You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@jena.apache.org by cl...@apache.org on 2013/08/01 23:47:47 UTC
svn commit: r1509440 [2/8] - in /jena/Experimental/jena-security: ./ src/
src/example/ src/example/org/ src/example/org/apache/
src/example/org/apache/jena/ src/example/org/apache/jena/security/
src/example/org/apache/jena/security/example/ src/main/ s...
Added: jena/Experimental/jena-security/src/main/java/org/apache/jena/security/impl/CachedSecurityEvaluator.java
URL: http://svn.apache.org/viewvc/jena/Experimental/jena-security/src/main/java/org/apache/jena/security/impl/CachedSecurityEvaluator.java?rev=1509440&view=auto
==============================================================================
--- jena/Experimental/jena-security/src/main/java/org/apache/jena/security/impl/CachedSecurityEvaluator.java (added)
+++ jena/Experimental/jena-security/src/main/java/org/apache/jena/security/impl/CachedSecurityEvaluator.java Thu Aug 1 21:47:45 2013
@@ -0,0 +1,108 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.jena.security.impl;
+
+import java.lang.reflect.InvocationHandler;
+import java.lang.reflect.Method;
+import java.lang.reflect.Proxy;
+import java.security.Principal;
+import java.util.LinkedHashSet;
+import java.util.Set;
+
+import org.apache.commons.lang.ClassUtils;
+import org.apache.jena.security.SecurityEvaluator;
+
+/**
+ * A SecurityEvaluator that can be cached for later use.
+ */
+public class CachedSecurityEvaluator implements InvocationHandler
+{
+ private final SecurityEvaluator wrapped;
+ private final Principal origPrincipal;
+
+ // The getPrincipal() method.
+ private static Method GET_PRINCIPAL;
+
+ static
+ {
+ try
+ {
+ CachedSecurityEvaluator.GET_PRINCIPAL = SecurityEvaluator.class
+ .getMethod("getPrincipal");
+ }
+ catch (final SecurityException e)
+ {
+ throw new RuntimeException(e);
+ }
+ catch (final NoSuchMethodException e)
+ {
+ throw new RuntimeException(e);
+ }
+ }
+
+ /**
+ * Create an instance.
+ * @param evaluator The security evaluator we are caching.
+ * @param runAs The principal that we want to use when checking the permissions.
+ * @return The proxied SecurityEvaluator.
+ */
+ public static SecurityEvaluator getInstance(
+ final SecurityEvaluator evaluator, final Principal runAs )
+ {
+ final Set<Class<?>> ifac = new LinkedHashSet<Class<?>>();
+ if (evaluator.getClass().isInterface())
+ {
+ ifac.add(evaluator.getClass());
+ }
+ ifac.addAll(ClassUtils.getAllInterfaces(evaluator.getClass()));
+
+ return (SecurityEvaluator) Proxy.newProxyInstance(
+ SecuredItemImpl.class.getClassLoader(),
+ ifac.toArray(new Class<?>[ifac.size()]),
+ new CachedSecurityEvaluator(evaluator, runAs));
+ }
+
+ /**
+ *
+ * @param wrapped
+ * @param runAs
+ */
+ private CachedSecurityEvaluator( final SecurityEvaluator wrapped,
+ final Principal runAs )
+ {
+ origPrincipal = runAs;
+ this.wrapped = wrapped;
+ }
+
+ @Override
+ public Object invoke( final Object proxy, final Method method,
+ final Object[] args ) throws Throwable
+ {
+ // check for the special case methods
+ if (CachedSecurityEvaluator.GET_PRINCIPAL.equals(method))
+ {
+ return origPrincipal;
+ }
+
+ // if we get here then the method is not being proxied so call the
+ // original method
+ // on the base item.
+ return method.invoke(wrapped, args);
+
+ }
+}
Propchange: jena/Experimental/jena-security/src/main/java/org/apache/jena/security/impl/CachedSecurityEvaluator.java
------------------------------------------------------------------------------
svn:mime-type = text/plain
Added: jena/Experimental/jena-security/src/main/java/org/apache/jena/security/impl/ItemHolder.java
URL: http://svn.apache.org/viewvc/jena/Experimental/jena-security/src/main/java/org/apache/jena/security/impl/ItemHolder.java?rev=1509440&view=auto
==============================================================================
--- jena/Experimental/jena-security/src/main/java/org/apache/jena/security/impl/ItemHolder.java (added)
+++ jena/Experimental/jena-security/src/main/java/org/apache/jena/security/impl/ItemHolder.java Thu Aug 1 21:47:45 2013
@@ -0,0 +1,117 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.jena.security.impl;
+
+import java.lang.reflect.Proxy;
+import java.util.LinkedHashSet;
+import java.util.Set;
+
+import org.apache.commons.lang.ClassUtils;
+
+/**
+ * A class that holds the original item and the secured version of it.
+ *
+ * This class is used by the Invoker to return secured versions of the object
+ * during
+ * calls that return the called class for cascading.
+ *
+ * @param <Base>
+ * The base class that is being secured
+ * @param <Secured>
+ * The implementation (proxy) of the secured class.
+ */
+public class ItemHolder<Base, Secured extends SecuredItem>
+{
+ /**
+ * The base item that is being secured
+ */
+ private final Base baseItem;
+ /**
+ * The proxy to the base class that implements the security.
+ */
+ private Secured securedItem;
+
+ /**
+ * Constructor.
+ *
+ * @param baseItem
+ * The base item.
+ */
+ public ItemHolder( final Base baseItem )
+ {
+ super();
+ this.baseItem = baseItem;
+ }
+
+ /**
+ * Get the base item.
+ *
+ * This method is used in the proxy to get call to the underlying instance.
+ *
+ * @return The instance that is being protected.
+ */
+ public Base getBaseItem()
+ {
+ return baseItem;
+ }
+
+ /**
+ * Get the secured item.
+ *
+ * This method is used in the invocation handler to get the instance of the
+ * proxy that made the
+ * on which a method call was made. Generally used in returing the original
+ * object to support
+ * cascading.
+ *
+ * @return the proxy.
+ */
+ public Secured getSecuredItem()
+ {
+ return securedItem;
+ }
+
+ /**
+ * Creates the proxy, saves it as the securedItem and returns it.
+ *
+ * @param handler
+ * The SecuredItemInvoker to create the proxy with.
+ * @return The proxy.
+ */
+ @SuppressWarnings( "unchecked" )
+ public final Secured setSecuredItem( final SecuredItemInvoker handler )
+ {
+ final Set<Class<?>> ifac = new LinkedHashSet<Class<?>>();
+ if (baseItem.getClass().isInterface())
+ {
+ ifac.add(baseItem.getClass());
+ }
+ ifac.addAll(ClassUtils.getAllInterfaces(baseItem.getClass()));
+ if (handler.securedItem.getClass().isInterface())
+ {
+ ifac.add(handler.securedItem.getClass());
+ }
+ ifac.addAll(ClassUtils.getAllInterfaces(handler.securedItem.getClass()));
+
+ securedItem = (Secured) Proxy.newProxyInstance(
+ SecuredItemImpl.class.getClassLoader(),
+ ifac.toArray(new Class<?>[ifac.size()]), handler);
+ return securedItem;
+ }
+
+}
Propchange: jena/Experimental/jena-security/src/main/java/org/apache/jena/security/impl/ItemHolder.java
------------------------------------------------------------------------------
svn:mime-type = text/plain
Added: jena/Experimental/jena-security/src/main/java/org/apache/jena/security/impl/SecuredItem.java
URL: http://svn.apache.org/viewvc/jena/Experimental/jena-security/src/main/java/org/apache/jena/security/impl/SecuredItem.java?rev=1509440&view=auto
==============================================================================
--- jena/Experimental/jena-security/src/main/java/org/apache/jena/security/impl/SecuredItem.java (added)
+++ jena/Experimental/jena-security/src/main/java/org/apache/jena/security/impl/SecuredItem.java Thu Aug 1 21:47:45 2013
@@ -0,0 +1,185 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.jena.security.impl;
+
+import org.apache.jena.security.SecurityEvaluator;
+import org.apache.jena.security.SecurityEvaluator.SecNode;
+import org.apache.jena.security.SecurityEvaluator.SecTriple;
+
+/**
+ * The secured item interface is mixed into instances of secured objects by the
+ * proxy. It provides the security context for the security checks as well as
+ * several useful shorthand methods for common checks.
