http://git-wip-us.apache.org/repos/asf/jena/blob/c4b0113d/jena-permissions/src/main/java/org/apache/jena/security/graph/impl/SecuredGraphImpl.java ---------------------------------------------------------------------- diff --git a/jena-permissions/src/main/java/org/apache/jena/security/graph/impl/SecuredGraphImpl.java b/jena-permissions/src/main/java/org/apache/jena/security/graph/impl/SecuredGraphImpl.java deleted file mode 100644 index 9725236..0000000 --- a/jena-permissions/src/main/java/org/apache/jena/security/graph/impl/SecuredGraphImpl.java +++ /dev/null @@ -1,303 +0,0 @@ -/* - * Licensed to the Apache Software Foundation (ASF) under one - * or more contributor license agreements. See the NOTICE file - * distributed with this work for additional information - * regarding copyright ownership. The ASF licenses this file - * to you under the Apache License, Version 2.0 (the - * "License"); you may not use this file except in compliance - * with the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ -package org.apache.jena.security.graph.impl; - -import org.apache.jena.graph.* ; -import org.apache.jena.security.SecurityEvaluator ; -import org.apache.jena.security.SecurityEvaluator.Action ; -import org.apache.jena.security.graph.* ; -import org.apache.jena.security.impl.ItemHolder ; -import org.apache.jena.security.impl.SecuredItem ; -import org.apache.jena.security.impl.SecuredItemImpl ; -import org.apache.jena.security.utils.PermTripleFilter ; -import org.apache.jena.shared.AddDeniedException ; -import org.apache.jena.shared.DeleteDeniedException ; -import org.apache.jena.util.iterator.ExtendedIterator ; - -/** - * Implementation of SecuredGraph to be used by a SecuredItemInvoker proxy. - */ -public class SecuredGraphImpl extends SecuredItemImpl implements SecuredGraph -{ - - // the prefixMapping for this graph. - private SecuredPrefixMapping prefixMapping; - // the item holder that contains this SecuredGraph - private final ItemHolder<Graph, SecuredGraphImpl> holder; - - private final SecuredGraphEventManager eventManager; - - /** - * Constructor - * - * @param securityEvaluator - * The security evaluator to use - * @param graphIRI - * The IRI for the graph - * @param holder - * The item holder that will contain this SecuredGraph. - */ - SecuredGraphImpl( final SecuredItem securedItem, - final ItemHolder<Graph, SecuredGraphImpl> holder ) - { - super(securedItem, holder); - this.holder = holder; - this.eventManager = new SecuredGraphEventManager(this, - holder.getBaseItem(), holder.getBaseItem().getEventManager()); - } - - SecuredGraphImpl( final SecurityEvaluator securityEvaluator, - final String modelURI, - final ItemHolder<Graph, SecuredGraphImpl> holder ) - { - super(securityEvaluator, modelURI, holder); - this.holder = holder; - this.eventManager = new SecuredGraphEventManager(this, - holder.getBaseItem(), holder.getBaseItem().getEventManager()); - } - - @Override - public void add( final Triple t ) throws AddDeniedException - { - checkUpdate(); - checkCreate(t); - holder.getBaseItem().add(t); - } - - @Override - public void close() - { - holder.getBaseItem().close(); - } - - @Override - public boolean contains( final Node s, final Node p, final Node o ) - { - return contains(new Triple(s, p, o)); - } - - @Override - public boolean contains( final Triple t ) - { - checkRead(); - if (canRead(t)) - { - return holder.getBaseItem().contains(t); - } - final ExtendedIterator<Triple> iter = holder.getBaseItem().find(t); - try - { - while (iter.hasNext()) - { - if (canRead(iter.next())) - { - return true; - } - } - return false; - } - finally - { - iter.close(); - } - - } - - private synchronized void createPrefixMapping() - { - if (prefixMapping == null) - { - prefixMapping = org.apache.jena.security.graph.impl.Factory - .getInstance(this, holder.getBaseItem().getPrefixMapping()); - } - } - - @Override - public void delete( final Triple t ) throws DeleteDeniedException - { - checkUpdate(); - checkDelete(t); - holder.getBaseItem().delete(t); - } - - @Override - public boolean dependsOn( final Graph other ) - { - checkRead(); - if (other.equals(holder.getBaseItem())) - { - return true; - } - return holder.getBaseItem().dependsOn(other); - } - - @Override - public ExtendedIterator<Triple> find( final Node s, final Node p, - final Node o ) - { - checkRead(); - ExtendedIterator<Triple> retval = holder.getBaseItem().find(s, p, o); - if (!canRead(Triple.ANY)) - { - retval = retval.filterKeep(new PermTripleFilter(Action.Read, this)); - } - return retval; - } - - /** @deprecated Use/implement {@link #find(Triple)} */ - @Deprecated - @Override - public ExtendedIterator<Triple> find( final TripleMatch m ) { - return find(Triple.createMatch(m.getMatchSubject(), - m.getMatchPredicate(), - m.getMatchObject())) ; - } - - @Override - public ExtendedIterator<Triple> find( final Triple m ) - { - checkRead(); - ExtendedIterator<Triple> retval = holder.getBaseItem().find(m); - if (!canRead(Triple.ANY)) - { - retval = retval.filterKeep(new PermTripleFilter(Action.Read, this)); - } - return retval; - } - - @SuppressWarnings("deprecation") - @Override - public SecuredBulkUpdateHandler getBulkUpdateHandler() - { - return org.apache.jena.security.graph.impl.Factory.getInstance(this, - holder.getBaseItem(), holder.getBaseItem() - .getBulkUpdateHandler()); - } - - @Override - public SecuredCapabilities getCapabilities() - { - return new SecuredCapabilities(getSecurityEvaluator(), getModelIRI(), - holder.getBaseItem().getCapabilities()); - } - - @Override - public SecuredGraphEventManager getEventManager() - { - return eventManager; - } - - @Override - public SecuredPrefixMapping getPrefixMapping() - { - if (prefixMapping == null) - { - createPrefixMapping(); - } - return prefixMapping; - } - - @Override - public GraphStatisticsHandler getStatisticsHandler() - { - checkRead(); - return holder.getBaseItem().getStatisticsHandler(); - } - - @Override - public TransactionHandler getTransactionHandler() - { - return holder.getBaseItem().getTransactionHandler(); - } - - @Override - public boolean isClosed() - { - return