Author: reto
Date: Thu Jul 15 09:30:12 2010
New Revision: 964351
URL: http://svn.apache.org/viewvc?rev=964351&view=rev
Log:
CLEREZZA-253: ckecking for graph-specific read permissions
Added:
incubator/clerezza/issues/CLEREZZA-253/
incubator/clerezza/issues/CLEREZZA-253/org.apache.clerezza.rdf.core/
- copied from r960982,
incubator/clerezza/trunk/org.apache.clerezza.parent/org.apache.clerezza.rdf.core/
incubator/clerezza/issues/CLEREZZA-253/org.apache.clerezza.rdf.core/src/main/java/org/apache/clerezza/rdf/core/access/security/TcAccessController.java
incubator/clerezza/issues/CLEREZZA-253/org.apache.clerezza.rdf.core/src/main/resources/META-INF/documentation.nt
- copied unchanged from r961697,
incubator/clerezza/trunk/org.apache.clerezza.parent/org.apache.clerezza.rdf.core/src/main/resources/META-INF/documentation.nt
Modified:
incubator/clerezza/issues/CLEREZZA-253/org.apache.clerezza.rdf.core/pom.xml
incubator/clerezza/issues/CLEREZZA-253/org.apache.clerezza.rdf.core/src/main/java/org/apache/clerezza/rdf/core/access/GraphServiceFactory.java
incubator/clerezza/issues/CLEREZZA-253/org.apache.clerezza.rdf.core/src/main/java/org/apache/clerezza/rdf/core/access/MGraphServiceFactory.java
incubator/clerezza/issues/CLEREZZA-253/org.apache.clerezza.rdf.core/src/main/java/org/apache/clerezza/rdf/core/access/SecuredMGraph.java
incubator/clerezza/issues/CLEREZZA-253/org.apache.clerezza.rdf.core/src/main/java/org/apache/clerezza/rdf/core/access/SecuredTripleCollection.java
incubator/clerezza/issues/CLEREZZA-253/org.apache.clerezza.rdf.core/src/main/java/org/apache/clerezza/rdf/core/access/TcManager.java
Modified:
incubator/clerezza/issues/CLEREZZA-253/org.apache.clerezza.rdf.core/pom.xml
URL:
http://svn.apache.org/viewvc/incubator/clerezza/issues/CLEREZZA-253/org.apache.clerezza.rdf.core/pom.xml?rev=964351&r1=960982&r2=964351&view=diff
==============================================================================
--- incubator/clerezza/issues/CLEREZZA-253/org.apache.clerezza.rdf.core/pom.xml
(original)
+++ incubator/clerezza/issues/CLEREZZA-253/org.apache.clerezza.rdf.core/pom.xml
Thu Jul 15 09:30:12 2010
@@ -25,6 +25,10 @@
<artifactId>org.apache.felix.scr.annotations</artifactId>
</dependency>
<dependency>
+ <groupId>org.apache.clerezza</groupId>
+ <artifactId>org.apache.clerezza.utils</artifactId>
+ </dependency>
+ <dependency>
<groupId>junit</groupId>
<artifactId>junit</artifactId>
<scope>test</scope>
Modified:
incubator/clerezza/issues/CLEREZZA-253/org.apache.clerezza.rdf.core/src/main/java/org/apache/clerezza/rdf/core/access/GraphServiceFactory.java
URL:
http://svn.apache.org/viewvc/incubator/clerezza/issues/CLEREZZA-253/org.apache.clerezza.rdf.core/src/main/java/org/apache/clerezza/rdf/core/access/GraphServiceFactory.java?rev=964351&r1=960982&r2=964351&view=diff
==============================================================================
---
incubator/clerezza/issues/CLEREZZA-253/org.apache.clerezza.rdf.core/src/main/java/org/apache/clerezza/rdf/core/access/GraphServiceFactory.java
(original)
+++
incubator/clerezza/issues/CLEREZZA-253/org.apache.clerezza.rdf.core/src/main/java/org/apache/clerezza/rdf/core/access/GraphServiceFactory.java
Thu Jul 15 09:30:12 2010
@@ -23,6 +23,7 @@ import org.osgi.framework.ServiceFactory
import org.osgi.framework.ServiceRegistration;
import org.apache.clerezza.rdf.core.TripleCollection;
import org.apache.clerezza.rdf.core.UriRef;
+import org.apache.clerezza.rdf.core.access.security.TcAccessController;
import org.apache.clerezza.rdf.core.impl.SimpleGraph;
/**
@@ -33,18 +34,22 @@ import org.apache.clerezza.rdf.core.impl
*/
public class GraphServiceFactory implements ServiceFactory {
- private TcManager tcManager;
- private UriRef name;
+ private final TcManager tcManager;
+ private final UriRef name;
+ private final TcAccessController tcAccessController;
- GraphServiceFactory(TcManager tcManager, UriRef name) {
+ GraphServiceFactory(TcManager tcManager, UriRef name,