+ */
+public interface SecuredItem
+{
+
+ /**
+ * Utilities for SecuredItem implementations.
+ */
+ public static class Util
+ {
+ /**
+ * Secured items are equivalent if their security evaluators and
+ * modelIRIs are equal.
+ *
+ * @param si1
+ * A secured item to check
+ * @param si2
+ * A second secured item to check
+ * @return true if si1 is equivalent to si2.
+ */
+ public static boolean isEquivalent( final SecuredItem si1,
+ final SecuredItem si2 )
+ {
+ return si1.getSecurityEvaluator()
+ .equals(si2.getSecurityEvaluator())
+ && si1.getModelIRI().equals(si2.getModelIRI());
+ }
+ }
+
+ /**
+ * @return true if the securedModel allows items to to be created.
+ */
+ public boolean canCreate();
+
+ /**
+ * Return true if the triple can be created.
+ * If any s,p or o is SecNode.ANY then this method must return false if
+ * there
+ * are
+ * any restrictions where the remaining nodes and held constant and the ANY
+ * node
+ * is allowed to vary.
+ *
+ * See canRead(SecTriple t)
+ *
+ * @param t
+ * The triple to check
+ * @return true if the triple can be created.
+ */
+ public boolean canCreate( SecTriple t );
+
+ /**
+ * @return true if the securedModel allows items to to be deleted.
+ */
+ public boolean canDelete();
+
+ /**
+ * Return true if the triple can be deleted.
+ * If any s,p or o is SecNode.ANY then this method must return false if
+ * there
+ * are
+ * any restrictions where the remaining nodes and held constant and the ANY
+ * node
+ * is allowed to vary.
+ *
+ * See canRead(SecTriple t)
+ *
+ * @param t
+ * The triple to check
+ * @return true if the triple can be deleted.
+ */
+ public boolean canDelete( SecTriple t );
+
+ /**
+ * @return true if the securedModel allows items to to be read.
+ */
+ public boolean canRead();
+
+ /**
+ * Return true if the triple can be read.
+ * If any s,p or o is SecNode.ANY then this method must return false if
+ * there
+ * are
+ * any restrictions where the remaining nodes and held constant and the ANY
+ * node
+ * is allowed to vary.
+ *
+ * (S, P, O) check if S,P,O can be read.
+ * (S, P, ANY) check if there are any S,P,x restrictions.
+ * (S, ANY, P) check if there are any S,x,P restrictions.
+ * (ANY, ANY, ANY) check if there are any restricitons on reading.
+ *
+ * @param t
+ * The triple to check
+ * @return true if the triple can be read.
+ */
+ public boolean canRead( SecTriple t );
+
+ /**
+ * @return true if the securedModel allows items to to be updated.
+ */
+ public boolean canUpdate();
+
+ /**
+ * Return true if the triple can be updated.
+ * If any s,p or o is SecNode.ANY then this method must return false if
+ * there
+ * are
+ * any restrictions where the remaining nodes and held constant and the ANY
+ * node
+ * is allowed to vary.
+ *
+ * See canRead(SecTriple t)
+ *
+ * @param from
+ * The triple that will be changed
+ * @param to
+ * The resulting triple.
+ * @return true if the from triple can be updated as the to triple.
+ */
+ public boolean canUpdate( SecTriple from, SecTriple to );
+
+ @Override
+ public boolean equals( Object o );
+
+ /**
+ * @return the base item that is being secured.
+ */
+ public Object getBaseItem();
+
+ /**
+ * @return The IRI of the securedModel that the item belongs to.
+ */
+ public String getModelIRI();
+
+ /**
+ * @return The node represnetation of the securedModel IRI.
+ */
+ public SecNode getModelNode();
+
+ /**
+ * The SecurityEvaluator implementation that is being used to determine
+ * access.
+ *
+ * @return The SecurityEvaluator implementation.
+ */
+ public SecurityEvaluator getSecurityEvaluator();
+
+ /**
+ * Return true if this secured item is equivalent to another secured item.
+ * Generally implemented by calling SecuredItem.Util.isEquivalent
+ *
+ * @param securedItem
+ * the other secured item.
+ * @return True if they are equivalent, false otherwise.
+ */
+ public boolean isEquivalent( SecuredItem securedItem );
+
+}
\ No newline at end of file
Propchange: jena/Experimental/jena-security/src/main/java/org/apache/jena/security/impl/SecuredItem.java
------------------------------------------------------------------------------
svn:mime-type = text/plain
Added: jena/Experimental/jena-security/src/main/java/org/apache/jena/security/impl/SecuredItemImpl.java
URL: http://svn.apache.org/viewvc/jena/Experimental/jena-security/src/main/java/org/apache/jena/security/impl/SecuredItemImpl.java?rev=1509440&view=auto
==============================================================================
--- jena/Experimental/jena-security/src/main/java/org/apache/jena/security/impl/SecuredItemImpl.java (added)
+++ jena/Experimental/jena-security/src/main/java/org/apache/jena/security/impl/SecuredItemImpl.java Thu Aug 1 21:47:45 2013
@@ -0,0 +1,843 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.jena.security.impl;
+
+import com.hp.hpl.jena.rdf.model.Statement;
+import com.hp.hpl.jena.util.iterator.ExtendedIterator;
+import com.hp.hpl.jena.vocabulary.RDF;
+
+import java.lang.reflect.Proxy;
+
+import org.apache.commons.collections.map.LRUMap;
+import org.apache.commons.lang.StringUtils;
+import org.apache.commons.lang.builder.HashCodeBuilder;
+import org.apache.jena.security.AccessDeniedException;
+import org.apache.jena.security.SecurityEvaluator;
+import org.apache.jena.security.SecurityEvaluator.Action;
+import org.apache.jena.security.SecurityEvaluator.SecNode;
+import org.apache.jena.security.SecurityEvaluator.SecTriple;
+import org.apache.jena.security.SecurityEvaluator.SecNode.Type;
+
+/**
+ * An abstract implementation of SecuredItem that caches security checks.
+ * <p>
+ * Security checks are performed at multiple locations. This implementation ensures that
+ * during a single operation the specific check is only evaluated once by caching the result.
+ * </p>
+ *
+ */
+public abstract class SecuredItemImpl implements SecuredItem
+{
+ // a key for the secured item.
