Added example code Added example.jar Added example fuseki configuration
Project: http://git-wip-us.apache.org/repos/asf/jena/repo Commit: http://git-wip-us.apache.org/repos/asf/jena/commit/0e135b58 Tree: http://git-wip-us.apache.org/repos/asf/jena/tree/0e135b58 Diff: http://git-wip-us.apache.org/repos/asf/jena/diff/0e135b58 Branch: refs/heads/master Commit: 0e135b58afd159487f9f156251582064a4104249 Parents: 51f169e Author: Claude Warren <[email protected]> Authored: Sat Jan 24 21:08:11 2015 +0000 Committer: Claude Warren <[email protected]> Committed: Sat Jan 24 21:08:11 2015 +0000 ---------------------------------------------------------------------- jena-security/pom.xml | 68 +++++++++ .../jena/security/example/ExampleEvaluator.java | 147 ++++++++++++++++++ .../jena/security/example/SecurityExample.java | 93 +++++++++++ .../security/example/ShiroExampleEvaluator.java | 153 +++++++++++++++++++ .../jena/security/example/ExampleEvaluator.java | 147 ------------------ .../jena/security/example/SecurityExample.java | 93 ----------- .../apache/jena/security/example/example.ttl | 49 ------ .../apache/jena/security/example/example.ttl | 49 ++++++ .../jena/security/example/fuseki/config.ttl | 82 ++++++++++ .../jena/security/example/fuseki/shiro.ini | 47 ++++++ .../apache/jena/security/query/DataSetTest.java | 4 +- .../jena/security/query/QueryEngineTest.java | 7 +- 12 files changed, 645 insertions(+), 294 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/jena/blob/0e135b58/jena-security/pom.xml ---------------------------------------------------------------------- diff --git a/jena-security/pom.xml b/jena-security/pom.xml index 0b4bd80..7632b64 100644 --- a/jena-security/pom.xml +++ b/jena-security/pom.xml @@ -62,10 +62,45 @@ <build> <plugins> <plugin> + <groupId>org.codehaus.mojo</groupId> + <artifactId>build-helper-maven-plugin</artifactId> + <version>1.9.1</version> + <executions> + <execution> + <id>add-example-source</id> + <phase>generate-sources</phase> + <goals> + <goal>add-source</goal> + </goals> + <configuration> + <sources> + <source>src/example/java</source> + </sources> + </configuration> + </execution> + <execution> + <id>add-example-resource</id> + <phase>generate-sources</phase> + <goals> + <goal>add-resource</goal> + </goals> + <configuration> + <resources> + <resource> + <directory>src/example/resources</directory> + <targetPath>${project.build.outputDirectory}</targetPath> + </resource> + </resources> + </configuration> + </execution> + </executions> + </plugin> + <plugin> <groupId>org.apache.maven.plugins</groupId> <artifactId>maven-javadoc-plugin</artifactId> <!-- <version>2.9</version> --> <configuration> + <excludePackageNames>org.apache.jena.security.example:org.apache.jena.security.example.*</excludePackageNames> <tags> <tag> <name>sec.graph</name> @@ -81,6 +116,7 @@ </tag> </tags> <overview>${basedir}/src/main/overview.html</overview> + </configuration> <executions> <execution> @@ -94,12 +130,38 @@ <plugin> <groupId>org.apache.maven.plugins</groupId> <artifactId>maven-jar-plugin</artifactId> + <configuration> + <excludes> + <exclude>org/apache/jena/security/example/**</exclude> + </excludes> + </configuration> <executions> <execution> + <id>create-test-jar</id> <goals> <goal>test-jar</goal> </goals> </execution> + <execution> + <id>create-example-jar</id> + <phase>package</phase> + <goals> + <goal>jar</goal> + </goals> + <configuration> + <classedDirectory>target</classedDirectory> + <classifier>example</classifier> + <includes> + <include>../src/example/**</include> + <include>../src/example</include> + <include>META-INF/**</include> + <include>org/apache/jena/security/example/**</include> + </includes> + <excludes> + <exclude>META-INF/DEPENDENCIES</exclude> + </excludes> + </configuration> + </execution> </executions> </plugin> </plugins> @@ -131,5 +193,11 @@ <groupId>org.apache.commons</groupId> <artifactId>commons-lang3</artifactId> </dependency> + <dependency> + <groupId>org.apache.shiro</groupId> + <artifactId>shiro-core</artifactId> + <version>1.2.2</version> + <scope>provided</scope> + </dependency> </dependencies> </project> http://git-wip-us.apache.org/repos/asf/jena/blob/0e135b58/jena-security/src/example/java/org/apache/jena/security/example/ExampleEvaluator.java ---------------------------------------------------------------------- diff --git a/jena-security/src/example/java/org/apache/jena/security/example/ExampleEvaluator.java b/jena-security/src/example/java/org/apache/jena/security/example/ExampleEvaluator.java new file mode 100644 index 0000000..2ec4cb0 --- /dev/null +++ b/jena-security/src/example/java/org/apache/jena/security/example/ExampleEvaluator.java @@ -0,0 +1,147 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package org.apache.jena.security.example; + +import java.security.Principal; +import java.util.Set; + +import org.apache.http.auth.BasicUserPrincipal; +import org.apache.jena.security.SecurityEvaluator; + +import com.hp.hpl.jena.graph.NodeFactory; +import com.hp.hpl.jena.rdf.model.AnonId; +import com.hp.hpl.jena.rdf.model.Model; +import com.hp.hpl.jena.rdf.model.Property; +import com.hp.hpl.jena.rdf.model.RDFNode; +import com.hp.hpl.jena.rdf.model.Resource; +import com.hp.hpl.jena.rdf.model.ResourceFactory; +import com.hp.hpl.jena.vocabulary.RDF; + +/** + * An example evaluator that only provides access to messages in the graph that + * are from or to the principal. + * + */ +public class ExampleEvaluator implements SecurityEvaluator { + + private Principal principal; + private Model model; + private RDFNode msgType = ResourceFactory.createResource( "http://example.com/msg"; ); + private Property pTo = ResourceFactory.createProperty( "http://example.com/to"; ); + private Property pFrom = ResourceFactory.createProperty( "http://example.com/from"; ); + + /** + * + * @param model The graph we are going to evaluate against. + */ + public ExampleEvaluator( Model model ) + { + this.model = model; + } + + @Override + public boolean evaluate(Object principal, Action action, SecNode graphIRI) { + // we allow any action on a graph. + return true; + } + + private boolean evaluate( Object principalObj, Resource r ) + { + Principal principal = (Principal)principalObj; + // a message is only available to sender or recipient + if (r.hasProperty( RDF.type, msgType )) + { + return r.hasProperty( pTo, principal.getName() ) || + r.hasProperty( pFrom, principal.getName()); + } + return true; + } + + private boolean evaluate( Object principal, SecNode node ) + { + if (node.equals( SecNode.ANY )) { + return false; // all wild cards are false + } + + if (node.getType().equals( SecNode.Type.URI)) { + Resource r = model.createResource( node.getValue() ); + return evaluate( principal, r ); + } + else if (node.getType().equals( SecNode.Type.Anonymous)) { + Resource r = model.getRDFNode( NodeFactory.createAnon( new AnonId( node.getValue()) ) ).asResource(); + return evaluate( principal, r ); + } + else + { + return true; + } + + } + + private boolean evaluate( Object principal, SecTriple triple ) { + return evaluate( principal, triple.getSubject()) && + evaluate( principal, triple.getObject()) && + evaluate( principal, triple.getPredicate()); + } + + @Override + public boolean evaluate(Object principal, Action action, SecNode graphIRI, SecTriple triple) { + return evaluate( principal, triple ); + } + + @Override + public boolean evaluate(Object principal, Set<Action> actions, SecNode graphIRI) { + return true; + } + + @Override + public boolean evaluate(Object principal, Set<Action> actions, SecNode graphIRI, + SecTriple triple) { + return evaluate( principal, triple ); + } + + @Override + public boolean evaluateAny(Object principal, Set<Action> actions, SecNode graphIRI) { + return true; + } + + @Override + public boolean evaluateAny(Object principal, Set<Action> actions, SecNode graphIRI, + SecTriple triple) { + return evaluate( principal, triple ); + } + + @Override + public boolean evaluateUpdate(Object principal, SecNode graphIRI, SecTriple from, SecTriple to) { + return evaluate( principal, from ) && evaluate( principal, to ); + } + + public void setPrincipal( String userName ) + { + if (userName == null) + { + principal = null; + } + principal = new BasicUserPrincipal( userName ); + } + @Override + public Principal getPrincipal() { + return principal; + } + +} http://git-wip-us.apache.org/repos/asf/jena/blob/0e135b58/jena-security/src/example/java/org/apache/jena/security/example/SecurityExample.java ---------------------------------------------------------------------- diff --git a/jena-security/src/example/java/org/apache/jena/security/example/SecurityExample.java b/jena-security/src/example/java/org/apache/jena/security/example/SecurityExample.java new file mode 100644 index 0000000..9a8ae36 --- /dev/null +++ b/jena-security/src/example/java/org/apache/jena/security/example/SecurityExample.java @@ -0,0 +1,93 @@ +/** + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package org.apache.jena.security.example; + +import java.net.URL; + +import org.apache.jena.security.Factory; + +import com.hp.hpl.jena.rdf.model.Model; +import com.hp.hpl.jena.rdf.model.ModelFactory; +import com.hp.hpl.jena.rdf.model.Property; +import com.hp.hpl.jena.rdf.model.RDFNode; +import com.hp.hpl.jena.rdf.model.ResIterator; +import com.hp.hpl.jena.rdf.model.Resource; +import com.hp.hpl.jena.rdf.model.ResourceFactory; +import com.hp.hpl.jena.rdf.model.Statement; +import com.hp.hpl.jena.vocabulary.RDF; + +public class SecurityExample { + + /** + * @param args + */ + + public static void main(String[] args) { + String[] names = { "alice", "bob", "chuck", "darla" }; + + RDFNode msgType = ResourceFactory + .createResource("http://example.com/msg";); + Property pTo = ResourceFactory.createProperty("http://example.com/to";); + Property pFrom = ResourceFactory + .createProperty("http://example.com/from";); + Property pSubj = ResourceFactory + .createProperty("http://example.com/subj";); + + Model model = ModelFactory.createDefaultModel(); + URL url = SecurityExample.class.getClassLoader().getResource( + "org/apache/jena/security/example/example.ttl"); + model.read(url.toExternalForm()); + ResIterator ri = model.listSubjectsWithProperty(RDF.type, msgType); + System.out.println("All the messages"); + while (ri.hasNext()) { + Resource msg = ri.next(); + Statement to = msg.getProperty(pTo); + Statement from = msg.getProperty(pFrom); + Statement subj = msg.getProperty(pSubj); + System.out.println(String.format("%s to: %s from: %s subj: %s", + msg, to.getObject(), from.getObject(), subj.getObject())); + } + System.out.println(); + + ExampleEvaluator evaluator = new ExampleEvaluator(model); + model = Factory.getInstance(evaluator, + "http://example.com/SecuredModel";, model); + for (String userName : names) { + evaluator.setPrincipal(userName); + + System.out.println("Messages " + userName + " can manipulate"); + ri = model.listSubjectsWithProperty(RDF.type, msgType); + while (ri.hasNext()) { + Resource msg = ri.next(); + Statement to = msg.getProperty(pTo); + Statement from = msg.getProperty(pFrom); + Statement subj = msg.getProperty(pSubj); + System.out.println(String.format( + "%s to: %s from: %s subj: %s", msg, to.getObject(), + from.getObject(), subj.getObject())); + } + ri.close(); + for (String name : names) + { + System.out.println( String.format( "%s messages to %s", model.listSubjectsWithProperty( pTo, name ).toList().size(), name ) ); + } + System.out.println(); + } + } + +} http://git-wip-us.apache.org/repos/asf/jena/blob/0e135b58/jena-security/src/example/java/org/apache/jena/security/example/ShiroExampleEvaluator.java ---------------------------------------------------------------------- diff --git a/jena-security/src/example/java/org/apache/jena/security/example/ShiroExampleEvaluator.java b/jena-security/src/example/java/org/apache/jena/security/example/ShiroExampleEvaluator.java new file mode 100644 index 0000000..87fca4e --- /dev/null +++ b/jena-security/src/example/java/org/apache/jena/security/example/ShiroExampleEvaluator.java @@ -0,0 +1,153 @@ +/** + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package org.apache.jena.security.example; + +import java.util.Set; + +import org.apache.jena.security.SecurityEvaluator; +import org.apache.shiro.SecurityUtils; +import org.apache.shiro.subject.Subject; +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; + +import com.hp.hpl.jena.graph.NodeFactory; +import com.hp.hpl.jena.rdf.model.AnonId; +import com.hp.hpl.jena.rdf.model.Model; +import com.hp.hpl.jena.rdf.model.Property; +import com.hp.hpl.jena.rdf.model.RDFNode; +import com.hp.hpl.jena.rdf.model.Resource; +import com.hp.hpl.jena.rdf.model.ResourceFactory; +import com.hp.hpl.jena.vocabulary.RDF; + +/** + * Class to use Shiro to provide credentials. + * Used for same example