+ TcAccessController tcAccessController) {
this.tcManager = tcManager;
this.name = name;
+ this.tcAccessController = tcAccessController;
}
@Override
public Object getService(Bundle arg0, ServiceRegistration arg1) {
TripleCollection tc =
- new
SecuredTripleCollection(tcManager.getGraph(name), name);
+ new
SecuredTripleCollection(tcManager.getGraph(name), name,
+ tcAccessController);
return new SimpleGraph(tc);
}
Modified:
incubator/clerezza/issues/CLEREZZA-253/org.apache.clerezza.rdf.core/src/main/java/org/apache/clerezza/rdf/core/access/MGraphServiceFactory.java
URL:
http://svn.apache.org/viewvc/incubator/clerezza/issues/CLEREZZA-253/org.apache.clerezza.rdf.core/src/main/java/org/apache/clerezza/rdf/core/access/MGraphServiceFactory.java?rev=964351&r1=960982&r2=964351&view=diff
==============================================================================
---
incubator/clerezza/issues/CLEREZZA-253/org.apache.clerezza.rdf.core/src/main/java/org/apache/clerezza/rdf/core/access/MGraphServiceFactory.java
(original)
+++
incubator/clerezza/issues/CLEREZZA-253/org.apache.clerezza.rdf.core/src/main/java/org/apache/clerezza/rdf/core/access/MGraphServiceFactory.java
Thu Jul 15 09:30:12 2010
@@ -22,6 +22,7 @@ import org.osgi.framework.Bundle;
import org.osgi.framework.ServiceFactory;
import org.osgi.framework.ServiceRegistration;
import org.apache.clerezza.rdf.core.UriRef;
+import org.apache.clerezza.rdf.core.access.security.TcAccessController;
/**
* @see <a
href="http://www.osgi.org/javadoc/r4v41/org/osgi/framework/ServiceFactory.html";>
@@ -33,15 +34,18 @@ public class MGraphServiceFactory implem
private TcManager tcManager;
private UriRef name;
+ private final TcAccessController tcAccessController;
- MGraphServiceFactory(TcManager tcManager, UriRef name) {
+ MGraphServiceFactory(TcManager tcManager, UriRef name,
+ TcAccessController tcAccessController) {
this.tcManager = tcManager;
this.name = name;
+ this.tcAccessController = tcAccessController;
}
@Override
public Object getService(Bundle arg0, ServiceRegistration arg1) {
- return new SecuredMGraph(tcManager.getMGraph(name), name);
+ return new SecuredMGraph(tcManager.getMGraph(name), name,
tcAccessController);
}
@Override
Modified:
incubator/clerezza/issues/CLEREZZA-253/org.apache.clerezza.rdf.core/src/main/java/org/apache/clerezza/rdf/core/access/SecuredMGraph.java
URL:
http://svn.apache.org/viewvc/incubator/clerezza/issues/CLEREZZA-253/org.apache.clerezza.rdf.core/src/main/java/org/apache/clerezza/rdf/core/access/SecuredMGraph.java?rev=964351&r1=960982&r2=964351&view=diff
==============================================================================
---
incubator/clerezza/issues/CLEREZZA-253/org.apache.clerezza.rdf.core/src/main/java/org/apache/clerezza/rdf/core/access/SecuredMGraph.java
(original)
+++
incubator/clerezza/issues/CLEREZZA-253/org.apache.clerezza.rdf.core/src/main/java/org/apache/clerezza/rdf/core/access/SecuredMGraph.java
Thu Jul 15 09:30:12 2010
@@ -21,6 +21,7 @@ package org.apache.clerezza.rdf.core.acc
import java.util.concurrent.locks.ReadWriteLock;
import org.apache.clerezza.rdf.core.Graph;
import org.apache.clerezza.rdf.core.UriRef;
+import org.apache.clerezza.rdf.core.access.security.TcAccessController;
import org.apache.clerezza.rdf.core.impl.SimpleGraph;
/**
@@ -34,8 +35,9 @@ public class SecuredMGraph extends Secur
private LockableMGraph wrapped;
- public SecuredMGraph(LockableMGraph wrapped, UriRef name) {
- super(wrapped, name);
+ public SecuredMGraph(LockableMGraph wrapped, UriRef name,
+ TcAccessController tcAccessController) {
+ super(wrapped, name, tcAccessController);
this.wrapped = wrapped;
}
Modified:
incubator/clerezza/issues/CLEREZZA-253/org.apache.clerezza.rdf.core/src/main/java/org/apache/clerezza/rdf/core/access/SecuredTripleCollection.java
URL:
http://svn.apache.org/viewvc/incubator/clerezza/issues/CLEREZZA-253/org.apache.clerezza.rdf.core/src/main/java/org/apache/clerezza/rdf/core/access/SecuredTripleCollection.java?rev=964351&r1=960982&r2=964351&view=diff