+ private class CacheKey implements Comparable<CacheKey>
+ {
+ private final Action action;
+ private final SecNode modelNode;
+ private final SecTriple from;
+ private final SecTriple to;
+ private Integer hashCode;
+
+ public CacheKey( final Action action, final SecNode modelNode )
+ {
+ this(action, modelNode, null, null);
+ }
+
+ public CacheKey( final Action action, final SecNode modelNode,
+ final SecTriple to )
+ {
+ this(action, modelNode, to, null);
+ }
+
+ public CacheKey( final Action action, final SecNode modelNode,
+ final SecTriple to, final SecTriple from )
+ {
+ this.action = action;
+ this.modelNode = modelNode;
+ this.to = to;
+ this.from = from;
+ }
+
+ @Override
+ public int compareTo( final CacheKey other )
+ {
+ int retval = this.action.compareTo(other.action);
+ if (retval == 0)
+ {
+ retval = this.modelNode.compareTo(other.modelNode);
+ }
+ if (retval == 0)
+ {
+ if (this.to == null)
+ {
+ if (other.to == null)
+ {
+ return 0;
+ }
+ return -1;
+ }
+ retval = this.to.compareTo(other.to);
+ }
+ if (retval == 0)
+ {
+ if (this.from == null)
+ {
+ if (other.from == null)
+ {
+ return 0;
+ }
+ return -1;
+ }
+ retval = this.from.compareTo(other.from);
+ }
+ return retval;
+ }
+
+ @Override
+ public boolean equals( final Object o )
+ {
+ if (o instanceof CacheKey)
+ {
+ return this.compareTo((CacheKey) o) == 0;
+ }
+ return false;
+ }
+
+ @Override
+ public int hashCode()
+ {
+ if (hashCode == null)
+ {
+ hashCode = new HashCodeBuilder().append(action)
+ .append(modelNode).append(from).append(to).toHashCode();
+ }
+ return hashCode;
+ }
+ }
+
+ // the maximum size of the cache
+ public static int MAX_CACHE = 100;
+ // the cache for this thread.
+ public static final ThreadLocal<LRUMap> CACHE = new ThreadLocal<LRUMap>();
+ // the number of times this thread has recursively called the constructor.
+ public static final ThreadLocal<Integer> COUNT = new ThreadLocal<Integer>();
+
+ /**
+ * Convert a Jena Node object into a SecNode object.
+ * @param jenaNode The Jena node to convert.
+ * @return The SecNode that represents the jenaNode.
+ */
+ public static SecNode convert( final com.hp.hpl.jena.graph.Node jenaNode )
+ {
+ if (com.hp.hpl.jena.graph.Node.ANY.equals(jenaNode))
+ {
+ return SecNode.ANY;
+ }
+ if (jenaNode.isLiteral())
+ {
+ return new SecNode(Type.Literal, jenaNode.getLiteral().toString());
+ }
+ if (jenaNode.isBlank())
+ {
+ return new SecNode(Type.Anonymous, jenaNode.getBlankNodeLabel());
+ }
+ if (jenaNode.isVariable())
+ {
+ return SecNode.VARIABLE;
+ }
+ return new SecNode(Type.URI, jenaNode.getURI());
+ }
+
+ /**
+ * Convert a Jena Triple into a SecTriple.
+ * @param jenaTriple The Jena Triple to convert.
+ * @return The SecTriple that represents the jenaTriple.
+ */
+ public static SecTriple convert(
+ final com.hp.hpl.jena.graph.Triple jenaTriple )
+ {
+ return new SecTriple(SecuredItemImpl.convert(jenaTriple.getSubject()),
+ SecuredItemImpl.convert(jenaTriple.getPredicate()),
+ SecuredItemImpl.convert(jenaTriple.getObject()));
+ }
+
+ /**
+ * Decrement the number of instances of SecuredItem.
+ */
+ public static void decrementUse()
+ {
+ final Integer i = SecuredItemImpl.COUNT.get();
+ if (i == null)
+ {
+ throw new IllegalStateException("No count on exit");
+ }
+ if (i < 1)
+ {
+ throw new IllegalStateException("No count less than 1");
+ }
+ if (i == 1)
+ {
+ SecuredItemImpl.CACHE.remove();
+ SecuredItemImpl.COUNT.remove();
+ }
+ else
+ {
+ SecuredItemImpl.COUNT.set(Integer.valueOf(i - 1));
+ }
+ }
+
+ /**
+ * Increment the number of instances of SecuredItem.
+ */
+ public static void incrementUse()
+ {
+ final Integer i = SecuredItemImpl.COUNT.get();
+ if (i == null)
+ {
+ SecuredItemImpl.CACHE.set(new LRUMap(Math.max(
+ SecuredItemImpl.MAX_CACHE, 100)));
+ SecuredItemImpl.COUNT.set(Integer.valueOf(1));
+ }
+ else
+ {
+ SecuredItemImpl.COUNT.set(Integer.valueOf(i + 1));
+ }
+ }
+
+ // the evaluator we are using
+ private final SecurityEvaluator securityEvaluator;
+
+ // the secured node for that names the graph.
+ private final SecNode modelNode;
+
+ // the item holder that we are evaluating.
+ private final ItemHolder<?, ?> itemHolder;
+
+ /**
+ * Create the SecuredItemImpl.
+ * @param securedItem The securedItem.
+ * @param holder The Item holder for the securedItem.
+ * @throws IllegalArgumentException if securedItem is null or securedItem.getSecurityEvaluator()
+ * returns null, or the holder is null.
+ */
+ protected SecuredItemImpl( final SecuredItem securedItem,
+ final ItemHolder<?, ?> holder )
+ {
+ if (securedItem == null)
+ {
+ throw new IllegalArgumentException("Secured item may not be null");
+ }
+ if (securedItem.getSecurityEvaluator() == null)
+ {
+ throw new IllegalArgumentException(
+ "Security evaluator in secured item may not be null");
+ }
+ if (holder == null)
+ {
+ throw new IllegalArgumentException("ItemHolder may not be null");
+ }
+ this.securityEvaluator = securedItem.getSecurityEvaluator();
+ this.modelNode = new SecurityEvaluator.SecNode(
+ SecurityEvaluator.SecNode.Type.URI, securedItem.getModelIRI());
+ this.itemHolder = holder;
+ }
+
+ /**
+ * Create the SecuredItemImpl.
+ * @param securityEvaluator the secured evaluator to use.
+ * @param modelURI the URI for the model.
+ * @param holder The holder to use.
+ * @throws IllegalArgumentException if security evaluator is null, modelURI is null or empty,
+ * or holder is null.
+ */
+ protected SecuredItemImpl( final SecurityEvaluator securityEvaluator,
+ final String modelURI, final ItemHolder<?, ?> holder )
+ {
+ if (securityEvaluator == null)
+ {
+ throw new IllegalArgumentException(
+ "Security evaluator may not be null");
+ }
+ if (StringUtils.isEmpty(modelURI))
+ {
+ throw new IllegalArgumentException(
+ "ModelURI may not be empty or null");
+ }
+ if (holder == null)
+ {
+ throw new IllegalArgumentException("ItemHolder may not be null");
+ }
+ this.securityEvaluator = securityEvaluator;
+ this.modelNode = new SecurityEvaluator.SecNode(
+ SecurityEvaluator.SecNode.Type.URI, modelURI);
+ this.itemHolder = holder;
+ }
+
+ @Override
+ public String toString() {
+ if (canRead())
+ {
+ return itemHolder.getBaseItem().toString();
+ }
+ return super.toString();
+ }
+
+ /**
+ * get the cached value.
+ * @param key The key to look for.
+ * @return the value of the security check or <code>null</code> if the value has not been cached.
+ */
+ private Boolean cacheGet( final CacheKey key )
+ {
+ final LRUMap cache = SecuredItemImpl.CACHE.get();
+ return (cache == null) ? null : (Boolean) cache.get(key);
+ }
+
+ /**
+ * set teh cache value.
+ * @param key The key to set the value for.
+ * @param value The value to set.