holder.getBaseItem().isClosed(); - } - - @Override - public boolean isEmpty() - { - checkRead(); - return holder.getBaseItem().isEmpty(); - } - - @Override - public boolean isIsomorphicWith( final Graph g ) - { - checkRead(); - if (g.size() != holder.getBaseItem().size()) - { - return false; - } - final Triple t = new Triple(Node.ANY, Node.ANY, Node.ANY); - if (!canRead(t)) - { - final ExtendedIterator<Triple> iter = g.find(t); - while (iter.hasNext()) - { - checkRead(iter.next()); - } - } - return holder.getBaseItem().isIsomorphicWith(g); - } - - @Override - public int size() - { - checkRead(); - return holder.getBaseItem().size(); - } - - @Override - public void clear() - { - checkUpdate(); - if (! canDelete( Triple.ANY )) - { - ExtendedIterator<Triple> iter = holder.getBaseItem().find( Triple.ANY ); - while (iter.hasNext()) - { - checkDelete( iter.next() ); - } - } - holder.getBaseItem().clear(); - } - - @Override - public void remove( Node s, Node p, Node o ) - { - checkUpdate(); - Triple t = new Triple( s, p, o ); - if (t.isConcrete()) - { - checkDelete( t ); - } - else - { - ExtendedIterator<Triple> iter = holder.getBaseItem().find( Triple.ANY ); - while (iter.hasNext()) - { - checkDelete( iter.next() ); - } - } - holder.getBaseItem().remove(s, p, o); - } - -} \ No newline at end of file
http://git-wip-us.apache.org/repos/asf/jena/blob/c4b0113d/jena-permissions/src/main/java/org/apache/jena/security/graph/impl/SecuredPrefixMappingImpl.java ---------------------------------------------------------------------- diff --git a/jena-permissions/src/main/java/org/apache/jena/security/graph/impl/SecuredPrefixMappingImpl.java b/jena-permissions/src/main/java/org/apache/jena/security/graph/impl/SecuredPrefixMappingImpl.java deleted file mode 100644 index 46d9657..0000000 --- a/jena-permissions/src/main/java/org/apache/jena/security/graph/impl/SecuredPrefixMappingImpl.java +++ /dev/null @@ -1,167 +0,0 @@ -/* - * Licensed to the Apache Software Foundation (ASF) under one - * or more contributor license agreements. See the NOTICE file - * distributed with this work for additional information - * regarding copyright ownership. The ASF licenses this file - * to you under the Apache License, Version 2.0 (the - * "License"); you may not use this file except in compliance - * with the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ -package org.apache.jena.security.graph.impl; - -import java.util.Map; -import java.util.Map.Entry; - -import org.apache.jena.security.graph.SecuredPrefixMapping; -import org.apache.jena.security.impl.ItemHolder; -import org.apache.jena.security.impl.SecuredItemImpl; -import org.apache.jena.shared.PrefixMapping ; -import org.apache.jena.shared.impl.PrefixMappingImpl ; - -/** - * Implementation of SecuredPrefixMapping to be used by a SecuredItemInvoker - * proxy. - */ -public class SecuredPrefixMappingImpl extends SecuredItemImpl implements - SecuredPrefixMapping -{ - // the item holder that holds this SecuredPrefixMapping - private final ItemHolder<PrefixMapping, SecuredPrefixMapping> holder; - - /** - * Constructor - * - * @param graph - * The Secured graph this mapping is for. - * @param holder - * The item holder that will contain this SecuredPrefixMapping. - */ - SecuredPrefixMappingImpl( final SecuredGraphImpl graph, - final ItemHolder<PrefixMapping, SecuredPrefixMapping> holder ) - { - super(graph, holder); - this.holder = holder; - } - - @Override - public String expandPrefix( final String prefixed ) - { - checkRead(); - return holder.getBaseItem().expandPrefix(prefixed); - } - - @Override - public Map<String, String> getNsPrefixMap() - { - checkRead(); - return holder.getBaseItem().getNsPrefixMap(); - } - - @Override - public String getNsPrefixURI( final String prefix ) - { - checkRead(); - return holder.getBaseItem().getNsPrefixURI(prefix); - } - - @Override - public String getNsURIPrefix( final String uri ) - { - checkRead(); - return holder.getBaseItem().getNsURIPrefix(uri); - } - - @Override - public SecuredPrefixMapping lock() - { - checkUpdate(); - holder.getBaseItem().lock(); - return holder.getSecuredItem(); - } - - @Override - public String qnameFor( final String uri ) - { - checkRead(); - return holder.getBaseItem().qnameFor(uri); - } - - @Override - public SecuredPrefixMapping removeNsPrefix( final String prefix ) - { - checkUpdate(); - holder.getBaseItem().removeNsPrefix(prefix); - return holder.getSecuredItem(); - } - - @Override - public boolean samePrefixMappingAs( final PrefixMapping other ) - { - checkRead(); - return holder.getBaseItem().samePrefixMappingAs(other); - } - - @Override - public SecuredPrefixMapping setNsPrefix( final String prefix, - final String uri ) - { - checkUpdate(); - holder.getBaseItem().setNsPrefix(prefix, uri); - return holder.getSecuredItem(); - } - - @Override - public SecuredPrefixMapping setNsPrefixes( final Map<String, String> map ) - { - checkUpdate(); - holder.getBaseItem().setNsPrefixes(map); - return holder.getSecuredItem(); - } - - @Override - public SecuredPrefixMapping setNsPrefixes( final PrefixMapping other ) - { - checkUpdate(); - holder.getBaseItem().setNsPrefixes(other); - return holder.getSecuredItem(); - } - - @Override - public String shortForm( final String uri ) - { - checkRead(); - return holder.getBaseItem().shortForm(uri); - } - - @Override - public SecuredPrefixMapping withDefaultMappings( final PrefixMapping map ) - { - // mapping only updates if there are map entries to add. Since this gets called - // when we are doing deep triple checks while writing we need to attempt the - // update only if there are new updates to add. - - PrefixMapping m = holder.getBaseItem(); - PrefixMappingImpl pm = new PrefixMappingImpl(); - for ( Entry<String, String> e : map.getNsPrefixMap().entrySet()) - { - if (m.getNsPrefixURI(e.getKey()) == null && m.getNsURIPrefix(e.getValue()) == null ) - { - pm.setNsPrefix( e.getKey(), e.getValue() ); - } - } - if ( !pm.getNsPrefixMap().isEmpty()) - { - checkUpdate(); - holder.getBaseItem().withDefaultMappings(pm); - } - return holder.getSecuredItem(); - } -} \ No newline at end of file