==============================================================================
---
incubator/clerezza/issues/CLEREZZA-253/org.apache.clerezza.rdf.core/src/main/java/org/apache/clerezza/rdf/core/access/SecuredTripleCollection.java
(original)
+++
incubator/clerezza/issues/CLEREZZA-253/org.apache.clerezza.rdf.core/src/main/java/org/apache/clerezza/rdf/core/access/SecuredTripleCollection.java
Thu Jul 15 09:30:12 2010
@@ -25,6 +25,7 @@ import org.apache.clerezza.rdf.core.Reso
import org.apache.clerezza.rdf.core.Triple;
import org.apache.clerezza.rdf.core.TripleCollection;
import org.apache.clerezza.rdf.core.UriRef;
+import org.apache.clerezza.rdf.core.access.security.TcAccessController;
import org.apache.clerezza.rdf.core.access.security.TcPermission;
import org.apache.clerezza.rdf.core.event.FilterTriple;
import org.apache.clerezza.rdf.core.event.GraphListener;
@@ -38,12 +39,15 @@ import org.apache.clerezza.rdf.core.even
*/
public class SecuredTripleCollection implements TripleCollection {
- private TripleCollection wrapped;
- private String name;
+ private final TripleCollection wrapped;
+ private final UriRef name;
+ private final TcAccessController tcAccessController;
- public SecuredTripleCollection(TripleCollection wrapped, UriRef name) {
+ public SecuredTripleCollection(TripleCollection wrapped, UriRef name,
+ TcAccessController tcAccessController) {
this.wrapped = wrapped;
- this.name = name.getUnicodeString();
+ this.name = name;
+ this.tcAccessController = tcAccessController;
}
@Override
@@ -160,19 +164,11 @@ public class SecuredTripleCollection imp
}
private void checkRead() {
- SecurityManager security = System.getSecurityManager();
- if (security != null) {
- security.checkPermission(new TcPermission(name,
- TcPermission.READ));
- }
+ tcAccessController.checkReadPermission(name);
}
private void checkWrite() {
- SecurityManager security = System.getSecurityManager();
- if (security != null) {
- security.checkPermission(new TcPermission(name,
- TcPermission.READWRITE));
- }
+ tcAccessController.checkReadWritePermission(name);
}
@Override
Modified:
incubator/clerezza/issues/CLEREZZA-253/org.apache.clerezza.rdf.core/src/main/java/org/apache/clerezza/rdf/core/access/TcManager.java
URL:
http://svn.apache.org/viewvc/incubator/clerezza/issues/CLEREZZA-253/org.apache.clerezza.rdf.core/src/main/java/org/apache/clerezza/rdf/core/access/TcManager.java?rev=964351&r1=960982&r2=964351&view=diff
==============================================================================
---
incubator/clerezza/issues/CLEREZZA-253/org.apache.clerezza.rdf.core/src/main/java/org/apache/clerezza/rdf/core/access/TcManager.java
(original)
+++
incubator/clerezza/issues/CLEREZZA-253/org.apache.clerezza.rdf.core/src/main/java/org/apache/clerezza/rdf/core/access/TcManager.java
Thu Jul 15 09:30:12 2010
@@ -18,7 +18,6 @@
*/
package org.apache.clerezza.rdf.core.access;
-import org.apache.clerezza.rdf.core.access.security.TcPermission;
import org.apache.clerezza.rdf.core.impl.WriteBlockedMGraph;
import org.apache.clerezza.rdf.core.impl.WriteBlockedTripleCollection;
@@ -43,6 +42,8 @@ import org.apache.clerezza.rdf.core.Grap
import org.apache.clerezza.rdf.core.MGraph;
import org.apache.clerezza.rdf.core.TripleCollection;
import org.apache.clerezza.rdf.core.UriRef;
+import org.apache.clerezza.rdf.core.access.security.TcAccessController;
+import org.apache.clerezza.rdf.core.access.security.TcAccessController;
import org.apache.clerezza.rdf.core.sparql.query.AskQuery;
import org.apache.clerezza.rdf.core.sparql.query.ConstructQuery;
import org.apache.clerezza.rdf.core.sparql.query.DescribeQuery;
@@ -51,6 +52,11 @@ import org.apache.clerezza.rdf.core.spar
import org.apache.clerezza.rdf.core.sparql.QueryEngine;
import org.apache.clerezza.rdf.core.sparql.ResultSet;
import org.apache.clerezza.rdf.core.sparql.query.SelectQuery;