as ExampleEvaluator + * + */ +public class ShiroExampleEvaluator implements SecurityEvaluator { + + private static final Logger LOG = LoggerFactory.getLogger(ShiroExampleEvaluator.class); + private Model model; + private RDFNode msgType = ResourceFactory.createResource( "http://example.com/msg"; ); + private Property pTo = ResourceFactory.createProperty( "http://example.com/to"; ); + private Property pFrom = ResourceFactory.createProperty( "http://example.com/from"; ); + + /** + * + * @param model The graph we are going to evaluate against. + */ + public ShiroExampleEvaluator( Model model ) + { + this.model = model; + } + + @Override + public boolean evaluate(Object principal, Action action, SecNode graphIRI) { + // we allow any action on a graph. + return true; + } + + private boolean evaluate( Object principalObj, Resource r ) + { + Subject subject = (Subject)principalObj; + if (! subject.isAuthenticated()) + { + LOG.info( "User not authenticated"); + return false; + } + // a message is only available to sender or recipient + LOG.debug( "checking {}", subject.getPrincipal()); + Object principal = subject.getPrincipal(); + if ("admin".equals(principal.toString())) + { + return true; + } + if (r.hasProperty( RDF.type, msgType )) + { + return r.hasProperty( pTo, subject.getPrincipal().toString() ) || + r.hasProperty( pFrom, subject.getPrincipal().toString()); + } + return true; + } + + private boolean evaluate( Object principal, SecNode node ) + { + if (node.equals( SecNode.ANY )) { + return false; // all wild cards are false + } + + if (node.getType().equals( SecNode.Type.URI)) { + Resource r = model.createResource( node.getValue() ); + return evaluate( principal, r ); + } + else if (node.getType().equals( SecNode.Type.Anonymous)) { + Resource r = model.getRDFNode( NodeFactory.createAnon( new AnonId( node.getValue()) ) ).asResource(); + return evaluate( principal, r ); + } + else + { + return true; + } + + } + + private boolean evaluate( Object principal, SecTriple triple ) { + return evaluate( principal, triple.getSubject()) && + evaluate( principal, triple.getObject()) && + evaluate( principal, triple.getPredicate()); + } + + @Override + public boolean evaluate(Object principal, Action action, SecNode graphIRI, SecTriple triple) { + return evaluate( principal, triple ); + } + + @Override + public boolean evaluate(Object principal, Set<Action> actions, SecNode graphIRI) { + return true; + } + + @Override + public boolean evaluate(Object principal, Set<Action> actions, SecNode graphIRI, + SecTriple triple) { + return evaluate( principal, triple ); + } + + @Override + public boolean evaluateAny(Object principal, Set<Action> actions, SecNode graphIRI) { + return true; + } + + @Override + public boolean evaluateAny(Object principal, Set<Action> actions, SecNode graphIRI, + SecTriple triple) { + return evaluate( principal, triple ); + } + + @Override + public boolean evaluateUpdate(Object principal, SecNode graphIRI, SecTriple from, SecTriple to) { + return evaluate( principal, from ) && evaluate( principal, to ); + } + + @Override + public Object getPrincipal() { + return SecurityUtils.getSubject(); + } + + +} http://git-wip-us.apache.org/repos/asf/jena/blob/0e135b58/jena-security/src/example/org/apache/jena/security/example/ExampleEvaluator.java ---------------------------------------------------------------------- diff --git a/jena-security/src/example/org/apache/jena/security/example/ExampleEvaluator.java b/jena-security/src/example/org/apache/jena/security/example/ExampleEvaluator.java deleted file mode 100644 index 9a1831a..0000000 --- a/jena-security/src/example/org/apache/jena/security/example/ExampleEvaluator.java +++ /dev/null @@ -1,147 +0,0 @@ -/* - * Licensed to the Apache Software Foundation (ASF) under one - * or more contributor license agreements. See the NOTICE file - * distributed with this work for additional information - * regarding copyright ownership. The ASF licenses this file - * to you under the Apache License, Version 2.0 (the - * "License"); you may not use this file except in compliance - * with the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ -package org.apache.jena.security.example; - -import java.security.Principal; -import java.util.Set; - -import