http://git-wip-us.apache.org/repos/asf/jena/blob/c4b0113d/jena-permissions/src/main/java/org/apache/jena/security/graph/package-info.java ---------------------------------------------------------------------- diff --git a/jena-permissions/src/main/java/org/apache/jena/security/graph/package-info.java b/jena-permissions/src/main/java/org/apache/jena/security/graph/package-info.java deleted file mode 100644 index d787688..0000000 --- a/jena-permissions/src/main/java/org/apache/jena/security/graph/package-info.java +++ /dev/null @@ -1,50 +0,0 @@ -/* - * Licensed to the Apache Software Foundation (ASF) under one - * or more contributor license agreements. See the NOTICE file - * distributed with this work for additional information - * regarding copyright ownership. The ASF licenses this file - * to you under the Apache License, Version 2.0 (the - * "License"); you may not use this file except in compliance - * with the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ -/** - * Secured implementation of the Graph interface and associated classes. - * <p> - * - * The SecurityEvaluator class must be implemented. This class provides the interface to the - * authentication results (e.g. getPrincipal())) and the authorization system. - * </p><p> - * Create a SecuredGraph by calling Factory.getInstance( SecurityEvaluator, String, Graph ); - * Create a SecuredModel by calling Factory.getInstance( SecurityEvaluator, String, Model ) - * or ModelFactory.createModelForGraph( SecuredGraph ); - * </p><p> - * NOTE: when creating a model by wrapping a secured graph (e.g. - * ModelFactory.createModelForGraph( SecuredGraph );) the resulting Model does not - * have the same security requirements that the standard secured model does. - * </p><p> - * For instance when creating a list on a secured model calling model.createList( RDFNode[] ); - * The standard secured model verifies that the user - * has the right to update the triples and allows or denies the entire operation accordingly. - * The wrapped secured graph does not have visibility - * to the createList() command and can only operate on the instructions issued by the - * model.createList() implementation. In the standard implementation - * the model requests the graph to delete one triple and then insert another. - * Thus the user must have delete and add permissions, not the update permission. - * </p><p> - * There are several other cases where the difference in the layer can trip up the security system. - * In all known cases the result is a tighter - * security definition than was requested. For simplicity sake we recommend that the wrapped - * secured graph only be used in cases where access to the - * graph as a whole is granted/denied. In these cases the user either has all CRUD capabilities or - * none. - * </p> - */ -package org.apache.jena.security.graph; \ No newline at end of file http://git-wip-us.apache.org/repos/asf/jena/blob/c4b0113d/jena-permissions/src/main/java/org/apache/jena/security/impl/CachedSecurityEvaluator.java ---------------------------------------------------------------------- diff --git a/jena-permissions/src/main/java/org/apache/jena/security/impl/CachedSecurityEvaluator.java b/jena-permissions/src/main/java/org/apache/jena/security/impl/CachedSecurityEvaluator.java deleted file mode 100644 index ffc2868..0000000 --- a/jena-permissions/src/main/java/org/apache/jena/security/impl/CachedSecurityEvaluator.java +++ /dev/null @@ -1,90 +0,0 @@ -/* - * Licensed to the Apache Software Foundation (ASF) under one - * or more contributor license agreements. See the NOTICE file - * distributed with this work for additional information - * regarding copyright ownership. The ASF licenses this file - * to you under the Apache License, Version 2.0 (the - * "License"); you may not use this file except in compliance - * with the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ -package org.apache.jena.security.impl; - -import java.util.Set; - -import org.apache.jena.security.SecurityEvaluator; - -/** - * A SecurityEvaluator that can be cached for later use. - */ -public class CachedSecurityEvaluator implements SecurityEvaluator { - private final SecurityEvaluator wrapped; - private final Object origPrincipal; - - /** - * - * @param wrapped - * @param runAs - */ - public CachedSecurityEvaluator(final SecurityEvaluator wrapped, - final Object runAs) { - this.origPrincipal = runAs; - this.wrapped = wrapped; - } - - @Override - public boolean evaluate(final Object principal, final Action action, - final SecNode graphIRI) { - return wrapped.evaluate(principal, action, graphIRI); - } - - @Override - public boolean evaluate(final Object principal, final Action action, - final SecNode graphIRI, final SecTriple triple) { - return wrapped.evaluate(principal, action, graphIRI, triple); - } - - @Override - public boolean evaluate(final Object principal, final Set<Action> actions, - final SecNode graphIRI) { - return wrapped.evaluate(principal, actions, graphIRI); - } - - @Override - public boolean evaluate(final Object principal, final Set<Action> actions, - final SecNode graphIRI, final SecTriple triple) { - return wrapped.evaluate(principal, actions, graphIRI, triple); - } - - @Override - public boolean evaluateAny(final Object principal, - final Set<Action> actions, final SecNode graphIRI) { - return wrapped.evaluateAny(principal, actions, graphIRI); - } - - @Override - public boolean evaluateAny(final Object principal, - final Set<Action> actions, final SecNode graphIRI, - final SecTriple triple) { - return wrapped.evaluateAny(principal, actions, graphIRI, triple); - } - - @Override - public boolean evaluateUpdate(final Object principal, - final SecNode graphIRI, final SecTriple from, final SecTriple to) { - return wrapped.evaluateUpdate(principal, graphIRI, from, to); - } - - @Override - public Object getPrincipal() { - return origPrincipal; - } - -} http://git-wip-us.apache.org/repos/asf/jena/blob/c4b0113d/jena-permissions/src/main/java/org/apache/jena/security/impl/ItemHolder.java ---------------------------------------------------------------------- diff --git