+ */
+ void cachePut( final CacheKey key, final boolean value )
+ {
+ final LRUMap cache = SecuredItemImpl.CACHE.get();
+ if (cache != null)
+ {
+ cache.put(key, value);
+ SecuredItemImpl.CACHE.set(cache);
+ }
+ }
+
+ /*
+ * (non-Javadoc)
+ *
+ * @see org.apache.jena.security.SecuredItem#canCreate()
+ */
+ @Override
+ public boolean canCreate()
+ {
+ final CacheKey key = new CacheKey(Action.Create, modelNode);
+ Boolean retval = cacheGet(key);
+ if (retval == null)
+ {
+ retval = securityEvaluator.evaluate(Action.Create, modelNode);
+ cachePut(key, retval);
+ }
+ return retval;
+ }
+
+ public boolean canCreate( final com.hp.hpl.jena.graph.Triple t )
+ {
+ return canCreate(SecuredItemImpl.convert(t));
+ }
+
+ @Override
+ public boolean canCreate( final SecTriple t )
+ {
+ final CacheKey key = new CacheKey(Action.Create, modelNode, t);
+ Boolean retval = cacheGet(key);
+ if (retval == null)
+ {
+ retval = securityEvaluator.evaluate(Action.Create, modelNode, t);
+ cachePut(key, retval);
+ }
+ return retval;
+ }
+
+ public boolean canCreate( final Statement s )
+ {
+ return canCreate(s.asTriple());
+ }
+
+ /*
+ * (non-Javadoc)
+ *
+ * @see org.apache.jena.security.SecuredItem#canDelete()
+ */
+ @Override
+ public boolean canDelete()
+ {
+ final CacheKey key = new CacheKey(Action.Delete, modelNode);
+ Boolean retval = cacheGet(key);
+ if (retval == null)
+ {
+ retval = securityEvaluator.evaluate(Action.Delete, modelNode);
+ cachePut(key, retval);
+ }
+ return retval;
+ }
+
+ public boolean canDelete( final com.hp.hpl.jena.graph.Triple t )
+ {
+ return canDelete(SecuredItemImpl.convert(t));
+ }
+
+ @Override
+ public boolean canDelete( final SecTriple t )
+ {
+ final CacheKey key = new CacheKey(Action.Delete, modelNode, t);
+ Boolean retval = cacheGet(key);
+ if (retval == null)
+ {
+ retval = securityEvaluator.evaluate(Action.Delete, modelNode, t);
+ cachePut(key, retval);
+ }
+ return retval;
+ }
+
+ public boolean canDelete( final Statement s )
+ {
+ return canDelete(s.asTriple());
+ }
+
+ /*
+ * (non-Javadoc)
+ *
+ * @see org.apache.jena.security.SecuredItem#canRead()
+ */
+ @Override
+ public boolean canRead()
+ {
+ final CacheKey key = new CacheKey(Action.Read, modelNode);
+ Boolean retval = cacheGet(key);
+ if (retval == null)
+ {
+ retval = securityEvaluator.evaluate(Action.Read, modelNode);
+ cachePut(key, retval);
+ }
+ return retval;
+ }
+
+ public boolean canRead( final com.hp.hpl.jena.graph.Triple t )
+ {
+ return canRead(SecuredItemImpl.convert(t));
+ }
+
+ @Override
+ public boolean canRead( final SecTriple t )
+ {
+ final CacheKey key = new CacheKey(Action.Read, modelNode, t);
+ Boolean retval = cacheGet(key);
+ if (retval == null)
+ {
+ retval = securityEvaluator.evaluate(Action.Read, modelNode, t);
+ cachePut(key, retval);
+ }
+ return retval;
+ }
+
+ public boolean canRead( final Statement s )
+ {
+ return canRead(s.asTriple());
+ }
+
+ /*
+ * (non-Javadoc)
+ *
+ * @see org.apache.jena.security.SecuredItem#canUpdate()
+ */
+ @Override
+ public boolean canUpdate()
+ {
+ final CacheKey key = new CacheKey(Action.Update, modelNode);
+ Boolean retval = cacheGet(key);
+ if (retval == null)
+ {
+ retval = securityEvaluator.evaluate(Action.Update, modelNode);
+ cachePut(key, retval);
+ }
+ return retval;
+ }
+
+ public boolean canUpdate( final com.hp.hpl.jena.graph.Triple from,
+ final com.hp.hpl.jena.graph.Triple to )
+ {
+ return canUpdate(SecuredItemImpl.convert(from),
+ SecuredItemImpl.convert(to));
+ }
+
+ @Override
+ public boolean canUpdate( final SecTriple from, final SecTriple to )
+ {
+ final CacheKey key = new CacheKey(Action.Update, modelNode, from, to);
+ Boolean retval = cacheGet(key);
+ if (retval == null)
+ {
+ retval = securityEvaluator.evaluateUpdate(modelNode, from, to);
+ cachePut(key, retval);
+ }
+ return retval;
+ }
+
+ public boolean canUpdate( final Statement from, final Statement to )
+ {
+ return canUpdate(from.asTriple(), to.asTriple());
+ }
+
+ /**
+ * check that create on the securedModel is allowed,
+ *
+ * @throws AccessDeniedException
+ * on failure
+ */
+ protected void checkCreate()
+ {
+ if (!canCreate())
+ {
+ throw new AccessDeniedException(modelNode, Action.Create);
+ }
+ }
+
+ protected void checkCreate( final com.hp.hpl.jena.graph.Triple t )
+ {
+ checkCreate(SecuredItemImpl.convert(t));
+ }
+
+ /**
+ * check that the triple can be created in the securedModel.,
+ *
+ * @throws AccessDeniedException
+ * on failure
+ */
+ protected void checkCreate( final SecTriple t )
+ {
+ if (!canCreate(t))
+ {
+ throw new AccessDeniedException(modelNode, t.toString(),
+ Action.Create);
+ }
+ }
+
+ protected void checkCreate( final Statement s )
+ {
+ checkCreate(s.asTriple());
+ }
+
+ protected void checkCreateReified( final String uri, final SecTriple t )
+ {
+ checkUpdate();
+ final SecNode n = uri == null ? SecNode.FUTURE : new SecNode(Type.URI,
+ uri);
+ checkCreate(new SecTriple(n, SecuredItemImpl.convert(RDF.subject
+ .asNode()), t.getSubject()));
+ checkCreate(new SecTriple(n, SecuredItemImpl.convert(RDF.predicate
+ .asNode()), t.getPredicate()));
+ checkCreate(new SecTriple(n, SecuredItemImpl.convert(RDF.object
+ .asNode()), t.getObject()));
+ }
+
+ protected void checkCreateStatement( final ExtendedIterator<Statement> stmts )
+ {
+ if (!canCreate(SecTriple.ANY))
+ {
+ try
+ {
+ while (stmts.hasNext())
+ {
+ checkCreate(stmts.next());
+ }
+ }
+ finally
+ {
+ stmts.close();
+ }
+ }
+ }
+
+ protected void checkCreateTriples(
+ final ExtendedIterator<com.hp.hpl.jena.graph.Triple> triples )
+ {
+ if (!canCreate(SecTriple.ANY))
+ {
+ try
+ {
+ while (triples.hasNext())
+ {
+ checkCreate(triples.next());
+ }
+ }
+ finally
+ {
+ triples.close();
+ }
+ }
+ }
+
+ /**
+ * check that delete on the securedModel is allowed,
+ *
+ * @throws AccessDeniedException
+ * on failure
+ */
+ protected void checkDelete()
+ {
+ if (!canDelete())
+ {
+ throw new AccessDeniedException(modelNode, Action.Delete);
+ }
+ }
+
+ protected void checkDelete( final com.hp.hpl.jena.graph.Triple t )
+ {
+ checkDelete(SecuredItemImpl.convert(t));
+ }
+
+ /**
+ * check that the triple can be deleted in the securedModel.,
+ *
+ * @throws AccessDeniedException
+ * on failure
+ */
+ protected void checkDelete( final SecTriple t )
+ {
+ if (!canDelete(t))
+ {
