You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@jena.apache.org by cl...@apache.org on 2015/08/07 23:24:42 UTC
jena git commit: Changes in support of JENA-992
Repository: jena
Updated Branches:
refs/heads/master b328842dc -> 4a2c5d29c
Changes in support of JENA-992
Project: http://git-wip-us.apache.org/repos/asf/jena/repo
Commit: http://git-wip-us.apache.org/repos/asf/jena/commit/4a2c5d29
Tree: http://git-wip-us.apache.org/repos/asf/jena/tree/4a2c5d29
Diff: http://git-wip-us.apache.org/repos/asf/jena/diff/4a2c5d29
Branch: refs/heads/master
Commit: 4a2c5d29c15d2f87e07b445523dff9b56b21700a
Parents: b328842
Author: Claude Warren <cl...@apache.org>
Authored: Fri Aug 7 21:50:49 2015 +0100
Committer: Claude Warren <cl...@apache.org>
Committed: Fri Aug 7 21:50:49 2015 +0100
----------------------------------------------------------------------
.../permissions/example/ExampleEvaluator.java | 40 ++++++++++++--------
.../jena/security/example/fuseki/config.ttl | 26 ++++++-------
2 files changed, 38 insertions(+), 28 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/jena/blob/4a2c5d29/jena-permissions/src/example/java/org/apache/jena/permissions/example/ExampleEvaluator.java
----------------------------------------------------------------------
diff --git a/jena-permissions/src/example/java/org/apache/jena/permissions/example/ExampleEvaluator.java b/jena-permissions/src/example/java/org/apache/jena/permissions/example/ExampleEvaluator.java
index a5659e1..467f05e 100644
--- a/jena-permissions/src/example/java/org/apache/jena/permissions/example/ExampleEvaluator.java
+++ b/jena-permissions/src/example/java/org/apache/jena/permissions/example/ExampleEvaluator.java
@@ -56,21 +56,31 @@ public class ExampleEvaluator implements SecurityEvaluator {
return true;
}
- private boolean evaluate( Object principalObj, Resource r )
- {
- Principal principal = (Principal)principalObj;
- // a message is only available to sender or recipient
- if (r.hasProperty( RDF.type, msgType ))
- {
- if (principal == null)
- {
- throw new AuthenticationRequiredException();
- }
- return r.hasProperty( pTo, principal.getName() ) ||
- r.hasProperty( pFrom, principal.getName());
- }
- return true;
- }
+ // not that in this implementation all permission checks flow through
+ // this method. We can do this because we have a simple permissions
+ // requirement. A more complex set of permissions requirement would
+ // require a different strategy.
+ private boolean evaluate( Object principalObj, Resource r )
+ {
+ Principal principal = (Principal)principalObj;
+ // we do not allow anonymous (un-authenticated) reads of data.
+ // Another strategy would be to only require authentication if the
+ // data being requested was restricted -- but that is a more complex
+ // process and not suitable for this simple example.
+ if (principal == null)
+ {
+ throw new AuthenticationRequiredException();
+ }
+
+ // a message is only available to sender or recipient
+ if (r.hasProperty( RDF.type, msgType ))
+ {
+ return r.hasProperty( pTo, principal.getName() ) ||
+ r.hasProperty( pFrom, principal.getName());
+ }
+ return true;
+ }
+
private boolean evaluate( Object principal, Node node )
{
http://git-wip-us.apache.org/repos/asf/jena/blob/4a2c5d29/jena-permissions/src/example/resources/org/apache/jena/security/example/fuseki/config.ttl
----------------------------------------------------------------------
diff --git a/jena-permissions/src/example/resources/org/apache/jena/security/example/fuseki/config.ttl b/jena-permissions/src/example/resources/org/apache/jena/security/example/fuseki/config.ttl
index a748f01..a3c3b9a 100644
--- a/jena-permissions/src/example/resources/org/apache/jena/security/example/fuseki/config.ttl
+++ b/jena-permissions/src/example/resources/org/apache/jena/security/example/fuseki/config.ttl
@@ -22,15 +22,15 @@
@prefix rdf: <http://www.w3.org/1999/02/22-rdf-syntax-ns#> .
@prefix rdfs: <http://www.w3.org/2000/01/rdf-schema#> .
@prefix ja: <http://jena.hpl.hp.com/2005/11/Assembler#> .
-@prefix sec: <http://apache.org/jena/security/Assembler#> .
+@prefix perm: <http://apache.org/jena/permissions/Assembler#> .
@prefix my: <http://example.org/#> .
##
-## Load the SecuredAssembler class from the security library and define
-## the sec:Model as a subclass of ja:NamedModel.
+## Load the SecuredAssembler class from the permissions library and define
+## the perm:Model as a subclass of ja:NamedModel.
##
-[] ja:loadClass "org.apache.jena.security.SecuredAssembler" .
-sec:Model rdfs:subClassOf ja:NamedModel .
+[] ja:loadClass "org.apache.jena.permissions.SecuredAssembler" .
+perm:Model rdfs:subClassOf ja:NamedModel .
##
## Define the base model that contains the unsecured data.
@@ -42,28 +42,28 @@ my:baseModel rdf:type ja:MemoryModel;
##
## Define the secured model. This is where permissions is applied to the
## my:baseModel to create a model that has permission restrictions. Note
-## that it is using the security evaluator implementation (sec:evaluatorImpl)
+## that it is using the security evaluator implementation (perm:evaluatorImpl)
## called my:secEvaluator which we will define next.
##
-my:securedModel rdf:type sec:Model ;
- sec:baseModel my:baseModel ;
+my:securedModel rdf:type perm:Model ;
+ perm:baseModel my:baseModel ;
ja:modelName "https://example.org/securedModel" ;
- sec:evaluatorImpl my:secEvaluator .
+ perm:evaluatorImpl my:secEvaluator .
##
## Define the security evaluator. This is where we use the example
## ShiroExampleEvaluator. For your production environment you will replace
-## "org.apache.jena.security.example.ShiroExampleEvaluator" with your
+## "org.apache.jena.permissions.example.ShiroExampleEvaluator" with your
## SecurityEvaluator implementation. Note that ShiroExampleEvaluator constructor
## takes a Model argument. We pass in the unsecured baseModel so that the evaluator
## can read it unencumbered. Your implementation of SecurityEvaluator may have different
## parameters to meet your specific needs.
##
-my:secEvaluator rdf:type sec:Evaluator ;
- sec:args [
+my:secEvaluator rdf:type perm:Evaluator ;
+ perm:args [
rdf:_1 my:baseModel ;
] ;
- sec:evaluatorClass "org.apache.jena.security.example.ShiroExampleEvaluator" .
+ perm:evaluatorClass "org.apache.jena.permissions.example.ShiroExampleEvaluator" .
##
## Define the dataset that we will use for in the server.