a/jena-permissions/src/main/java/org/apache/jena/security/impl/ItemHolder.java b/jena-permissions/src/main/java/org/apache/jena/security/impl/ItemHolder.java deleted file mode 100644 index 0262001..0000000 --- a/jena-permissions/src/main/java/org/apache/jena/security/impl/ItemHolder.java +++ /dev/null @@ -1,117 +0,0 @@ -/* - * Licensed to the Apache Software Foundation (ASF) under one - * or more contributor license agreements. See the NOTICE file - * distributed with this work for additional information - * regarding copyright ownership. The ASF licenses this file - * to you under the Apache License, Version 2.0 (the - * "License"); you may not use this file except in compliance - * with the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ -package org.apache.jena.security.impl; - -import java.lang.reflect.Proxy; -import java.util.LinkedHashSet; -import java.util.Set; - -import org.apache.commons.lang3.ClassUtils; - -/** - * A class that holds the original item and the secured version of it. - * - * This class is used by the Invoker to return secured versions of the object - * during - * calls that return the called class for cascading. - * - * @param <Base> - * The base class that is being secured - * @param <Secured> - * The implementation (proxy) of the secured class. - */ -public class ItemHolder<Base, Secured extends SecuredItem> -{ - /** - * The base item that is being secured - */ - private final Base baseItem; - /** - * The proxy to the base class that implements the security. - */ - private Secured securedItem; - - /** - * Constructor. - * - * @param baseItem - * The base item. - */ - public ItemHolder( final Base baseItem ) - { - super(); - this.baseItem = baseItem; - } - - /** - * Get the base item. - * - * This method is used in the proxy to get call to the underlying instance. - * - * @return The instance that is being protected. - */ - public Base getBaseItem() - { - return baseItem; - } - - /** - * Get the secured item. - * - * This method is used in the invocation handler to get the instance of the - * proxy that made the - * on which a method call was made. Generally used in returing the original - * object to support - * cascading. - * - * @return the proxy. - */ - public Secured getSecuredItem() - { - return securedItem; - } - - /** - * Creates the proxy, saves it as the securedItem and returns it. - * - * @param handler - * The SecuredItemInvoker to create the proxy with. - * @return The proxy. - */ - @SuppressWarnings( "unchecked" ) - public final Secured setSecuredItem( final SecuredItemInvoker handler ) - { - final Set<Class<?>> ifac = new LinkedHashSet<Class<?>>(); - if (baseItem.getClass().isInterface()) - { - ifac.add(baseItem.getClass()); - } - ifac.addAll(ClassUtils.getAllInterfaces(baseItem.getClass())); - if (handler.securedItem.getClass().isInterface()) - { - ifac.add(handler.securedItem.getClass()); - } - ifac.addAll(ClassUtils.getAllInterfaces(handler.securedItem.getClass())); - - securedItem = (Secured) Proxy.newProxyInstance( - SecuredItemImpl.class.getClassLoader(), - ifac.toArray(new Class<?>[ifac.size()]), handler); - return securedItem; - } - -} http://git-wip-us.apache.org/repos/asf/jena/blob/c4b0113d/jena-permissions/src/main/java/org/apache/jena/security/impl/SecuredItem.java ---------------------------------------------------------------------- diff --git a/jena-permissions/src/main/java/org/apache/jena/security/impl/SecuredItem.java b/jena-permissions/src/main/java/org/apache/jena/security/impl/SecuredItem.java deleted file mode 100644 index 7c12d19..0000000 --- a/jena-permissions/src/main/java/org/apache/jena/security/impl/SecuredItem.java +++ /dev/null @@ -1,185 +0,0 @@ -/* - * Licensed to the Apache Software Foundation (ASF) under one - * or more contributor license agreements. See the NOTICE file - * distributed with this work for additional information - * regarding copyright ownership. The ASF licenses this file - * to you under the Apache License, Version 2.0 (the - * "License"); you may not use this file except in compliance - * with the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ -package org.apache.jena.security.impl; - -import org.apache.jena.security.SecurityEvaluator; -import org.apache.jena.security.SecurityEvaluator.SecNode; -import org.apache.jena.security.SecurityEvaluator.SecTriple; - -/** - * The secured item interface is mixed into instances of secured objects by the - * proxy. It provides the security context for the security checks as well as - * several useful shorthand methods for common checks. - */ -public interface SecuredItem -{ - - /** - * Utilities for SecuredItem implementations. - */ - public static class Util - { - /** - * Secured items are equivalent if their security evaluators and - * modelIRIs are equal. - * - * @param si1 - * A secured item to check - * @param si2 - * A second secured item to check - * @return true if si1 is equivalent to si2. - */ - public static boolean isEquivalent( final SecuredItem si1, - final SecuredItem si2 ) - { - return si1.getSecurityEvaluator() - .equals(si2.getSecurityEvaluator()) - && si1.getModelIRI().equals(si2.getModelIRI()); - } - } - - /** - * @return true if the securedModel allows items to to be created. - */ - public boolean canCreate(); - - /** - * Return true if the triple can be created. - * If any s,p or o is SecNode.ANY then this method must return false if - * there - * are - * any restrictions where the remaining nodes and held constant and the ANY - * node - * is allowed to vary. - * - * See canRead(SecTriple t) - * - * @param t - * The triple to check - * @return true if the triple can be created. - */ - public boolean canCreate( SecTriple t ); - - /** - * @return true if the securedModel allows items to to be deleted. - */ - public boolean canDelete(); - - /** - * Return true if the triple can be deleted. - * If any s,p or o is SecNode.ANY then this method must return false if - * there - * are - * any restrictions where the remaining nodes and held constant and the ANY - * node - * is allowed to vary. - * - * See canRead(SecTriple t) - * - * @param t - * The triple to check - * @return true if the triple