+ throw new AccessDeniedException(modelNode, t.toString(),
+ Action.Delete);
+ }
+ }
+
+ protected void checkDelete( final Statement s )
+ {
+ checkDelete(s.asTriple());
+ }
+
+ protected void checkDeleteStatements(
+ final ExtendedIterator<Statement> stmts )
+ {
+ if (!canDelete(SecTriple.ANY))
+ {
+ try
+ {
+ while (stmts.hasNext())
+ {
+ checkDelete(stmts.next());
+ }
+ }
+ finally
+ {
+ stmts.close();
+ }
+ }
+ }
+
+ protected void checkDeleteTriples(
+ final ExtendedIterator<com.hp.hpl.jena.graph.Triple> triples )
+ {
+ if (!canDelete(SecTriple.ANY))
+ {
+ try
+ {
+ while (triples.hasNext())
+ {
+ checkDelete(triples.next());
+ }
+ }
+ finally
+ {
+ triples.close();
+ }
+ }
+ }
+
+ /**
+ * check that read on the securedModel is allowed,
+ *
+ * @throws AccessDeniedException
+ * on failure
+ */
+ protected void checkRead()
+ {
+ if (!canRead())
+ {
+ throw new AccessDeniedException(modelNode, Action.Read);
+ }
+ }
+
+ protected void checkRead( final com.hp.hpl.jena.graph.Triple t )
+ {
+ checkRead(SecuredItemImpl.convert(t));
+ }
+
+ /**
+ * check that the triple can be read in the securedModel.,
+ *
+ * @throws AccessDeniedException
+ * on failure
+ */
+ protected void checkRead( final SecTriple t )
+ {
+ if (!canRead(t))
+ {
+ throw new AccessDeniedException(modelNode, t.toString(),
+ Action.Read);
+ }
+ }
+
+ protected void checkRead( final Statement s )
+ {
+ checkRead(s.asTriple());
+ }
+
+ protected void checkReadStatement( final ExtendedIterator<Statement> stmts )
+ {
+ try
+ {
+ while (stmts.hasNext())
+ {
+ checkRead(stmts.next());
+ }
+ }
+ finally
+ {
+ stmts.close();
+ }
+ }
+
+ protected void checkReadTriples(
+ final ExtendedIterator<com.hp.hpl.jena.graph.Triple> triples )
+ {
+ try
+ {
+ while (triples.hasNext())
+ {
+ checkRead(triples.next());
+ }
+ }
+ finally
+ {
+ triples.close();
+ }
+ }
+
+ /**
+ * check that update on the securedModel is allowed,
+ *
+ * @throws AccessDeniedException
+ * on failure
+ */
+ protected void checkUpdate()
+ {
+ if (!canUpdate())
+ {
+ throw new AccessDeniedException(modelNode, Action.Update);
+ }
+ }
+
+ protected void checkUpdate( final com.hp.hpl.jena.graph.Triple from,
+ final com.hp.hpl.jena.graph.Triple to )
+ {
+ checkUpdate(SecuredItemImpl.convert(from), SecuredItemImpl.convert(to));
+ }
+
+ /**
+ * check that the triple can be updated in the securedModel.,
+ *
+ * @param from the starting triple
+ * @param to the final triple.
+ * @throws AccessDeniedException
+ * on failure
+ */
+ protected void checkUpdate( final SecTriple from, final SecTriple to )
+ {
+ if (!canUpdate(from, to))
+ {
+ throw new AccessDeniedException(modelNode, String.format(
+ "%s to %s", from, to), Action.Update);
+ }
+ }
+
+ /*
+ * (non-Javadoc)
+ *
+ * @see org.apache.jena.security.SecuredItem#equals(java.lang.Object)
+ */
+ @Override
+ public boolean equals( final Object o )
+ {
+ if (Proxy.isProxyClass(o.getClass()))
+ {
+ return o.equals(itemHolder.getSecuredItem());
+ }
+ else
+ {
+ if (o instanceof SecuredItemImpl)
+ {
+ return itemHolder.getBaseItem().equals( ((SecuredItemImpl)o).getBaseItem());
+ }
+ return false;
+ }
+ }
+
+ @Override
+ public int hashCode()
+ {
+ return itemHolder.getBaseItem().hashCode();
+ }
+ /*
+ * (non-Javadoc)
+ *
+ * @see org.apache.jena.security.SecuredItem#getBaseItem()
+ */
+ @Override
+ public Object getBaseItem()
+ {
+ return itemHolder.getBaseItem();
+ }
+
+ /*
+ * (non-Javadoc)
+ *
+ * @see org.apache.jena.security.SecuredItem#getModelIRI()
+ */
+ @Override
+ public String getModelIRI()
+ {
+ return modelNode.getValue();
+ }
+
+ /**
+ * get the name of the model.
+ */
+ @Override
+ public SecNode getModelNode()
+ {
+ return modelNode;
+ }
+
+ /*
+ * (non-Javadoc)
+ *
+ * @see org.apache.jena.security.SecuredItem#getSecurityEvaluator()
+ */
+ @Override
+ public SecurityEvaluator getSecurityEvaluator()
+ {
+ return securityEvaluator;
+ }
+
+ /*
+ * (non-Javadoc)
+ *
+ * @see org.apache.jena.security.isEquivalent()
+ */
+ @Override
+ public boolean isEquivalent( final SecuredItem securedItem )
+ {
+ return SecuredItem.Util.isEquivalent(this, securedItem);
+ }
+}
\ No newline at end of file
Propchange: jena/Experimental/jena-security/src/main/java/org/apache/jena/security/impl/SecuredItemImpl.java
------------------------------------------------------------------------------
svn:mime-type = text/plain
Added: jena/Experimental/jena-security/src/main/java/org/apache/jena/security/impl/SecuredItemInvoker.java
URL: http://svn.apache.org/viewvc/jena/Experimental/jena-security/src/main/java/org/apache/jena/security/impl/SecuredItemInvoker.java?rev=1509440&view=auto
==============================================================================
--- jena/Experimental/jena-security/src/main/java/org/apache/jena/security/impl/SecuredItemInvoker.java (added)
+++ jena/Experimental/jena-security/src/main/java/org/apache/jena/security/impl/SecuredItemInvoker.java Thu Aug 1 21:47:45 2013
@@ -0,0 +1,143 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.jena.security.impl;
+
+import java.lang.reflect.InvocationHandler;
+import java.lang.reflect.Method;
+import java.lang.reflect.Modifier;
+import java.lang.reflect.Proxy;
+
+
+/**
+ * A generic InvocationHandler that handles the general invocation of the
+ * security methods.
+ */
+public class SecuredItemInvoker implements InvocationHandler
+{
+ // the equals() method
+ private static Method EQUALS;
+ // the toString() method
+ private static Method TO_STRING;
+ // the hashCode() method.
+ private static Method HASH_CODE;
+ // the instance of SecuredItem that this proxy is using. Must be
+ // package-private for ItemHolder use.
+ /* package-private */final SecuredItem securedItem;
+
+ // populate the static fields.
+ static
+ {
+ try
+ {
+ SecuredItemInvoker.EQUALS = Object.class.getMethod("equals",
+ Object.class);
+ SecuredItemInvoker.TO_STRING = Object.class.getMethod("toString");
+ SecuredItemInvoker.HASH_CODE = Object.class.getMethod("hashCode");
+ }
+ catch (final SecurityException e)
+ {
+ throw new RuntimeException(e);
+ }
+ catch (final NoSuchMethodException e)
+ {
+ throw new RuntimeException(e);
+ }
+ }
+
+ /**
+ * Constructor.
+ *
+ * @param securedClass
+ * The class of the object that is being protected.
+ * @param securedItem
+ * The implementation of the SecuredItem version of the object.