+import org.apache.felix.scr.annotations.Component;
+import org.apache.felix.scr.annotations.Reference;
+import org.apache.felix.scr.annotations.ReferenceCardinality;
+import org.apache.felix.scr.annotations.ReferencePolicy;
+import org.apache.felix.scr.annotations.Service;
/**
* This class implements <code>TcManager</code>, delegating the actual
@@ -74,19 +80,20 @@ import org.apache.clerezza.rdf.core.spar
*
* @author reto, mir, hasan
*
- * @scr.component
- * @scr.service interface="org.apache.clerezza.rdf.core.access.TcManager"
- * @scr.reference name="weightedTcProvider" cardinality="1..n"
- * policy="dynamic"
- *
interface="org.apache.clerezza.rdf.core.access.WeightedTcProvider"
- *
*/
+...@component
+...@service(TcManager.class)
+...@reference(name="weightedTcProvider", policy=ReferencePolicy.DYNAMIC,
+ referenceInterface=WeightedTcProvider.class,
+ cardinality=ReferenceCardinality.MANDATORY_MULTIPLE)
public class TcManager implements TcProvider {
private SortedSet<WeightedTcProvider> providerList = new
TreeSet<WeightedTcProvider>(
new WeightedProviderComparator());
private static volatile TcManager instance;
+ private TcAccessController tcAccessController = new
TcAccessController(this);
+
/**
* Mapping to LockableMGraph's and ServiceRegistration using their
URI's as key.
* Makes sure that per URI only one instance of the LockableMGraph is
used,
@@ -271,10 +278,10 @@ public class TcManager implements TcProv
MGraph.class.getName(),
LockableMGraph.class.getName()
};
- service = new MGraphServiceFactory(this, name);
+ service = new MGraphServiceFactory(this, name,
tcAccessController);
} else if (triples instanceof Graph) {
interfaceNames = new String[]{Graph.class.getName()};
- service = new GraphServiceFactory(this, name);
+ service = new GraphServiceFactory(this, name,
tcAccessController);
} else {
return null;
}
@@ -326,11 +333,7 @@ public class TcManager implements TcProv
@Override
public Graph getGraph(UriRef name) throws NoSuchEntityException {
- SecurityManager security = System.getSecurityManager();
- if (security != null) {
- security.checkPermission(new
TcPermission(name.getUnicodeString(),
- "read"));
- }
+ tcAccessController.checkReadPermission(name);
for (TcProvider provider : providerList) {
try {
return provider.getGraph(name);
@@ -345,16 +348,11 @@ public class TcManager implements TcProv
@Override
public LockableMGraph getMGraph(UriRef name) {
- SecurityManager security = System.getSecurityManager();
- if (security != null) {
- try {
- security.checkPermission(new TcPermission(name
- .getUnicodeString(),
"readwrite"));
- } catch (AccessControlException e) {
- security.checkPermission(new TcPermission(name
- .getUnicodeString(), "read"));
- return new
WriteBlockedMGraph(getUnsecuredMGraph(name));
- }
+ try {
+ tcAccessController.checkReadWritePermission(name);
+ } catch (AccessControlException e) {
+ tcAccessController.checkReadPermission(name);
+ return new WriteBlockedMGraph(getUnsecuredMGraph(name));
}
return getUnsecuredMGraph(name);
}
@@ -412,17 +410,12 @@ public class TcManager implements TcProv
@Override
public TripleCollection getTriples(UriRef name) {
- SecurityManager security = System.getSecurityManager();
- if (security != null) {
- try {
- security.checkPermission(new TcPermission(name
- .getUnicodeString(),
"readwrite"));
- } catch (AccessControlException e) {
- security.checkPermission(new TcPermission(name
- .getUnicodeString(), "read"));
- return new WriteBlockedTripleCollection(
- getUnsecuredTriples(name));
- }
+ try {
+ tcAccessController.checkReadWritePermission(name);
+ } catch (AccessControlException e) {
+ tcAccessController.checkReadPermission(name);
+ return new WriteBlockedTripleCollection(
+ getUnsecuredTriples(name));
}
return getUnsecuredTriples(name);
}
@@ -451,11 +444,7 @@ public class TcManager implements TcProv
@Override
public LockableMGraph createMGraph(UriRef name)
throws UnsupportedOperationException {