can be deleted. - */ - public boolean canDelete( SecTriple t ); - - /** - * @return true if the securedModel allows items to to be read. - */ - public boolean canRead(); - - /** - * Return true if the triple can be read. - * If any s,p or o is SecNode.ANY then this method must return false if - * there - * are - * any restrictions where the remaining nodes and held constant and the ANY - * node - * is allowed to vary. - * - * (S, P, O) check if S,P,O can be read. - * (S, P, ANY) check if there are any S,P,x restrictions. - * (S, ANY, P) check if there are any S,x,P restrictions. - * (ANY, ANY, ANY) check if there are any restricitons on reading. - * - * @param t - * The triple to check - * @return true if the triple can be read. - */ - public boolean canRead( SecTriple t ); - - /** - * @return true if the securedModel allows items to to be updated. - */ - public boolean canUpdate(); - - /** - * Return true if the triple can be updated. - * If any s,p or o is SecNode.ANY then this method must return false if - * there - * are - * any restrictions where the remaining nodes and held constant and the ANY - * node - * is allowed to vary. - * - * See canRead(SecTriple t) - * - * @param from - * The triple that will be changed - * @param to - * The resulting triple. - * @return true if the from triple can be updated as the to triple. - */ - public boolean canUpdate( SecTriple from, SecTriple to ); - - @Override - public boolean equals( Object o ); - - /** - * @return the base item that is being secured. - */ - public Object getBaseItem(); - - /** - * @return The IRI of the securedModel that the item belongs to. - */ - public String getModelIRI(); - - /** - * @return The node represnetation of the securedModel IRI. - */ - public SecNode getModelNode(); - - /** - * The SecurityEvaluator implementation that is being used to determine - * access. - * - * @return The SecurityEvaluator implementation. - */ - public SecurityEvaluator getSecurityEvaluator(); - - /** - * Return true if this secured item is equivalent to another secured item. - * Generally implemented by calling SecuredItem.Util.isEquivalent - * - * @param securedItem - * the other secured item. - * @return True if they are equivalent, false otherwise. - */ - public boolean isEquivalent( SecuredItem securedItem ); - -} \ No newline at end of file http://git-wip-us.apache.org/repos/asf/jena/blob/c4b0113d/jena-permissions/src/main/java/org/apache/jena/security/impl/SecuredItemImpl.java ---------------------------------------------------------------------- diff --git a/jena-permissions/src/main/java/org/apache/jena/security/impl/SecuredItemImpl.java b/jena-permissions/src/main/java/org/apache/jena/security/impl/SecuredItemImpl.java deleted file mode 100644 index e24cfb8..0000000 --- a/jena-permissions/src/main/java/org/apache/jena/security/impl/SecuredItemImpl.java +++ /dev/null @@ -1,842 +0,0 @@ -/* - * Licensed to the Apache Software Foundation (ASF) under one - * or more contributor license agreements. See the NOTICE file - * distributed with this work for additional information - * regarding copyright ownership. The ASF licenses this file - * to you under the Apache License, Version 2.0 (the - * "License"); you may not use this file except in compliance - * with the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ -package org.apache.jena.security.impl; - -import java.lang.reflect.Proxy; - -import org.apache.commons.collections4.map.LRUMap; -import org.apache.commons.lang3.StringUtils; -import org.apache.commons.lang3.builder.HashCodeBuilder; -import org.apache.jena.rdf.model.Statement ; -import org.apache.jena.security.AccessDeniedException; -import org.apache.jena.security.SecurityEvaluator; -import org.apache.jena.security.SecurityEvaluator.Action; -import org.apache.jena.security.SecurityEvaluator.SecNode; -import org.apache.jena.security.SecurityEvaluator.SecTriple; -import org.apache.jena.security.SecurityEvaluator.SecNode.Type; -import org.apache.jena.util.iterator.ExtendedIterator ; -import org.apache.jena.vocabulary.RDF ; - -/** - * An abstract implementation of SecuredItem that caches security checks. - * <p> - * Security checks are performed at multiple locations. This implementation ensures that - * during a single operation the specific check is only evaluated once by caching the result. - * </p> - * - */ -public abstract class SecuredItemImpl implements SecuredItem -{ - // a key for the secured item. - private class CacheKey implements Comparable<CacheKey> - { - private final Action action; - private final SecNode modelNode; - private final SecTriple from; - private final SecTriple to; - private Integer hashCode; - - public CacheKey( final Action action, final SecNode modelNode ) - { - this(action, modelNode, null, null); - } - - public CacheKey( final Action action, final SecNode modelNode, - final SecTriple to ) - { - this(action, modelNode, to, null); - } - - public CacheKey( final Action action, final SecNode modelNode, - final SecTriple to, final SecTriple from ) - { - this.action = action; - this.modelNode = modelNode; - this.to = to; - this.from = from; - } - - @Override - public int compareTo( final CacheKey other ) - { - int retval = this.action.compareTo(other.action); - if (retval == 0) - { - retval = this.modelNode.compareTo(other.modelNode); - } - if (retval == 0) - { - if (this.to == null) - { - if (other.to == null) - { - return 0; - } - return -1; - } - retval = this.to.compareTo(other.to); - } - if (retval == 0) - { - if (this.from == null) - { - if (other.from == null) - { - return 0; - } - return -1; - } - retval = this.from.compareTo(other.from); - } - return retval; - } - - @Override - public boolean equals( final Object o ) - { - if (o instanceof CacheKey) - { - return this.compareTo((CacheKey) o) == 0; - } - return false; - } - - @Override - public int hashCode() - { - if (hashCode == null) - { - hashCode = new HashCodeBuilder().append(action) - .append(modelNode).append(from).append(to).toHashCode(); - } - return hashCode; - } - } - - // the maximum size of the cache - public static int MAX_CACHE = 100; - // the cache