+ */
+ public SecuredItemInvoker( final Class<?> securedClass,
+ final SecuredItem securedItem )
+ {
+ this.securedItem = securedItem;
+ }
+
+ @Override
+ public Object invoke( final Object proxy, final Method method,
+ final Object[] args ) throws Throwable
+ {
+
+ // check for the special case methods
+ if (SecuredItemInvoker.EQUALS.equals(method))
+ {
+ if (Proxy.isProxyClass(args[0].getClass()))
+ {
+ return args[0].equals(securedItem);
+ }
+ else
+ {
+ return securedItem.equals(args[0]);
+ }
+ }
+
+ if (SecuredItemInvoker.HASH_CODE.equals(method))
+ {
+ return securedItem.hashCode();
+ }
+
+ if (SecuredItemInvoker.TO_STRING.equals(method))
+ {
+ return securedItem.toString();
+ }
+
+ try
+ {
+ final Method m = securedItem.getClass().getMethod(method.getName(),
+ method.getParameterTypes());
+ if (!Modifier.isAbstract(m.getModifiers()))
+ {
+ try
+ {
+ SecuredItemImpl.incrementUse();
+ try
+ {
+ return method.invoke(securedItem, args);
+ }
+ finally
+ {
+ SecuredItemImpl.decrementUse();
+ }
+
+ }
+ catch (final java.lang.reflect.InvocationTargetException e2)
+ {
+ if (e2.getTargetException() instanceof RuntimeException)
+ {
+ throw e2.getTargetException();
+ }
+ throw e2;
+ }
+ }
+ }
+ catch (final NoSuchMethodException e2)
+ {
+ // acceptable
+ }
+
+ // if we get here then the method is not being proxied so call the
+ // original method on the base item.
+ return method.invoke(securedItem.getBaseItem(), args);
+
+ }
+}
Propchange: jena/Experimental/jena-security/src/main/java/org/apache/jena/security/impl/SecuredItemInvoker.java
------------------------------------------------------------------------------
svn:mime-type = text/plain
Added: jena/Experimental/jena-security/src/main/java/org/apache/jena/security/model/SecuredAlt.java
URL: http://svn.apache.org/viewvc/jena/Experimental/jena-security/src/main/java/org/apache/jena/security/model/SecuredAlt.java?rev=1509440&view=auto
==============================================================================
--- jena/Experimental/jena-security/src/main/java/org/apache/jena/security/model/SecuredAlt.java (added)
+++ jena/Experimental/jena-security/src/main/java/org/apache/jena/security/model/SecuredAlt.java Thu Aug 1 21:47:45 2013
@@ -0,0 +1,264 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.jena.security.model;
+
+import com.hp.hpl.jena.rdf.model.Alt;
+import com.hp.hpl.jena.rdf.model.RDFNode;
+import com.hp.hpl.jena.rdf.model.ResourceF;
+
+import org.apache.jena.security.AccessDeniedException;
+
+/**
+ * The interface for secured Alt instances.
+ *
+ * Use the SecuredAlt.Factory to create instances
+ */
+public interface SecuredAlt extends Alt, SecuredContainer
+{
+ /**
+ * @sec.graph Read
+ * @sec.triple Read SecTriple(this, RDF.li(1), o )
+ * @throws AccessDeniedException
+ */
+ @Override
+ public SecuredRDFNode getDefault() throws AccessDeniedException;
+
+ /**
+ * @sec.graph Read
+ * @sec.triple Read SecTriple(this, RDF.li(1), o )
+ * @throws AccessDeniedException
+ */
+ @Override
+ public SecuredAlt getDefaultAlt() throws AccessDeniedException;
+
+ /**
+ * @sec.graph Read
+ * @sec.triple Read SecTriple(this, RDF.li(1), o )
+ * @throws AccessDeniedException
+ */
+ @Override
+ public SecuredBag getDefaultBag() throws AccessDeniedException;
+
+ /**
+ * @sec.graph Read
+ * @sec.triple Read SecTriple(this, RDF.li(1), o )
+ * @throws AccessDeniedException
+ */
+ @Override
+ public boolean getDefaultBoolean() throws AccessDeniedException;
+
+ /**
+ * @sec.graph Read
+ * @sec.triple Read SecTriple(this, RDF.li(1), o )
+ * @throws AccessDeniedException
+ */
+ @Override
+ public byte getDefaultByte() throws AccessDeniedException;
+
+ /**
+ * @sec.graph Read
+ * @sec.triple Read SecTriple(this, RDF.li(1), o )
+ * @throws AccessDeniedException
+ */
+ @Override
+ public char getDefaultChar() throws AccessDeniedException;
+
+ /**
+ * @sec.graph Read
+ * @sec.triple Read SecTriple(this, RDF.li(1), o )
+ * @throws AccessDeniedException
+ */
+ @Override
+ public double getDefaultDouble() throws AccessDeniedException;
+
+ /**
+ * @sec.graph Read
+ * @sec.triple Read SecTriple(this, RDF.li(1), o )
+ * @throws AccessDeniedException
+ */
+ @Override
+ public float getDefaultFloat() throws AccessDeniedException;
+
+ /**
+ * @sec.graph Read
+ * @sec.triple Read SecTriple(this, RDF.li(1), o )
+ * @throws AccessDeniedException
+ */
+ @Override
+ public int getDefaultInt() throws AccessDeniedException;
+
+ /**
+ * @sec.graph Read
+ * @sec.triple Read SecTriple(this, RDF.li(1), o )
+ * @throws AccessDeniedException
+ */
+ @Override
+ public String getDefaultLanguage() throws AccessDeniedException;
+
+ /**
+ * @sec.graph Read
+ * @sec.triple Read SecTriple(this, RDF.li(1), o )
+ * @throws AccessDeniedException
+ */
+ @Override
+ public SecuredLiteral getDefaultLiteral() throws AccessDeniedException;
+
+ /**
+ * @sec.graph Read
+ * @sec.triple Read SecTriple(this, RDF.li(1), o )
+ * @throws AccessDeniedException
+ */
+ @Override
+ public long getDefaultLong() throws AccessDeniedException;
+
+ /**
+ * @sec.graph Read
+ * @sec.triple Read SecTriple(this, RDF.li(1), o )
+ * @throws AccessDeniedException
+ */
+ @Override
+ public SecuredResource getDefaultResource() throws AccessDeniedException;
+
+ /**
+ * @sec.graph Read
+ * @sec.triple Read SecTriple(this, RDF.li(1), o )
+ * @throws AccessDeniedException
+ */
+ @Override
+ @Deprecated
+ public SecuredResource getDefaultResource( final ResourceF f )
+ throws AccessDeniedException;
+
+ /**
+ * @sec.graph Read
+ * @sec.triple Read SecTriple(this, RDF.li(1), o )
+ * @throws AccessDeniedException
+ */
+ @Override
+ public SecuredSeq getDefaultSeq() throws AccessDeniedException;
+
+ /**
+ * @sec.graph Read
+ * @sec.triple Read SecTriple(this, RDF.li(1), o )
+ * @throws AccessDeniedException
+ */
+ @Override
+ public short getDefaultShort() throws AccessDeniedException;
+
+ /**
+ * @sec.graph Read
+ * @sec.triple Read SecTriple(this, RDF.li(1), o )
+ * @throws AccessDeniedException
+ */
+ @Override
+ public String getDefaultString() throws AccessDeniedException;
+
+ /**
+ * @sec.graph Update
+ * @sec.triple Update SecTriple(this, RDF.li(1), existing ), SecTriple(this,
+ * RDF.li(1), o )
+ * @sec.triple Create SecTriple(this, RDF.li(1), o ) if no current default
+ * @throws AccessDeniedException
+ */
+ @Override
+ public SecuredAlt setDefault( final boolean o )
+ throws AccessDeniedException;
+
+ /**
+ * @sec.graph Update
+ * @sec.triple Update SecTriple(this, RDF.li(1), existing ), SecTriple(this,
+ * RDF.li(1), o )
+ * @sec.triple Create SecTriple(this, RDF.li(1), o ) if no current default
+ * @throws AccessDeniedException
+ */
+ @Override
+ public SecuredAlt setDefault( final char o ) throws AccessDeniedException;
+
+ /**
+ * @sec.graph Update
+ * @sec.triple Update SecTriple(this, RDF.li(1), existing ), SecTriple(this,
+ * RDF.li(1), o )
