You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@jena.apache.org by cl...@apache.org on 2015/08/07 23:24:42 UTC

jena git commit: Changes in support of JENA-992

Repository: jena
Updated Branches:
  refs/heads/master b328842dc -> 4a2c5d29c


Changes in support of JENA-992


Project: http://git-wip-us.apache.org/repos/asf/jena/repo
Commit: http://git-wip-us.apache.org/repos/asf/jena/commit/4a2c5d29
Tree: http://git-wip-us.apache.org/repos/asf/jena/tree/4a2c5d29
Diff: http://git-wip-us.apache.org/repos/asf/jena/diff/4a2c5d29

Branch: refs/heads/master
Commit: 4a2c5d29c15d2f87e07b445523dff9b56b21700a
Parents: b328842
Author: Claude Warren <cl...@apache.org>
Authored: Fri Aug 7 21:50:49 2015 +0100
Committer: Claude Warren <cl...@apache.org>
Committed: Fri Aug 7 21:50:49 2015 +0100

----------------------------------------------------------------------
 .../permissions/example/ExampleEvaluator.java   | 40 ++++++++++++--------
 .../jena/security/example/fuseki/config.ttl     | 26 ++++++-------
 2 files changed, 38 insertions(+), 28 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/jena/blob/4a2c5d29/jena-permissions/src/example/java/org/apache/jena/permissions/example/ExampleEvaluator.java
----------------------------------------------------------------------
diff --git a/jena-permissions/src/example/java/org/apache/jena/permissions/example/ExampleEvaluator.java b/jena-permissions/src/example/java/org/apache/jena/permissions/example/ExampleEvaluator.java
index a5659e1..467f05e 100644
--- a/jena-permissions/src/example/java/org/apache/jena/permissions/example/ExampleEvaluator.java
+++ b/jena-permissions/src/example/java/org/apache/jena/permissions/example/ExampleEvaluator.java
@@ -56,21 +56,31 @@ public class ExampleEvaluator implements SecurityEvaluator {
 		return true;
 	}
 
-	private boolean evaluate( Object principalObj, Resource r )
-	{
-		Principal principal = (Principal)principalObj;
-		// a message is only available to sender or recipient
-		if (r.hasProperty( RDF.type, msgType ))
-		{
-			if (principal == null)
-			{
-				throw new AuthenticationRequiredException();
-			}
-			return r.hasProperty( pTo, principal.getName() ) ||
-					r.hasProperty( pFrom, principal.getName());
-		}
-		return true;	
-	}
+	// not that in this implementation all permission checks flow through 
+    // this method.  We can do this because we have a simple permissions 
+    // requirement.  A more complex set of permissions requirement would 
+    // require a different strategy.
+    private boolean evaluate( Object principalObj, Resource r )
+    {
+        Principal principal = (Principal)principalObj;
+        // we do not allow anonymous (un-authenticated) reads of data.
+        // Another strategy would be to only require authentication if the
+        // data being requested was restricted -- but that is a more complex
+        // process and not suitable for this simple example.
+        if (principal == null)
+        {
+            throw new AuthenticationRequiredException();
+        }
+        
+        // a message is only available to sender or recipient
+        if (r.hasProperty( RDF.type, msgType ))
+        {
+            return r.hasProperty( pTo, principal.getName() ) ||
+                    r.hasProperty( pFrom, principal.getName());
+        }
+        return true;    
+    }
+    
 	
 	private boolean evaluate( Object principal, Node node )
 	{

http://git-wip-us.apache.org/repos/asf/jena/blob/4a2c5d29/jena-permissions/src/example/resources/org/apache/jena/security/example/fuseki/config.ttl
----------------------------------------------------------------------
diff --git a/jena-permissions/src/example/resources/org/apache/jena/security/example/fuseki/config.ttl b/jena-permissions/src/example/resources/org/apache/jena/security/example/fuseki/config.ttl
index a748f01..a3c3b9a 100644
--- a/jena-permissions/src/example/resources/org/apache/jena/security/example/fuseki/config.ttl
+++ b/jena-permissions/src/example/resources/org/apache/jena/security/example/fuseki/config.ttl
@@ -22,15 +22,15 @@
 @prefix rdf:     <http://www.w3.org/1999/02/22-rdf-syntax-ns#> .
 @prefix rdfs:    <http://www.w3.org/2000/01/rdf-schema#> .
 @prefix ja:      <http://jena.hpl.hp.com/2005/11/Assembler#> .
-@prefix sec:    <http://apache.org/jena/security/Assembler#> .
+@prefix perm:    <http://apache.org/jena/permissions/Assembler#> .
 @prefix my:     <http://example.org/#> .
 
 ##
-## Load the SecuredAssembler class from the security library and define 
-## the sec:Model as a subclass of ja:NamedModel.
+## Load the SecuredAssembler class from the permissions library and define 
+## the perm:Model as a subclass of ja:NamedModel.
 ##
-[] ja:loadClass    "org.apache.jena.security.SecuredAssembler" .
-sec:Model       rdfs:subClassOf  ja:NamedModel .
+[] ja:loadClass    "org.apache.jena.permissions.SecuredAssembler" .
+perm:Model       rdfs:subClassOf  ja:NamedModel .
 
 ##
 ## Define the base model that contains the unsecured data.
@@ -42,28 +42,28 @@ my:baseModel rdf:type ja:MemoryModel;
 ##
 ## Define the secured model.  This is where permissions is applied to the 
 ## my:baseModel to create a model that has permission restrictions.  Note 
-## that it is using the security evaluator implementation (sec:evaluatorImpl) 
+## that it is using the security evaluator implementation (perm:evaluatorImpl) 
 ## called my:secEvaluator which we will define next.
 ##
-my:securedModel rdf:type sec:Model ;
-    sec:baseModel my:baseModel ;
+my:securedModel rdf:type perm:Model ;
+    perm:baseModel my:baseModel ;
     ja:modelName "https://example.org/securedModel" ;
-    sec:evaluatorImpl my:secEvaluator .
+    perm:evaluatorImpl my:secEvaluator .
   
 ##
 ## Define the security evaluator.  This is where we use the example 
 ## ShiroExampleEvaluator.  For your production environment you will replace 
-## "org.apache.jena.security.example.ShiroExampleEvaluator"  with your 
+## "org.apache.jena.permissions.example.ShiroExampleEvaluator"  with your 
 ## SecurityEvaluator implementation.  Note that  ShiroExampleEvaluator constructor 
 ## takes a Model argument.  We pass in the unsecured baseModel so that the evaluator 
 ## can read it unencumbered.  Your implementation of SecurityEvaluator may have different 
 ## parameters to meet your specific needs.
 ##  
-my:secEvaluator rdf:type sec:Evaluator ;
-    sec:args [  
+my:secEvaluator rdf:type perm:Evaluator ;
+    perm:args [  
         rdf:_1 my:baseModel ;
     ] ;
-    sec:evaluatorClass "org.apache.jena.security.example.ShiroExampleEvaluator" .
+    perm:evaluatorClass "org.apache.jena.permissions.example.ShiroExampleEvaluator" .
 
 ##
 ## Define the dataset that we will use for in the server.