org.apache.http.auth.BasicUserPrincipal; -import org.apache.jena.security.SecurityEvaluator; - -import com.hp.hpl.jena.graph.Node; -import com.hp.hpl.jena.graph.NodeFactory; -import com.hp.hpl.jena.rdf.model.AnonId; -import com.hp.hpl.jena.rdf.model.Model; -import com.hp.hpl.jena.rdf.model.Property; -import com.hp.hpl.jena.rdf.model.RDFNode; -import com.hp.hpl.jena.rdf.model.Resource; -import com.hp.hpl.jena.rdf.model.ResourceFactory; -import com.hp.hpl.jena.vocabulary.RDF; - -/** - * An example evaluator that only provides access ot messages in the graph that - * are from or to the principal. - * - */ -public class ExampleEvaluator implements SecurityEvaluator { - - private Principal principal; - private Model model; - private RDFNode msgType = ResourceFactory.createResource( "http://example.com/msg"; ); - private Property pTo = ResourceFactory.createProperty( "http://example.com/to"; ); - private Property pFrom = ResourceFactory.createProperty( "http://example.com/from"; ); - - /** - * - * @param model The graph we are going to evaluate against. - */ - public ExampleEvaluator( Model model ) - { - this.model = model; - } - - @Override - public boolean evaluate(Action action, SecNode graphIRI) { - // we allow any action on a graph. - return true; - } - - private boolean evaluate( Resource r ) - { - // a message is only available to sender or recipient - if (r.hasProperty( RDF.type, msgType )) - { - return r.hasProperty( pTo, principal.getName() ) || - r.hasProperty( pFrom, principal.getName()); - } - return true; - } - - private boolean evaluate( SecNode node ) - { - if (node.equals( SecNode.ANY )) { - return false; // all wild cards are false - } - - if (node.getType().equals( SecNode.Type.URI)) { - Resource r = model.createResource( node.getValue() ); - return evaluate( r ); - } - else if (node.getType().equals( SecNode.Type.Anonymous)) { - Resource r = model.getRDFNode( NodeFactory.createAnon( new AnonId( node.getValue()) ) ).asResource(); - return evaluate( r ); - } - else - { - return true; - } - - } - - private boolean evaluate( SecTriple triple ) { - return evaluate( triple.getSubject()) && - evaluate( triple.getObject()) && - evaluate( triple.getPredicate()); - } - - @Override - public boolean evaluate(Action action, SecNode graphIRI, SecTriple triple) { - return evaluate( triple ); - } - - @Override - public boolean evaluate(Set<Action> actions, SecNode graphIRI) { - return true; - } - - @Override - public boolean evaluate(Set<Action> actions, SecNode graphIRI, - SecTriple triple) { - return evaluate( triple ); - } - - @Override - public boolean evaluateAny(Set<Action> actions, SecNode graphIRI) { - return true; - } - - @Override - public boolean evaluateAny(Set<Action> actions, SecNode graphIRI, - SecTriple triple) { - return evaluate( triple ); - } - - @Override - public boolean evaluateUpdate(SecNode graphIRI, SecTriple from, SecTriple to) { - return evaluate( from ) && evaluate( to ); - } - - public void setPrincipal( String userName ) - { - if (userName == null) - { - principal = null; - } - principal = new BasicUserPrincipal( userName ); - } - @Override - public Principal getPrincipal() { - return principal; - } - -} http://git-wip-us.apache.org/repos/asf/jena/blob/0e135b58/jena-security/src/example/org/apache/jena/security/example/SecurityExample.java ---------------------------------------------------------------------- diff --git a/jena-security/src/example/org/apache/jena/security/example/SecurityExample.java b/jena-security/src/example/org/apache/jena/security/example/SecurityExample.java deleted file mode 100644 index 9a8ae36..0000000 --- a/jena-security/src/example/org/apache/jena/security/example/SecurityExample.java +++ /dev/null @@ -1,93 +0,0 @@ -/** - * Licensed to the Apache Software Foundation (ASF) under one - * or more contributor license agreements. See the NOTICE file - * distributed with this work for additional information - * regarding copyright ownership. The ASF licenses this file - * to you under the Apache License, Version 2.0 (the - * "License"); you may not use this file except in compliance - * with the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ -package org.apache.jena.security.example; - -import java.net.URL; - -import org.apache.jena.security.Factory; - -import