+ * @sec.triple Create SecTriple(this, RDF.li(1), o ) if no current default
+ * @throws AccessDeniedException
+ */
+ @Override
+ public SecuredAlt setDefault( final double o ) throws AccessDeniedException;
+
+ /**
+ * @sec.graph Update
+ * @sec.triple Update SecTriple(this, RDF.li(1), existing ), SecTriple(this,
+ * RDF.li(1), o )
+ * @sec.triple Create SecTriple(this, RDF.li(1), o ) if no current default
+ * @throws AccessDeniedException
+ */
+ @Override
+ public SecuredAlt setDefault( final float o ) throws AccessDeniedException;
+
+ /**
+ * @sec.graph Update
+ * @sec.triple Update SecTriple(this, RDF.li(1), existing ), SecTriple(this,
+ * RDF.li(1), o )
+ * @sec.triple Create SecTriple(this, RDF.li(1), o ) if no current default
+ * @throws AccessDeniedException
+ */
+ @Override
+ public SecuredAlt setDefault( final long o ) throws AccessDeniedException;
+
+ /**
+ * @sec.graph Update
+ * @sec.triple Update SecTriple(this, RDF.li(1), existing ), SecTriple(this,
+ * RDF.li(1), o )
+ * @sec.triple Create SecTriple(this, RDF.li(1), o ) if no current default
+ * @throws AccessDeniedException
+ */
+ @Override
+ public SecuredAlt setDefault( final Object o ) throws AccessDeniedException;
+
+ /**
+ * @sec.graph Update
+ * @sec.triple Update SecTriple(this, RDF.li(1), existing ), SecTriple(this,
+ * RDF.li(1), o )
+ * @sec.triple Create SecTriple(this, RDF.li(1), o ) if no current default
+ * @throws AccessDeniedException
+ */
+ @Override
+ public SecuredAlt setDefault( final RDFNode o )
+ throws AccessDeniedException;
+
+ /**
+ * @sec.graph Update
+ * @sec.triple Update SecTriple(this, RDF.li(1), existing ), SecTriple(this,
+ * RDF.li(1), o )
+ * @sec.triple Create SecTriple(this, RDF.li(1), o ) if no current default
+ * @throws AccessDeniedException
+ */
+ @Override
+ public SecuredAlt setDefault( final String o ) throws AccessDeniedException;
+
+ /**
+ * @sec.graph Update
+ * @sec.triple Update SecTriple(this, RDF.li(1), existing ), SecTriple(this,
+ * RDF.li(1), o )
+ * @sec.triple Create SecTriple(this, RDF.li(1), o ) if no current default
+ * @throws AccessDeniedException
+ */
+ @Override
+ public SecuredAlt setDefault( final String o, final String l )
+ throws AccessDeniedException;
+
+}
Propchange: jena/Experimental/jena-security/src/main/java/org/apache/jena/security/model/SecuredAlt.java
------------------------------------------------------------------------------
svn:mime-type = text/plain
Added: jena/Experimental/jena-security/src/main/java/org/apache/jena/security/model/SecuredBag.java
URL: http://svn.apache.org/viewvc/jena/Experimental/jena-security/src/main/java/org/apache/jena/security/model/SecuredBag.java?rev=1509440&view=auto
==============================================================================
--- jena/Experimental/jena-security/src/main/java/org/apache/jena/security/model/SecuredBag.java (added)
+++ jena/Experimental/jena-security/src/main/java/org/apache/jena/security/model/SecuredBag.java Thu Aug 1 21:47:45 2013
@@ -0,0 +1,29 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.jena.security.model;
+
+import com.hp.hpl.jena.rdf.model.Bag;
+
+/**
+ * The interface for secured Bag instances.
+ *
+ * Use the SecuredBag.Factory to create instances
+ */
+public interface SecuredBag extends Bag, SecuredContainer
+{
+}
Propchange: jena/Experimental/jena-security/src/main/java/org/apache/jena/security/model/SecuredBag.java
------------------------------------------------------------------------------
svn:mime-type = text/plain
Added: jena/Experimental/jena-security/src/main/java/org/apache/jena/security/model/SecuredContainer.java
URL: http://svn.apache.org/viewvc/jena/Experimental/jena-security/src/main/java/org/apache/jena/security/model/SecuredContainer.java?rev=1509440&view=auto
==============================================================================
--- jena/Experimental/jena-security/src/main/java/org/apache/jena/security/model/SecuredContainer.java (added)
+++ jena/Experimental/jena-security/src/main/java/org/apache/jena/security/model/SecuredContainer.java Thu Aug 1 21:47:45 2013
@@ -0,0 +1,219 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.jena.security.model;
+
+import com.hp.hpl.jena.rdf.model.Container;
+import com.hp.hpl.jena.rdf.model.RDFNode;
+import com.hp.hpl.jena.rdf.model.Statement;
+
+import java.util.Set;
+
+import org.apache.jena.security.AccessDeniedException;
+import org.apache.jena.security.SecurityEvaluator.Action;
+import org.apache.jena.security.model.impl.SecuredNodeIterator;
+
+/**
+ * The interface for secured Container instances.
+ *
+ * Use one of the SecuredContainer derived class Factory methods to create
+ * instances
+ */
+public interface SecuredContainer extends Container, SecuredResource
+{
+
+ /**
+ * @sec.graph Update
+ * @sec.triple Create SecTriple( this, RDF.li, o );
+ * @throws AccessDeniedException
+ */
+ @Override
+ public SecuredContainer add( final boolean o ) throws AccessDeniedException;
+
+ /**
+ * @sec.graph Update
+ * @sec.triple Create SecTriple( this, RDF.li, o );
+ * @throws AccessDeniedException
+ */
+ @Override
+ public SecuredContainer add( final char o ) throws AccessDeniedException;
+
+ /**
+ * @sec.graph Update
+ * @sec.triple Create SecTriple( this, RDF.li, o );
+ * @throws AccessDeniedException
+ */
+ @Override
+ public SecuredContainer add( final double o ) throws AccessDeniedException;
+
+ /**
+ * @sec.graph Update
+ * @sec.triple Create SecTriple( this, RDF.li, o );
+ * @throws AccessDeniedException
+ */
+ @Override
+ public SecuredContainer add( final float o ) throws AccessDeniedException;
+
+ /**
+ * @sec.graph Update
+ * @sec.triple Create SecTriple( this, RDF.li, o );
+ * @throws AccessDeniedException
+ */
+ @Override
+ public SecuredContainer add( final long o ) throws AccessDeniedException;
+
+ /**
+ * @sec.graph Update
+ * @sec.triple Create SecTriple( this, RDF.li, o );
+ * @throws AccessDeniedException
+ */
+ @Override
+ public SecuredContainer add( final Object o ) throws AccessDeniedException;
+
+ /**
+ * @sec.graph Update
+ * @sec.triple Create SecTriple( this, RDF.li, o );
+ * @throws AccessDeniedException
+ */
+ @Override
+ public SecuredContainer add( final RDFNode o ) throws AccessDeniedException;
+
+ /**
+ * @sec.graph Update
+ * @sec.triple Create SecTriple( this, RDF.li, o );
+ * @throws AccessDeniedException
+ */
+ @Override
+ public SecuredContainer add( final String o ) throws AccessDeniedException;
+
+ /**
+ * @sec.graph Update
+ * @sec.triple Create SecTriple( this, RDF.li, o );
+ * @throws AccessDeniedException
+ */
+ @Override
+ public SecuredContainer add( final String o, final String l )
+ throws AccessDeniedException;
+
+ /**
+ * @sec.graph Read
+ * @sec.triple Read SecTriple( this, RDF.li, o );
+ * @throws AccessDeniedException
+ */
+ @Override