for this thread. - public static final ThreadLocal<LRUMap> CACHE = new ThreadLocal<LRUMap>(); - // the number of times this thread has recursively called the constructor. - public static final ThreadLocal<Integer> COUNT = new ThreadLocal<Integer>(); - - /** - * Convert a Jena Node object into a SecNode object. - * @param jenaNode The Jena node to convert. - * @return The SecNode that represents the jenaNode. - */ - public static SecNode convert( final org.apache.jena.graph.Node jenaNode ) - { - if (org.apache.jena.graph.Node.ANY.equals(jenaNode)) - { - return SecNode.ANY; - } - if (jenaNode.isLiteral()) - { - return new SecNode(Type.Literal, jenaNode.getLiteral().toString()); - } - if (jenaNode.isBlank()) - { - return new SecNode(Type.Anonymous, jenaNode.getBlankNodeLabel()); - } - if (jenaNode.isVariable()) - { - return SecNode.VARIABLE; - } - return new SecNode(Type.URI, jenaNode.getURI()); - } - - /** - * Convert a Jena Triple into a SecTriple. - * @param jenaTriple The Jena Triple to convert. - * @return The SecTriple that represents the jenaTriple. - */ - public static SecTriple convert( - final org.apache.jena.graph.Triple jenaTriple ) - { - return new SecTriple(SecuredItemImpl.convert(jenaTriple.getSubject()), - SecuredItemImpl.convert(jenaTriple.getPredicate()), - SecuredItemImpl.convert(jenaTriple.getObject())); - } - - /** - * Decrement the number of instances of SecuredItem. - */ - public static void decrementUse() - { - final Integer i = SecuredItemImpl.COUNT.get(); - if (i == null) - { - throw new IllegalStateException("No count on exit"); - } - if (i < 1) - { - throw new IllegalStateException("No count less than 1"); - } - if (i == 1) - { - SecuredItemImpl.CACHE.remove(); - SecuredItemImpl.COUNT.remove(); - } - else - { - SecuredItemImpl.COUNT.set( i - 1 ); - } - } - - /** - * Increment the number of instances of SecuredItem. - */ - public static void incrementUse() - { - final Integer i = SecuredItemImpl.COUNT.get(); - if (i == null) - { - SecuredItemImpl.CACHE.set(new LRUMap(Math.max( - SecuredItemImpl.MAX_CACHE, 100))); - SecuredItemImpl.COUNT.set( 1 ); - } - else - { - SecuredItemImpl.COUNT.set( i + 1 ); - } - } - - // the evaluator we are using - private final SecurityEvaluator securityEvaluator; - - // the secured node for that names the graph. - private final SecNode modelNode; - - // the item holder that we are evaluating. - private final ItemHolder<?, ?> itemHolder; - - /** - * Create the SecuredItemImpl. - * @param securedItem The securedItem. - * @param holder The Item holder for the securedItem. - * @throws IllegalArgumentException if securedItem is null or securedItem.getSecurityEvaluator() - * returns null, or the holder is null. - */ - protected SecuredItemImpl( final SecuredItem securedItem, - final ItemHolder<?, ?> holder ) - { - if (securedItem == null) - { - throw new IllegalArgumentException("Secured item may not be null"); - } - if (securedItem.getSecurityEvaluator() == null) - { - throw new IllegalArgumentException( - "Security evaluator in secured item may not be null"); - } - if (holder == null) - { - throw new IllegalArgumentException("ItemHolder may not be null"); - } - this.securityEvaluator = securedItem.getSecurityEvaluator(); - this.modelNode = new SecurityEvaluator.SecNode( - SecurityEvaluator.SecNode.Type.URI, securedItem.getModelIRI()); - this.itemHolder = holder; - } - - /** - * Create the SecuredItemImpl. - * @param securityEvaluator the secured evaluator to use. - * @param modelURI the URI for the model. - * @param holder The holder to use. - * @throws IllegalArgumentException if security evaluator is null, modelURI is null or empty, - * or holder is null. - */ - protected SecuredItemImpl( final SecurityEvaluator securityEvaluator, - final String modelURI, final ItemHolder<?, ?> holder ) - { - if (securityEvaluator == null) - { - throw new IllegalArgumentException( - "Security evaluator may not be null"); - } - if (StringUtils.isEmpty(modelURI)) - { - throw new IllegalArgumentException( - "ModelURI may not be empty or null"); - } - if (holder == null) - { - throw new IllegalArgumentException("ItemHolder may not be null"); - } - this.securityEvaluator = securityEvaluator; - this.modelNode = new SecurityEvaluator.SecNode( - SecurityEvaluator.SecNode.Type.URI, modelURI); - this.itemHolder = holder; - } - - @Override - public String toString() { - if (canRead()) - { - return itemHolder.getBaseItem().toString(); - } - return super.toString(); - } - - /** - * get the cached value. - * @param key The key to look for. - * @return the value of the security check or <code>null</code> if the value has not been cached. - */ - private Boolean cacheGet( final CacheKey key ) - { - final LRUMap cache = SecuredItemImpl.CACHE.get(); - return (cache == null) ? null : (Boolean) cache.get(key); - } - - /** - * set teh cache value. - * @param key The key to set the value for. - * @param value The value to set. - */ - void cachePut( final CacheKey key, final boolean value ) - { - final LRUMap cache = SecuredItemImpl.CACHE.get(); - if (cache != null) - { - cache.put(key, value); - SecuredItemImpl.CACHE.set(cache); - } - } - - /* - * (non-Javadoc) - * - * @see org.apache.jena.security.SecuredItem#canCreate() - */ - @Override - public boolean canCreate() - { - final CacheKey key = new CacheKey(Action.Create, modelNode); - Boolean retval = cacheGet(key); - if (retval == null) - { - retval = securityEvaluator.evaluate(securityEvaluator.getPrincipal(),Action.Create, modelNode); - cachePut(key, retval); - } - return retval; - } - - public boolean canCreate( final org.apache.jena.graph.Triple t ) - { - return canCreate(SecuredItemImpl.convert(t)); - } - - @Override - public boolean canCreate( final SecTriple t ) - { - final CacheKey key = new CacheKey(Action.Create, modelNode, t); - Boolean retval = cacheGet(key); - if (retval == null) - { - retval = securityEvaluator.evaluate(securityEvaluator.getPrincipal(),Action.Create, modelNode, t); - cachePut(key, retval); - } - return retval; - } - - public boolean canCreate( final Statement s ) - { - return canCreate(s.asTriple()); - } - - /* - * (non-Javadoc) - * - * @see