Author: reto
Date: Thu Jul 15 14:40:51 2010
New Revision: 964446
URL: http://svn.apache.org/viewvc?rev=964446&view=rev
Log:
CLEREZZA-253: added readwrite support
Modified:
incubator/clerezza/issues/CLEREZZA-253/org.apache.clerezza.rdf.core/src/main/java/org/apache/clerezza/rdf/core/access/security/TcAccessController.java
Modified:
incubator/clerezza/issues/CLEREZZA-253/org.apache.clerezza.rdf.core/src/main/java/org/apache/clerezza/rdf/core/access/security/TcAccessController.java
URL:
http://svn.apache.org/viewvc/incubator/clerezza/issues/CLEREZZA-253/org.apache.clerezza.rdf.core/src/main/java/org/apache/clerezza/rdf/core/access/security/TcAccessController.java?rev=964446&r1=964445&r2=964446&view=diff
==============================================================================
---
incubator/clerezza/issues/CLEREZZA-253/org.apache.clerezza.rdf.core/src/main/java/org/apache/clerezza/rdf/core/access/security/TcAccessController.java
(original)
+++
incubator/clerezza/issues/CLEREZZA-253/org.apache.clerezza.rdf.core/src/main/java/org/apache/clerezza/rdf/core/access/security/TcAccessController.java
Thu Jul 15 14:40:51 2010
@@ -59,6 +59,7 @@ public class TcAccessController {
//we can't rely on ontology plugin in rdf core
private String ontologyNamespace =
"http://clerezza.apache.org/2010/07/10/graphpermssions#";;
private final UriRef readPermissionListProperty = new
UriRef(ontologyNamespace + "readPermissionList");
+ private final UriRef readWritePermissionListProperty = new
UriRef(ontologyNamespace + "readWritePermissionList");
/**
* The first item in the subject RDF list.
*/
@@ -68,7 +69,9 @@ public class TcAccessController {
*/
public static final UriRef rest = new
UriRef("http://www.w3.org/1999/02/22-rdf-syntax-ns#rest";);
public static final UriRef rdfNil = new
UriRef("http://www.w3.org/1999/02/22-rdf-syntax-ns#nil";);
- private final Map<UriRef, Collection<Permission>> permissionCache =
+ private final Map<UriRef, Collection<Permission>> readPermissionCache =
+ Collections.synchronizedMap(new HashMap<UriRef,
Collection<Permission>>());
+ private final Map<UriRef, Collection<Permission>>
readWritePermissionCache =
Collections.synchronizedMap(new HashMap<UriRef,
Collection<Permission>>());
/**
@@ -102,13 +105,25 @@ public class TcAccessController {
public void checkReadWritePermission(UriRef tripleCollectionUri) {
SecurityManager security = System.getSecurityManager();
if (security != null) {
- AccessController.checkPermission(new TcPermission(
- tripleCollectionUri.getUnicodeString(),
TcPermission.READWRITE));
+ if (tripleCollectionUri.equals(permissionGraphName)) {
+ AccessController.checkPermission(new
TcPermission(
+
tripleCollectionUri.getUnicodeString(), TcPermission.READWRITE));
+ } else {
+ Collection<Permission> perms =
getRequiredReadWritePermissions(tripleCollectionUri);
+ if (perms.size() > 0) {
+ for (Permission permission : perms) {
+
AccessController.checkPermission(permission);
+ }
+ } else {
+ AccessController.checkPermission(new
TcPermission(
+
tripleCollectionUri.getUnicodeString(), TcPermission.READWRITE));
+ }
+ }
}
}
/**
- * Set the set of permissions required to access a triple-collection, if
+ * Set the set of permissions required for read access to a
triple-collection, if
* the set is non-empty the default TCPermisson is no longer required.