+ public boolean contains( final boolean o ) throws AccessDeniedException;
+
+ /**
+ * @sec.graph Read
+ * @sec.triple Read SecTriple( this, RDF.li, o );
+ * @throws AccessDeniedException
+ */
+ @Override
+ public boolean contains( final char o ) throws AccessDeniedException;
+
+ /**
+ * @sec.graph Read
+ * @sec.triple Read SecTriple( this, RDF.li, o );
+ * @throws AccessDeniedException
+ */
+ @Override
+ public boolean contains( final double o ) throws AccessDeniedException;
+
+ /**
+ * @sec.graph Read
+ * @sec.triple Read SecTriple( this, RDF.li, o );
+ * @throws AccessDeniedException
+ */
+ @Override
+ public boolean contains( final float o ) throws AccessDeniedException;
+
+ /**
+ * @sec.graph Read
+ * @sec.triple Read SecTriple( this, RDF.li, o );
+ * @throws AccessDeniedException
+ */
+ @Override
+ public boolean contains( final long o ) throws AccessDeniedException;
+
+ /**
+ * @sec.graph Read
+ * @sec.triple Read SecTriple( this, RDF.li, o );
+ * @throws AccessDeniedException
+ */
+ @Override
+ public boolean contains( final Object o ) throws AccessDeniedException;
+
+ /**
+ * @sec.graph Read
+ * @sec.triple Read SecTriple( this, RDF.li, o );
+ * @throws AccessDeniedException
+ */
+ @Override
+ public boolean contains( final RDFNode o ) throws AccessDeniedException;
+
+ /**
+ * @sec.graph Read
+ * @sec.triple Read SecTriple( this, RDF.li, o );
+ * @throws AccessDeniedException
+ */
+ @Override
+ public boolean contains( final String o ) throws AccessDeniedException;
+
+ /**
+ * @sec.graph Read
+ * @sec.triple Read SecTriple( this, RDF.li, o );
+ * @throws AccessDeniedException
+ */
+ @Override
+ public boolean contains( final String o, final String l )
+ throws AccessDeniedException;
+
+ /**
+ * @sec.graph Read
+ * @sec.triple Read on each triple ( this, rdf:li_? node ) returned by
+ * iterator;
+ * @throws AccessDeniedException
+ */
+ @Override
+ public SecuredNodeIterator<RDFNode> iterator() throws AccessDeniedException;
+
+ /**
+ * @param perms the Permissions required on each node returned
+ * @sec.graph Read
+ * @sec.triple Read + perms on each triple ( this, rdf:li_? node ) returned
+ * by iterator;
+ * @throws AccessDeniedException
+ */
+ public SecuredNodeIterator<RDFNode> iterator( Set<Action> perms )
+ throws AccessDeniedException;
+
+ /**
+ * @sec.graph Update
+ * @sec.triple Delete s as triple;
+ * @throws AccessDeniedException
+ */
+ @Override
+ public SecuredContainer remove( final Statement s )
+ throws AccessDeniedException;
+
+ /**
+ * @sec.graph Read
+ * @throws AccessDeniedException
+ */
+ @Override
+ public int size() throws AccessDeniedException;
+}
Propchange: jena/Experimental/jena-security/src/main/java/org/apache/jena/security/model/SecuredContainer.java
------------------------------------------------------------------------------
svn:mime-type = text/plain
Added: jena/Experimental/jena-security/src/main/java/org/apache/jena/security/model/SecuredLiteral.java
URL: http://svn.apache.org/viewvc/jena/Experimental/jena-security/src/main/java/org/apache/jena/security/model/SecuredLiteral.java?rev=1509440&view=auto
==============================================================================
--- jena/Experimental/jena-security/src/main/java/org/apache/jena/security/model/SecuredLiteral.java (added)
+++ jena/Experimental/jena-security/src/main/java/org/apache/jena/security/model/SecuredLiteral.java Thu Aug 1 21:47:45 2013
@@ -0,0 +1,166 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.jena.security.model;
+
+import com.hp.hpl.jena.datatypes.DatatypeFormatException;
+import com.hp.hpl.jena.datatypes.RDFDatatype;
+import com.hp.hpl.jena.rdf.model.Literal;
+import com.hp.hpl.jena.rdf.model.Model;
+
+import org.apache.jena.security.AccessDeniedException;
+
+/**
+ * The interface for secured Literal instances.
+ *
+ * Use the SecuredLiteral.Factory to create instances
+ */
+public interface SecuredLiteral extends Literal, SecuredRDFNode
+{
+
+ @Override
+ public SecuredLiteral asLiteral();
+
+ // @Override
+ // public SecuredResource asResource();
+
+ /**
+ * @sec.graph Read
+ * @throws AccessDeniedException
+ */
+ @Override
+ public boolean getBoolean() throws AccessDeniedException,
+ DatatypeFormatException;
+
+ /**
+ * @sec.graph Read
+ * @throws AccessDeniedException
+ */
+ @Override
+ public byte getByte() throws AccessDeniedException, DatatypeFormatException;
+
+ /**
+ * @sec.graph Read
+ * @throws AccessDeniedException
+ */
+ @Override
+ public char getChar() throws AccessDeniedException, DatatypeFormatException;
+
+ /**
+ * @sec.graph Read
+ * @throws AccessDeniedException
+ */
+ @Override
+ public RDFDatatype getDatatype() throws AccessDeniedException;
+
+ /**
+ * @sec.graph Read
+ * @throws AccessDeniedException
+ */
+ @Override
+ public String getDatatypeURI() throws AccessDeniedException;
+
+ /**
+ * @sec.graph Read
+ * @throws AccessDeniedException
+ */
+ @Override
+ public double getDouble() throws AccessDeniedException,
+ DatatypeFormatException;
+
+ /**
+ * @sec.graph Read
+ * @throws AccessDeniedException
+ */
+ @Override
+ public float getFloat() throws AccessDeniedException,
+ DatatypeFormatException;
+
+ /**
+ * @sec.graph Read
+ * @throws AccessDeniedException
+ */
+ @Override
+ public int getInt() throws AccessDeniedException, DatatypeFormatException;
+
+ /**
+ * @sec.graph Read
+ * @throws AccessDeniedException
+ */
+ @Override
+ public String getLanguage() throws AccessDeniedException;
+
+ /**
+ * @sec.graph Read
+ * @throws AccessDeniedException
+ */
+ @Override
+ public String getLexicalForm() throws AccessDeniedException;
+
+ /**
+ * @sec.graph Read
+ * @throws AccessDeniedException
+ */
+ @Override
+ public long getLong() throws AccessDeniedException, DatatypeFormatException;
+
+ /**
+ * @sec.graph Read
+ * @throws AccessDeniedException
+ */
+ @Override
+ public short getShort() throws AccessDeniedException,
+ DatatypeFormatException;
+
+ /**
+ * @sec.graph Read
+ * @throws AccessDeniedException
+ */
+ @Override
+ public String getString() throws AccessDeniedException,
+ DatatypeFormatException;
+
+ /**
+ * @sec.graph Read
+ * @throws AccessDeniedException
+ */
+ @Override
+ public Object getValue() throws AccessDeniedException;
+
+ /**
+ * @sec.graph Read
+ * @throws AccessDeniedException
+ */
+ @Override
+ public Literal inModel( final Model m ) throws AccessDeniedException;
+
+ /**
+ * @sec.graph Read
+ * @throws AccessDeniedException
+ */
+ @Override
+ public boolean isWellFormedXML() throws AccessDeniedException;
+
+ /**
+ * @sec.graph Read
+ * @throws AccessDeniedException
+ */
+ @Override
+ public boolean sameValueAs( final Literal other )
+ throws AccessDeniedException;
+
+}
Propchange: jena/Experimental/jena-security/src/main/java/org/apache/jena/security/model/SecuredLiteral.java
------------------------------------------------------------------------------
svn:mime-type = text/plain