- SecurityManager security = System.getSecurityManager();
- if (security != null) {
- security.checkPermission(new
TcPermission(name.getUnicodeString(),
- "readwrite"));
- }
+ tcAccessController.checkReadWritePermission(name);
for (WeightedTcProvider provider : providerList) {
try {
MGraph providedMGraph =
provider.createMGraph(name);
@@ -486,11 +475,7 @@ public class TcManager implements TcProv
@Override
public Graph createGraph(UriRef name, TripleCollection triples) {
- SecurityManager security = System.getSecurityManager();
- if (security != null) {
- security.checkPermission(new
TcPermission(name.getUnicodeString(),
- "readwrite"));
- }
+ tcAccessController.checkReadWritePermission(name);
for (WeightedTcProvider provider : providerList) {
try {
Graph result = provider.createGraph(name,
triples);
@@ -515,11 +500,7 @@ public class TcManager implements TcProv
@Override
public void deleteTripleCollection(UriRef name) {
- SecurityManager security = System.getSecurityManager();
- if (security != null) {
- security.checkPermission(new
TcPermission(name.getUnicodeString(),
- "readwrite"));
- }
+ tcAccessController.checkReadWritePermission(name);
for (TcProvider provider : providerList) {
try {
provider.deleteTripleCollection(name);
@@ -591,8 +572,7 @@ public class TcManager implements TcProv
Set<UriRef> result = new HashSet<UriRef>();
for (UriRef name : tcNames) {
try {
- security.checkPermission(new TcPermission(name
- .getUnicodeString(), "read"));
+ tcAccessController.checkReadPermission(name);
} catch (AccessControlException e) {
continue;
}
@@ -720,6 +700,14 @@ public class TcManager implements TcProv
}
/**
+ * @return the TcAccessController that can be used to set the
permissions
+ * needed to access a Triple Collection
+ */
+ public TcAccessController getTcAccessController() {
+ return tcAccessController;
+ }
+
+ /**
* Contains an unsecured LockableMGraph, a ServiceRegistration and
* the WeightedTcProvider that generated the graph
*/
Added:
incubator/clerezza/issues/CLEREZZA-253/org.apache.clerezza.rdf.core/src/main/java/org/apache/clerezza/rdf/core/access/security/TcAccessController.java
URL:
http://svn.apache.org/viewvc/incubator/clerezza/issues/CLEREZZA-253/org.apache.clerezza.rdf.core/src/main/java/org/apache/clerezza/rdf/core/access/security/TcAccessController.java?rev=964351&view=auto
==============================================================================
---
incubator/clerezza/issues/CLEREZZA-253/org.apache.clerezza.rdf.core/src/main/java/org/apache/clerezza/rdf/core/access/security/TcAccessController.java
(added)
+++
incubator/clerezza/issues/CLEREZZA-253/org.apache.clerezza.rdf.core/src/main/java/org/apache/clerezza/rdf/core/access/security/TcAccessController.java
Thu Jul 15 09:30:12 2010
@@ -0,0 +1,218 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.clerezza.rdf.core.access.security;
+
+import java.security.AccessController;
+import java.security.Permission;
+import java.util.ArrayList;
+import java.util.Collection;
+import java.util.Collections;
+import java.util.HashMap;
+import java.util.Iterator;
+import java.util.LinkedList;
+import java.util.Map;
+import java.util.NoSuchElementException;
+import java.util.concurrent.locks.Lock;
+import org.apache.clerezza.rdf.core.BNode;
+import org.apache.clerezza.rdf.core.LiteralFactory;
+import org.apache.clerezza.rdf.core.NonLiteral;
+import org.apache.clerezza.rdf.core.Resource;
+import org.apache.clerezza.rdf.core.Triple;
+import org.apache.clerezza.rdf.core.TypedLiteral;
+import org.apache.clerezza.rdf.core.UriRef;
+import org.apache.clerezza.rdf.core.access.LockableMGraph;
+import org.apache.clerezza.rdf.core.access.NoSuchEntityException;
+import org.apache.clerezza.rdf.core.access.TcManager;
+import org.apache.clerezza.rdf.core.impl.TripleImpl;
+import org.apache.clerezza.utils.security.PermissionParser;
+
+/**
+ * Controls the permissions needed to access a triple collection provided by
+ * <code>TcManager</code>.