com.hp.hpl.jena.rdf.model.Model; -import com.hp.hpl.jena.rdf.model.ModelFactory; -import com.hp.hpl.jena.rdf.model.Property; -import com.hp.hpl.jena.rdf.model.RDFNode; -import com.hp.hpl.jena.rdf.model.ResIterator; -import com.hp.hpl.jena.rdf.model.Resource; -import com.hp.hpl.jena.rdf.model.ResourceFactory; -import com.hp.hpl.jena.rdf.model.Statement; -import com.hp.hpl.jena.vocabulary.RDF; - -public class SecurityExample { - - /** - * @param args - */ - - public static void main(String[] args) { - String[] names = { "alice", "bob", "chuck", "darla" }; - - RDFNode msgType = ResourceFactory - .createResource("http://example.com/msg";); - Property pTo = ResourceFactory.createProperty("http://example.com/to";); - Property pFrom = ResourceFactory - .createProperty("http://example.com/from";); - Property pSubj = ResourceFactory - .createProperty("http://example.com/subj";); - - Model model = ModelFactory.createDefaultModel(); - URL url = SecurityExample.class.getClassLoader().getResource( - "org/apache/jena/security/example/example.ttl"); - model.read(url.toExternalForm()); - ResIterator ri = model.listSubjectsWithProperty(RDF.type, msgType); - System.out.println("All the messages"); - while (ri.hasNext()) { - Resource msg = ri.next(); - Statement to = msg.getProperty(pTo); - Statement from = msg.getProperty(pFrom); - Statement subj = msg.getProperty(pSubj); - System.out.println(String.format("%s to: %s from: %s subj: %s", - msg, to.getObject(), from.getObject(), subj.getObject())); - } - System.out.println(); - - ExampleEvaluator evaluator = new ExampleEvaluator(model); - model = Factory.getInstance(evaluator, - "http://example.com/SecuredModel";, model); - for (String userName : names) { - evaluator.setPrincipal(userName); - - System.out.println("Messages " + userName + " can manipulate"); - ri = model.listSubjectsWithProperty(RDF.type, msgType); - while (ri.hasNext()) { - Resource msg = ri.next(); - Statement to = msg.getProperty(pTo); - Statement from = msg.getProperty(pFrom); - Statement subj = msg.getProperty(pSubj); - System.out.println(String.format( - "%s to: %s from: %s subj: %s", msg, to.getObject(), - from.getObject(), subj.getObject())); - } - ri.close(); - for (String name : names) - { - System.out.println( String.format( "%s messages to %s", model.listSubjectsWithProperty( pTo, name ).toList().size(), name ) ); - } - System.out.println(); - } - } - -} http://git-wip-us.apache.org/repos/asf/jena/blob/0e135b58/jena-security/src/example/org/apache/jena/security/example/example.ttl ---------------------------------------------------------------------- diff --git a/jena-security/src/example/org/apache/jena/security/example/example.ttl b/jena-security/src/example/org/apache/jena/security/example/example.ttl deleted file mode 100644 index 7047629..0000000 --- a/jena-security/src/example/org/apache/jena/security/example/example.ttl +++ /dev/null @@ -1,49 +0,0 @@ -# Licensed to the Apache Software Foundation (ASF) under one -# or more contributor license agreements. See the NOTICE file -# distributed with this work for additional information -# regarding copyright ownership. The ASF licenses this file -# to you under the Apache License, Version 2.0 (the -# "License"); you may not use this file except in compliance -# with the License. You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -@prefix ex: <http://example.com/> . -@prefix rdf: <http://www.w3.org/1999/02/22-rdf-syntax-ns#> . - -ex:msg1 rdf:type ex:msg; - ex:to "bob"; - ex:from "alice" ; - ex:subj "alice to bob 1"; - . - -ex:msg2 rdf:type ex:msg; - ex:to "alice"; - ex:from "bob"; - ex:subj "bob to alice 1"; - . - -ex:msg3 rdf:type ex:msg; - ex:to "chuck" ; - ex:from "alice"; - ex:subj "alice to chuck 1"; - . - -ex:msg4 rdf:type ex:msg; - ex:to "darla" ; - ex:from "bob" ; - ex:subj "bob to darla 1" - . - -ex:msg5 rdf:type ex:msg; - ex:to "alice"; - ex:from "bob"; - ex:subj "bob to alice 2"; - . - \ No newline at end of file http://git-wip-us.apache.org/repos/asf/jena/blob/0e135b58/jena-security/src/example/resources/org/apache/jena/security/example/example.ttl ---------------------------------------------------------------------- diff --git a/jena-security/src/example/resources/org/apache/jena/security/example/example.ttl