf.core/src/main/java/org/apache/clerezza/rdf/core/access/security/TcAccessController.java
Author: reto
Date: Thu Jul 15 14:40:51 2010
New Revision: 964446
URL: http://svn.apache.org/viewvc?rev=964446&view=rev
Log:
CLEREZZA-253: added readwrite support
Modified:
incubator/clerezza/issues/CLEREZZA-253/org.apache.clerezza.rdf.core/src/main/java/org/apache/clerezza/rdf/core/access/security/TcAccessController.java
Modified: incubator/clerezza/issues/CLEREZZA-253/org.apache.clerezza.rdf.core/src/main/java/org/apache/clerezza/rdf/core/access/security/TcAccessController.java
URL: http://svn.apache.org/viewvc/incubator/clerezza/issues/CLEREZZA-253/org.apache.clerezza.rdf.core/src/main/java/org/apache/clerezza/rdf/core/access/security/TcAccessController.java?rev=964446&r1=964445&r2=964446&view=diff
==============================================================================
--- incubator/clerezza/issues/CLEREZZA-253/org.apache.clerezza.rdf.core/src/main/java/org/apache/clerezza/rdf/core/access/security/TcAccessController.java (original)
+++ incubator/clerezza/issues/CLEREZZA-253/org.apache.clerezza.rdf.core/src/main/java/org/apache/clerezza/rdf/core/access/security/TcAccessController.java Thu Jul 15 14:40:51 2010
@@ -59,6 +59,7 @@ public class TcAccessController {
//we can't rely on ontology plugin in rdf core
private String ontologyNamespace = "http://clerezza.apache.org/2010/07/10/graphpermssions#";
private final UriRef readPermissionListProperty = new UriRef(ontologyNamespace + "readPermissionList");
+ private final UriRef readWritePermissionListProperty = new UriRef(ontologyNamespace + "readWritePermissionList");
/**
* The first item in the subject RDF list.
*/
@@ -68,7 +69,9 @@ public class TcAccessController {
*/
public static final UriRef rest = new UriRef("http://www.w3.org/1999/02/22-rdf-syntax-ns#rest");
public static final UriRef rdfNil = new UriRef("http://www.w3.org/1999/02/22-rdf-syntax-ns#nil");
- private final Map<UriRef, Collection<Permission>> permissionCache =
+ private final Map<UriRef, Collection<Permission>> readPermissionCache =
+ Collections.synchronizedMap(new HashMap<UriRef, Collection<Permission>>());
+ private final Map<UriRef, Collection<Permission>> readWritePermissionCache =
Collections.synchronizedMap(new HashMap<UriRef, Collection<Permission>>());
/**
@@ -102,13 +105,25 @@ public class TcAccessController {
public void checkReadWritePermission(UriRef tripleCollectionUri) {
SecurityManager security = System.getSecurityManager();
if (security != null) {
- AccessController.checkPermission(new TcPermission(
- tripleCollectionUri.getUnicodeString(), TcPermission.READWRITE));
+ if (tripleCollectionUri.equals(permissionGraphName)) {
+ AccessController.checkPermission(new TcPermission(
+ tripleCollectionUri.getUnicodeString(), TcPermission.READWRITE));
+ } else {
+ Collection<Permission> perms = getRequiredReadWritePermissions(tripleCollectionUri);
+ if (perms.size() > 0) {
+ for (Permission permission : perms) {
+ AccessController.checkPermission(permission);
+ }
+ } else {
+ AccessController.checkPermission(new TcPermission(
+ tripleCollectionUri.getUnicodeString(), TcPermission.READWRITE));
+ }
+ }
}
}
/**
- * Set the set of permissions required to access a triple-collection, if
+ * Set the set of permissions required for read access to a triple-collection, if
* the set is non-empty the default TCPermisson is no longer required.