+ *
+ * Clients with a ConfigureTcAcessPermission can set the permissions required
to
+ * access a TripleCollection. These permissions are stored persistently in an
+ * MGraph named http://zz.localhost/graph-access.graph
+ *
+ * @author reto
+ */
+public class TcAccessController {
+
+ private final TcManager tcManager;
+ private final UriRef permissionGraphName = new
UriRef("http://zz.localhost/graph-access.graph";);
+ //we can't rely on ontology plugin in rdf core
+ private String ontologyNamespace =
"http://clerezza.apache.org/2010/07/10/graphpermssions#";;
+ private final UriRef readPermissionListProperty = new
UriRef(ontologyNamespace + "readPermissionList");
+ /**
+ * The first item in the subject RDF list.
+ */
+ public static final UriRef first = new
UriRef("http://www.w3.org/1999/02/22-rdf-syntax-ns#first";);
+ /**
+ * The rest of the subject RDF list after the first item.
+ */
+ public static final UriRef rest = new
UriRef("http://www.w3.org/1999/02/22-rdf-syntax-ns#rest";);
+ public static final UriRef rdfNil = new
UriRef("http://www.w3.org/1999/02/22-rdf-syntax-ns#nil";);
+ private final Map<UriRef, Collection<Permission>> permissionCache =
+ Collections.synchronizedMap(new HashMap<UriRef,
Collection<Permission>>());
+
+ /**
+ *
+ * @param tcManager the tcManager used to locate
http://zz.localhost/graph-access.graph
+ */
+ public TcAccessController(TcManager tcManager) {
+ this.tcManager = tcManager;
+ }
+
+ public void checkReadPermission(UriRef tripleCollectionUri) {
+ if (tripleCollectionUri.equals(permissionGraphName)) {
+ //This is world readable, as this prevents as from
doingf things as
+ //priviledged during verfification
+ return;
+ }
+ SecurityManager security = System.getSecurityManager();
+ if (security != null) {
+ Collection<Permission> perms =
getRequiredReadPermissions(tripleCollectionUri);
+ if (perms.size() > 0) {
+ for (Permission permission : perms) {
+
AccessController.checkPermission(permission);
+ }
+ } else {
+ AccessController.checkPermission(new
TcPermission(
+
tripleCollectionUri.getUnicodeString(), TcPermission.READ));
+ }
+ }
+ }
+
+ public void checkReadWritePermission(UriRef tripleCollectionUri) {
+ SecurityManager security = System.getSecurityManager();
+ if (security != null) {
+ AccessController.checkPermission(new TcPermission(
+ tripleCollectionUri.getUnicodeString(),
TcPermission.READWRITE));
+ }
+ }
+
+ /**
+ * Set the set of permissions required to access a triple-collection, if
+ * the set is non-empty the default TCPermisson is no longer required.