*
* @param tripleCollectionUri
@@ -116,7 +131,7 @@ public class TcAccessController {
*/
public void setRequiredReadPermissions(UriRef tripleCollectionUri,
Collection<String> permissionDescriptions) {
- permissionCache.remove(tripleCollectionUri);
+ readPermissionCache.remove(tripleCollectionUri);
final LockableMGraph permissionMGraph =
getOrCreatePermisionGraph();
Lock l = permissionMGraph.getLock().writeLock();
l.lock();
@@ -130,15 +145,52 @@ public class TcAccessController {
}
}
+ /**
+ * Set the set of permissions required for read-write access to a
+ * triple-collection, if
+ * the set is non-empty the default TCPermisson is no longer required.
+ *
+ * @param tripleCollectionUri
+ * @param permissionDescriptions
+ */
+ public void setRequiredReadWritePermissions(UriRef tripleCollectionUri,
+ Collection<String> permissionDescriptions) {
+ readWritePermissionCache.remove(tripleCollectionUri);
+ final LockableMGraph permissionMGraph =
getOrCreatePermisionGraph();
+ Lock l = permissionMGraph.getLock().writeLock();
+ l.lock();
+ try {
+
removeExistingRequiredReadPermissions(tripleCollectionUri, permissionMGraph);
+ final NonLiteral permissionList =
createList(permissionDescriptions.iterator(), permissionMGraph);
+ permissionMGraph.add(new TripleImpl(tripleCollectionUri,
+ readWritePermissionListProperty,
permissionList));
+ } finally {
+ l.unlock();
+ }
+ }
+
private Collection<Permission> getRequiredReadPermissions(UriRef
tripleCollectionUri) {
- Collection<Permission> result =
permissionCache.get(tripleCollectionUri);
+ Collection<Permission> result =
readPermissionCache.get(tripleCollectionUri);
if (result == null) {
result = new ArrayList<Permission>();
Collection<String> permissionStrings =
getRequiredReadPermissionStrings(tripleCollectionUri);
for (String string : permissionStrings) {
result.add(PermissionParser.getPermission(string, getClass().getClassLoader()));
}
- permissionCache.put(tripleCollectionUri, result);
+ readPermissionCache.put(tripleCollectionUri, result);
+ }
+ return result;
+ }
+
+ private Collection<Permission> getRequiredReadWritePermissions(UriRef
tripleCollectionUri) {
+ Collection<Permission> result =
readWritePermissionCache.get(tripleCollectionUri);
+ if (result == null) {
+ result = new ArrayList<Permission>();
+ Collection<String> permissionStrings =
getRequiredReadWritePermissionStrings(tripleCollectionUri);
+ for (String string : permissionStrings) {
+
result.add(PermissionParser.getPermission(string, getClass().getClassLoader()));
+ }
+ readWritePermissionCache.put(tripleCollectionUri,
result);
}
return result;
}
@@ -183,13 +235,19 @@ public class TcAccessController {
}
}
+ private Collection<String> getRequiredReadWritePermissionStrings(final
UriRef tripleCollectionUri) {
+ return getRequiredPermissionStrings(tripleCollectionUri,
readWritePermissionListProperty);
+ }
private Collection<String> getRequiredReadPermissionStrings(final
UriRef tripleCollectionUri) {
+ return getRequiredPermissionStrings(tripleCollectionUri,
readPermissionListProperty);
+ }
+ private Collection<String> getRequiredPermissionStrings(final UriRef
tripleCollectionUri, UriRef property) {
try {
final LockableMGraph permissionMGraph =
tcManager.getMGraph(permissionGraphName);
Lock l = permissionMGraph.getLock().readLock();
l.lock();
try {
- Triple t =
permissionMGraph.filter(tripleCollectionUri, readPermissionListProperty,
null).next();
+ Triple t =
permissionMGraph.filter(tripleCollectionUri, property, null).next();
NonLiteral list = (NonLiteral) t.getObject();
LinkedList<String> result = new
LinkedList<String>();
readList(list, permissionMGraph, result);