b/jena-security/src/example/resources/org/apache/jena/security/example/example.ttl new file mode 100644 index 0000000..7047629 --- /dev/null +++ b/jena-security/src/example/resources/org/apache/jena/security/example/example.ttl @@ -0,0 +1,49 @@ +# Licensed to the Apache Software Foundation (ASF) under one +# or more contributor license agreements. See the NOTICE file +# distributed with this work for additional information +# regarding copyright ownership. The ASF licenses this file +# to you under the Apache License, Version 2.0 (the +# "License"); you may not use this file except in compliance +# with the License. You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +@prefix ex: <http://example.com/> . +@prefix rdf: <http://www.w3.org/1999/02/22-rdf-syntax-ns#> . + +ex:msg1 rdf:type ex:msg; + ex:to "bob"; + ex:from "alice" ; + ex:subj "alice to bob 1"; + . + +ex:msg2 rdf:type ex:msg; + ex:to "alice"; + ex:from "bob"; + ex:subj "bob to alice 1"; + . + +ex:msg3 rdf:type ex:msg; + ex:to "chuck" ; + ex:from "alice"; + ex:subj "alice to chuck 1"; + . + +ex:msg4 rdf:type ex:msg; + ex:to "darla" ; + ex:from "bob" ; + ex:subj "bob to darla 1" + . + +ex:msg5 rdf:type ex:msg; + ex:to "alice"; + ex:from "bob"; + ex:subj "bob to alice 2"; + . + \ No newline at end of file http://git-wip-us.apache.org/repos/asf/jena/blob/0e135b58/jena-security/src/example/resources/org/apache/jena/security/example/fuseki/config.ttl ---------------------------------------------------------------------- diff --git a/jena-security/src/example/resources/org/apache/jena/security/example/fuseki/config.ttl b/jena-security/src/example/resources/org/apache/jena/security/example/fuseki/config.ttl new file mode 100644 index 0000000..6f4a3af --- /dev/null +++ b/jena-security/src/example/resources/org/apache/jena/security/example/fuseki/config.ttl @@ -0,0 +1,82 @@ +# Licensed to the Apache Software Foundation (ASF) under one +# or more contributor license agreements. See the NOTICE file +# distributed with this work for additional information +# regarding copyright ownership. The ASF licenses this file +# to you under the Apache License, Version 2.0 (the +# "License"); you may not use this file except in compliance +# with the License. You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +@prefix fuseki: <http://jena.apache.org/fuseki#> . +@prefix tdb: <http://jena.hpl.hp.com/2008/tdb#> . +@prefix rdf: <http://www.w3.org/1999/02/22-rdf-syntax-ns#> . +@prefix rdfs: <http://www.w3.org/2000/01/rdf-schema#> . +@prefix ja: <http://jena.hpl.hp.com/2005/11/Assembler#> . +@prefix sec: <http://apache.org/jena/security/Assembler#> . +@prefix my: <http://example.org/#> . + +#[] ja:loadClass "com.hp.hpl.jena.tdb.TDB" . +[] ja:loadClass "org.apache.jena.security.SecuredAssembler" . + +tdb:DatasetTDB rdfs:subClassOf ja:RDFDataset . +tdb:GraphTDB rdfs:subClassOf ja:Model . +sec:Model rdfs:subClassOf ja:NamedModel . + +my:dataset rdf:type tdb:DatasetTDB; + tdb:location "/tmp/myApp" ; + tdb:unionDefaultGraph true ; + . + +my:baseModel rdf:type tdb:GraphTDB ; + tdb:dataset my:dataset . + +my:securedModel rdf:type sec:Model ; + sec:baseModel my:baseModel ; + ja:modelName "https://example.org/securedModel"; ; + sec:evaluatorImpl my:secEvaluator . + +my:secEvaluator rdf:type sec:Evaluator ; + sec:args [ + rdf:_1 my:baseModel ; + ] ; + sec:evaluatorClass "org.apache.jena.security.example.ShiroExampleEvaluator" . + +my:securedDataset rdf:type ja:RDFDataset ; + ja:defaultGraph my:securedModel . + +my:fuseki rdf:type fuseki:Server ; + # Server-wide context parameters can be given here. + # For example, to set query timeouts: on a server-wide basis: + # Format 1: "1000" -- 1 second timeout + # Format 2: "10000,60000" -- 10s timeout to first result, then 60s timeout to for rest of query. + # See java doc for ARQ.queryTimeout + # ja:context [ ja:cxtName "arq:queryTimeout" ; ja:cxtValue "10000" ] ; + + # Load custom code (rarely needed) + # ja:loadClass "your.code.Class" ; + + # Services available. Only explicitly listed services are configured. + # If there is a service description not linked from this list, it is ignored. + fuseki:services ( + my:service1 + ) . + + +my:service1 rdf:type fuseki:Service ; + fuseki:name "myAppFuseki" ; # http://host:port/myAppFuseki + fuseki:serviceQuery "query" ; # SPARQL query service + fuseki:serviceQuery "sparql" ; # SPARQL query service + fuseki:serviceUpdate "update" ; # SPARQL query service + fuseki:serviceUpload "upload" ; # Non-SPARQL upload service + fuseki:serviceReadWriteGraphStore "data" ; # SPARQL Graph store protocol (read and write) + # A separate ead-only graph store endpoint: + fuseki:serviceReadGraphStore "get" ; # SPARQL Graph store protocol (read only) + fuseki:dataset my:securedDataset ; + . http://git-wip-us.apache.org/repos/asf/jena/blob/0e135b58/jena-security/src/example/resources/org/apache/jena/security/example/fuseki/shiro.ini ---------------------------------------------------------------------- diff --git a/jena-security/src/example/resources/org/apache/jena/security/example/fuseki/shiro.ini b/jena-security/src/example/resources/org/apache/jena/security/example/fuseki/shiro.ini new file mode 100644 index 0000000..d0ce2c3 --- /dev/null +++ b/jena-security/src/example/resources/org/apache/jena/security/example/fuseki/shiro.ini @@ -0,0 +1,47 @@ +# Licensed to the Apache Software Foundation (ASF) under one +# or more contributor license agreements. See the NOTICE file +# distributed with this work for additional information +# regarding copyright ownership. The ASF licenses this file +# to you under the Apache License, Version 2.0 (the +# "License"); you may not use this file except in compliance +# with the License. You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +[main] +# Development +ssl.enabled = false + +plainMatcher=org.apache.shiro.authc.credential.SimpleCredentialsMatcher +#iniRealm=org.apache.shiro.realm.text.IniRealm +iniRealm.credentialsMatcher = $plainMatcher + +localhost=org.apache.jena.fuseki.authz.LocalhostFilter + +[users] +# Implicitly adds "iniRealm = org.apache.shiro.realm.text.IniRealm" +admin=admin +alice=alice +bob=bob +chuck=chuck +darla=darla + +[roles] + +[urls] +## Control functions open to anyone +/$/status = anon +/$/ping = anon + +## restrict access. Must log in with above. +/$/** = authcBasic,user[admin] + + +# Everything else +/**=anon http://git-wip-us.apache.org/repos/asf/jena/blob/0e135b58/jena-security/src/test/java/org/apache/jena/security/query/DataSetTest.java ---------------------------------------------------------------------- diff --git a/jena-security/src/test/java/org/apache/jena/security/query/DataSetTest.java b/jena-security/src/test/java/org/apache/jena/security/query/DataSetTest.java index 51f3080..ef4bf93 100644 --- a/jena-security/src/test/java/org/apache/jena/security/query/DataSetTest.java +++ b/jena-security/src/test/java/org/apache/jena/security/query/DataSetTest.java @@ -209,7 +209,7 @@ public class DataSetTest { { count++; final QuerySolution soln = results.nextSolution(); - System.out.println( soln ); + //System.out.println( soln ); } // 2x 3 values + type triple Assert.assertEquals(8, count); @@ -231,7 +231,7 @@ public class DataSetTest { { count++; final QuerySolution soln = results.nextSolution(); - System.out.println( soln ); + //System.out.println( soln ); } // 2x 3 values + type triple // all are in the base graph so no named graphs http://git-wip-us.apache.org/repos/asf/jena/blob/0e135b58/jena-security/src/test/java/org/apache/jena/security/query/QueryEngineTest.java ---------------------------------------------------------------------- diff --git a/jena-security/src/test/java/org/apache/jena/security/query/QueryEngineTest.java b/jena-security/src/test/java/org/apache/jena/security/query/QueryEngineTest.java index a27e4f6..97da8fa 100644 --- a/jena-security/src/test/java/org/apache/jena/security/query/QueryEngineTest.java +++ b/jena-security/src/test/java/org/apache/jena/security/query/QueryEngineTest.java @@ -219,7 +219,7 @@ public class QueryEngineTest { { count++; final QuerySolution soln = results.nextSolution(); - System.out.println( soln ); + //System.out.println( soln ); } // 2x 3 values + type triple Assert.assertEquals(8, count); @@ -241,10 +241,11 @@ public class QueryEngineTest { { count++; final QuerySolution soln = results.nextSolution(); - System.out.println( soln ); + //System.out.println( soln ); } // 2x 3 values + type triple - Assert.assertEquals(8, count); + // no named graphs so no results. + Assert.assertEquals(0, count); } finally {