+ *
+ * @param tripleCollectionUri
+ * @param permissionDescriptions
+ */
+ public void setRequiredReadPermissions(UriRef tripleCollectionUri,
+ Collection<String> permissionDescriptions) {
+ permissionCache.remove(tripleCollectionUri);
+ final LockableMGraph permissionMGraph =
tcManager.getMGraph(permissionGraphName);
+ Lock l = permissionMGraph.getLock().writeLock();
+ l.lock();
+ try {
+
removeExistingRequiredReadPermissions(tripleCollectionUri, permissionMGraph);
+ final NonLiteral permissionList =
createList(permissionDescriptions.iterator(), permissionMGraph);
+ permissionMGraph.add(new TripleImpl(tripleCollectionUri,
+ readPermissionListProperty,
permissionList));
+ } finally {
+ l.unlock();
+ }
+ }
+
+ private Collection<Permission> getRequiredReadPermissions(UriRef
tripleCollectionUri) {
+ Collection<Permission> result =
permissionCache.get(tripleCollectionUri);
+ if (result == null) {
+ result = new ArrayList<Permission>();
+ Collection<String> permissionStrings =
getRequiredReadPermissionStrings(tripleCollectionUri);
+ for (String string : permissionStrings) {
+
result.add(PermissionParser.getPermission(string, getClass().getClassLoader()));
+ }
+ permissionCache.put(tripleCollectionUri, result);
+ }
+ return result;
+ }
+
+ private NonLiteral createList(Iterator<String> iterator, LockableMGraph
permissionMGraph) {
+ if (!iterator.hasNext()) {
+ return rdfNil;
+ }
+ final BNode result = new BNode();
+ permissionMGraph.add(new TripleImpl(result, first,
+
LiteralFactory.getInstance().createTypedLiteral(iterator.next())));
+ permissionMGraph.add(new TripleImpl(result, first,
+ createList(iterator, permissionMGraph)));
+ return result;
+
+ }
+
+ //called withiong write-lock
+ private void removeExistingRequiredReadPermissions(UriRef
tripleCollectionUri,
+ LockableMGraph permissionMGraph) {
+ try {
+ Triple t = permissionMGraph.filter(tripleCollectionUri,
readPermissionListProperty, null).next();
+ Resource list = t.getObject();
+ removeList((NonLiteral) list, permissionMGraph);
+ permissionMGraph.remove(t);
+ } catch (NoSuchElementException e) {
+ //There was no existing to remove
+ }
+ }
+
+ private void removeList(NonLiteral list, LockableMGraph
permissionMGraph) {
+ try {
+ Triple t = permissionMGraph.filter(list, rest,
null).next();
+ Resource restList = t.getObject();
+ removeList((NonLiteral) restList, permissionMGraph);
+ permissionMGraph.remove(t);
+ Iterator<Triple> iter = permissionMGraph.filter(list,
first, null);
+ iter.next();
+ iter.remove();
+ } catch (NoSuchElementException e) {
+ //if it has no rest its rdf:NIL and has no first
+ }
+ }
+
+ private Collection<String> getRequiredReadPermissionStrings(final
UriRef tripleCollectionUri) {
+ try {
+ final LockableMGraph permissionMGraph =
tcManager.getMGraph(permissionGraphName);
+ Lock l = permissionMGraph.getLock().readLock();
+ try {
+ Triple t =
permissionMGraph.filter(tripleCollectionUri, readPermissionListProperty,
null).next();
+ NonLiteral list = (NonLiteral) t.getObject();
+ LinkedList<String> result = new
LinkedList<String>();
+ readList(list, permissionMGraph, result);
+ return result;
+ } catch (NoSuchElementException e) {
+ return new ArrayList<String>(0);
+ } finally {
+ l.unlock();
+ }
+ } catch (NoSuchEntityException e) {
+ return new ArrayList<String>(0);
+ }
+ }
+
+ private void readList(NonLiteral list, LockableMGraph permissionMGraph,
LinkedList<String> target) {
+ if (list.equals(rdfNil)) {
+ return;
+ }
+ Triple restTriple = permissionMGraph.filter(list, rest,
null).next();
+ NonLiteral restList = (NonLiteral) restTriple.getObject();
+ readList(restList, permissionMGraph, target);
+ Triple firstTriple = permissionMGraph.filter(list, first,
null).next();
+ TypedLiteral firstValue = (TypedLiteral)
firstTriple.getObject();
+ String value =
LiteralFactory.getInstance().createObject(String.class, firstValue);
+ target.addFirst(value);
+ }
+}