*
* @param tripleCollectionUri
@@ -116,7 +131,7 @@ public class TcAccessController {
*/
public void setRequiredReadPermissions(UriRef tripleCollectionUri,
Collection<String> permissionDescriptions) {
- permissionCache.remove(tripleCollectionUri);
+ readPermissionCache.remove(tripleCollectionUri);
final LockableMGraph permissionMGraph = getOrCreatePermisionGraph();
Lock l = permissionMGraph.getLock().writeLock();
l.lock();
@@ -130,15 +145,52 @@ public class TcAccessController {
}
}
+ /**
+ * Set the set of permissions required for read-write access to a
+ * triple-collection, if
+ * the set is non-empty the default TCPermisson is no longer required.
+ *
+ * @param tripleCollectionUri
+ * @param permissionDescriptions
+ */
+ public void setRequiredReadWritePermissions(UriRef tripleCollectionUri,
+ Collection<String> permissionDescriptions) {
+ readWritePermissionCache.remove(tripleCollectionUri);
+ final LockableMGraph permissionMGraph = getOrCreatePermisionGraph();
+ Lock l = permissionMGraph.getLock().writeLock();
+ l.lock();
+ try {
+ removeExistingRequiredReadPermissions(tripleCollectionUri, permissionMGraph);
+ final NonLiteral permissionList = createList(permissionDescriptions.iterator(), permissionMGraph);
+ permissionMGraph.add(new TripleImpl(tripleCollectionUri,
+ readWritePermissionListProperty, permissionList));
+ } finally {
+ l.unlock();
+ }
+ }
+
private Collection<Permission> getRequiredReadPermissions(UriRef tripleCollectionUri) {
- Collection<Permission> result = permissionCache.get(tripleCollectionUri);
+ Collection<Permission> result = readPermissionCache.get(tripleCollectionUri);
if (result == null) {
result = new ArrayList<Permission>();
Collection<String> permissionStrings = getRequiredReadPermissionStrings(tripleCollectionUri);
for (String string : permissionStrings) {
result.add(PermissionParser.getPermission(string, getClass().getClassLoader()));
}
- permissionCache.put(tripleCollectionUri, result);
+ readPermissionCache.put(tripleCollectionUri, result);
+ }
+ return result;
+ }
+
+ private Collection<Permission> getRequiredReadWritePermissions(UriRef tripleCollectionUri) {
+ Collection<Permission> result = readWritePermissionCache.get(tripleCollectionUri);
+ if (result == null) {
+ result = new ArrayList<Permission>();
+ Collection<String> permissionStrings = getRequiredReadWritePermissionStrings(tripleCollectionUri);
+ for (String string : permissionStrings) {
+ result.add(PermissionParser.getPermission(string, getClass().getClassLoader()));
+ }
+ readWritePermissionCache.put(tripleCollectionUri, result);
}
return result;
}
@@ -183,13 +235,19 @@ public class TcAccessController {
}
}
+ private Collection<String> getRequiredReadWritePermissionStrings(final UriRef tripleCollectionUri) {
+ return getRequiredPermissionStrings(tripleCollectionUri, readWritePermissionListProperty);
+ }
private Collection<String> getRequiredReadPermissionStrings(final UriRef tripleCollectionUri) {
+ return getRequiredPermissionStrings(tripleCollectionUri, readPermissionListProperty);
+ }
+ private Collection<String> getRequiredPermissionStrings(final UriRef tripleCollectionUri, UriRef property) {
try {
final LockableMGraph permissionMGraph = tcManager.getMGraph(permissionGraphName);
Lock l = permissionMGraph.getLock().readLock();
l.lock();
try {
- Triple t = permissionMGraph.filter(tripleCollectionUri, readPermissionListProperty, null).next();
+ Triple t = permissionMGraph.filter(tripleCollectionUri, property, null).next();
NonLiteral list = (NonLiteral) t.getObject();
LinkedList<String> result = new LinkedList<String>();
readList(list, permissionMGraph, result);