org.apache.jena.security.SecuredItem#canDelete() - */ - @Override - public boolean canDelete() - { - final CacheKey key = new CacheKey(Action.Delete, modelNode); - Boolean retval = cacheGet(key); - if (retval == null) - { - retval = securityEvaluator.evaluate(securityEvaluator.getPrincipal(),Action.Delete, modelNode); - cachePut(key, retval); - } - return retval; - } - - public boolean canDelete( final org.apache.jena.graph.Triple t ) - { - return canDelete(SecuredItemImpl.convert(t)); - } - - @Override - public boolean canDelete( final SecTriple t ) - { - final CacheKey key = new CacheKey(Action.Delete, modelNode, t); - Boolean retval = cacheGet(key); - if (retval == null) - { - retval = securityEvaluator.evaluate(securityEvaluator.getPrincipal(),Action.Delete, modelNode, t); - cachePut(key, retval); - } - return retval; - } - - public boolean canDelete( final Statement s ) - { - return canDelete(s.asTriple()); - } - - /* - * (non-Javadoc) - * - * @see org.apache.jena.security.SecuredItem#canRead() - */ - @Override - public boolean canRead() - { - final CacheKey key = new CacheKey(Action.Read, modelNode); - Boolean retval = cacheGet(key); - if (retval == null) - { - retval = securityEvaluator.evaluate(securityEvaluator.getPrincipal(),Action.Read, modelNode); - cachePut(key, retval); - } - return retval; - } - - public boolean canRead( final org.apache.jena.graph.Triple t ) - { - return canRead(SecuredItemImpl.convert(t)); - } - - @Override - public boolean canRead( final SecTriple t ) - { - final CacheKey key = new CacheKey(Action.Read, modelNode, t); - Boolean retval = cacheGet(key); - if (retval == null) - { - retval = securityEvaluator.evaluate(securityEvaluator.getPrincipal(),Action.Read, modelNode, t); - cachePut(key, retval); - } - return retval; - } - - public boolean canRead( final Statement s ) - { - return canRead(s.asTriple()); - } - - /* - * (non-Javadoc) - * - * @see org.apache.jena.security.SecuredItem#canUpdate() - */ - @Override - public boolean canUpdate() - { - final CacheKey key = new CacheKey(Action.Update, modelNode); - Boolean retval = cacheGet(key); - if (retval == null) - { - retval = securityEvaluator.evaluate(securityEvaluator.getPrincipal(),Action.Update, modelNode); - cachePut(key, retval); - } - return retval; - } - - public boolean canUpdate( final org.apache.jena.graph.Triple from, - final org.apache.jena.graph.Triple to ) - { - return canUpdate(SecuredItemImpl.convert(from), - SecuredItemImpl.convert(to)); - } - - @Override - public boolean canUpdate( final SecTriple from, final SecTriple to ) - { - final CacheKey key = new CacheKey(Action.Update, modelNode, from, to); - Boolean retval = cacheGet(key); - if (retval == null) - { - retval = securityEvaluator.evaluateUpdate(securityEvaluator.getPrincipal(),modelNode, from, to); - cachePut(key, retval); - } - return retval; - } - - public boolean canUpdate( final Statement from, final Statement to ) - { - return canUpdate(from.asTriple(), to.asTriple()); - } - - /** - * check that create on the securedModel is allowed, - * - * @throws AccessDeniedException - * on failure - */ - protected void checkCreate() - { - if (!canCreate()) - { - throw new AccessDeniedException(modelNode, Action.Create); - } - } - - protected void checkCreate( final org.apache.jena.graph.Triple t ) - { - checkCreate(SecuredItemImpl.convert(t)); - } - - /** - * check that the triple can be created in the securedModel., - * - * @throws AccessDeniedException - * on failure - */ - protected void checkCreate( final SecTriple t ) - { - if (!canCreate(t)) - { - throw new AccessDeniedException(modelNode, t.toString(), - Action.Create); - } - } - - protected void checkCreate( final Statement s ) - { - checkCreate(s.asTriple()); - } - - protected void checkCreateReified( final String uri, final SecTriple t ) - { - checkUpdate(); - final SecNode n = uri == null ? SecNode.FUTURE : new SecNode(Type.URI, - uri); - checkCreate(new SecTriple(n, SecuredItemImpl.convert(RDF.subject - .asNode()), t.getSubject())); - checkCreate(new SecTriple(n, SecuredItemImpl.convert(RDF.predicate - .asNode()), t.getPredicate())); - checkCreate(new SecTriple(n, SecuredItemImpl.convert(RDF.object - .asNode()), t.getObject())); - } - - protected void checkCreateStatement( final ExtendedIterator<Statement> stmts ) - { - if (!canCreate(SecTriple.ANY)) - { - try - { - while (stmts.hasNext()) - { - checkCreate(stmts.next()); - } - } - finally - { - stmts.close(); - } - } - } - - protected void checkCreateTriples( - final ExtendedIterator<org.apache.jena.graph.Triple> triples ) - { - if (!canCreate(SecTriple.ANY)) - { - try - { - while (triples.hasNext()) - { - checkCreate(triples.next()); - } - } - finally - { - triples.close(); - } - } - } - - /** - * check that delete on the securedModel is allowed, - * - * @throws AccessDeniedException - * on failure - */ - protected void checkDelete() - { - if (!canDelete()) - { - throw new AccessDeniedException(modelNode, Action.Delete); - } - } - - protected void checkDelete( final org.apache.jena.graph.Triple t ) - { - checkDelete(SecuredItemImpl.convert(t)); - } - - /** - * check that the triple can be deleted in the securedModel., - * - * @throws AccessDeniedException - * on failure - */ - protected void checkDelete( final SecTriple t ) - { - if (!canDelete(t)) - { - throw new AccessDeniedException(modelNode, t.toString(), - Action.Delete); - } - } - - protected void checkDelete( final Statement s ) - { - checkDelete(s.asTriple()); - } - - protected void checkDeleteStatements( - final ExtendedIterator<Statement> stmts ) - { - if (!canDelete(SecTriple.ANY)) - { - try - { - while (stmts.hasNext()) - { - checkDelete(stmts.next()); - } - } - finally - { - stmts.close(); - } - } - } - - protected void checkDeleteTriples( - final ExtendedIterator<org.apache.jena.graph.Triple> triples ) - { - if (!canDelete(SecTriple.ANY)) - { - try - { - while (triples.hasNext()) - { - checkDelete(triples.next()); - } - } - finally - { - triples.close(); - } - } - } - - /** - * check that read on the securedModel is allowed, - * - * @throws AccessDeniedException - * on failure - */ - protected void checkRead() - { - if (!canRead()) - { - throw new AccessDeniedException(modelNode, Action.Read); - } - } - - protected void checkRead( final org.apache.jena.graph.Triple t ) - { - checkRead(SecuredItemImpl.convert(t)); - } - - /** - * check that the triple can be read in the securedModel., - * - * @throws AccessDeniedException - * on failure - */ - protected void checkRead( final SecTriple t ) - { - if (!canRead(t)) - { - throw new AccessDeniedException(modelNode, t.toString(), - Action.Read); - } - } - - protected void checkRead( final Statement s ) - { - checkRead(s.asTriple()); - } - - protected void checkReadStatement( final ExtendedIterator<Statement> stmts ) - { - try - { - while (stmts.hasNext()) - { - checkRead(stmts.next()); - } - } - finally - { - stmts.close(); - } - } - - protected void checkReadTriples( - final ExtendedIterator<org.apache.jena.graph.Triple> triples ) - { - try - { - while (triples.hasNext()) - { - checkRead(triples.next()); - } - } - finally - { - triples.close(); - } - } - - /** - * check that update on the securedModel is allowed, - * - * @throws AccessDeniedException - * on failure - */ - protected void checkUpdate() - { - if (!canUpdate()) - { - throw new AccessDeniedException(modelNode, Action.Update); - } - } - - protected void checkUpdate( final org.apache.jena.graph.Triple from, - final org.apache.jena.graph.Triple to ) - { - checkUpdate(SecuredItemImpl.convert(from), SecuredItemImpl.convert(to)); - } - - /** - * check that the triple can be updated in the securedModel., - * - * @param from the starting triple - * @param to the final triple. - * @throws AccessDeniedException - * on failure - */ - protected void checkUpdate( final SecTriple from, final SecTriple to ) - { - if (!canUpdate(from, to)) - { - throw new AccessDeniedException(modelNode, String.format( - "%s to %s", from, to), Action.Update); - } - } - - /* - * (non-Javadoc) - * - * @see org.apache.jena.security.SecuredItem#equals(java.lang.Object) - */ - @Override - public boolean equals( final Object o ) - { - if (Proxy.isProxyClass(o.getClass())) - { - return o.equals(itemHolder.getSecuredItem()); - } - else - { - if (o instanceof SecuredItemImpl) - { - return itemHolder.getBaseItem().equals( ((SecuredItemImpl)o).getBaseItem()); - } - return false; - } - } - - @Override - public int hashCode() - { - return itemHolder.getBaseItem().hashCode(); - } - /* - * (non-Javadoc) - * - * @see org.apache.jena.security.SecuredItem#getBaseItem() - */ - @Override - public Object getBaseItem() - { - return itemHolder.getBaseItem(); - } - - /* - * (non-Javadoc) - * - * @see org.apache.jena.security.SecuredItem#getModelIRI() - */ - @Override - public String getModelIRI() - { - return modelNode.getValue(); - } - - /** - * get the name of the model. - */ - @Override - public SecNode getModelNode() - { - return modelNode; - } - - /* - * (non-Javadoc) - * - * @see org.apache.jena.security.SecuredItem#getSecurityEvaluator() - */ - @Override - public SecurityEvaluator getSecurityEvaluator() - { - return securityEvaluator; - } - - /* - * (non-Javadoc) - * - * @see org.apache.jena.security.isEquivalent() - */ - @Override - public boolean isEquivalent( final SecuredItem securedItem ) - { - return SecuredItem.Util.isEquivalent(this, securedItem); - } -} \ No newline at end of file http://git-wip-us.apache.org/repos/asf/jena/blob/c4b0113d/jena-permissions/src/main/java/org/apache/jena/security/impl/SecuredItemInvoker.java ---------------------------------------------------------------------- diff --git a/jena-permissions/src/main/java/org/apache/jena/security/impl/SecuredItemInvoker.java b/jena-permissions/src/main/java/org/apache/jena/security/impl/SecuredItemInvoker.java deleted file mode 100644 index 9e9149d..0000000 --- a/jena-permissions/src/main/java/org/apache/jena/security/impl/SecuredItemInvoker.java +++ /dev/null @@ -1,146 +0,0 @@ -/* - * Licensed to the Apache Software Foundation (ASF) under one - * or more contributor license agreements. See the NOTICE file - * distributed with this work for additional information - * regarding copyright ownership. The ASF licenses this file - * to you under the Apache License, Version 2.0 (the - * "License"); you may not use this file except in compliance - * with the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ -package org.apache.jena.security.impl; - -import java.lang.reflect.InvocationHandler; -import java.lang.reflect.Method; -import java.lang.reflect.Modifier; -import java.lang.reflect.Proxy; - - -/** - * A generic InvocationHandler that handles the general invocation of the - * security methods. - */ -public class SecuredItemInvoker implements InvocationHandler -{ - // the equals() method - private static Method EQUALS; - // the toString() method - private static Method TO_STRING; - // the hashCode() method. - private static Method HASH_CODE; - // the instance of SecuredItem that this proxy is using. Must be - // package-private for ItemHolder use. - /* package-private */final SecuredItem securedItem; - - final Class<?> securedClass; - - // populate the static fields. - static - { - try - { - SecuredItemInvoker.EQUALS = Object.class.getMethod("equals", - Object.class); - SecuredItemInvoker.TO_STRING = Object.class.getMethod("toString"); - SecuredItemInvoker.HASH_CODE = Object.class.getMethod("hashCode"); - } - catch (final SecurityException e) - { - throw new RuntimeException(e); - } - catch (final NoSuchMethodException e) - { - throw new RuntimeException(e); - } - } - - /** - * Constructor. - * - * @param securedClass - * The class of the object that is being protected. - * @param securedItem - * The implementation of the SecuredItem version of the object. - */ - public SecuredItemInvoker( final Class<?> securedClass, - final SecuredItem securedItem ) - { - this.securedItem = securedItem; - this.securedClass = securedClass; - } - - @Override - public Object invoke( final Object proxy, final Method method, - final Object[] args ) throws Throwable - { - - // check for the special case methods - if (SecuredItemInvoker.EQUALS.equals(method)) - { - if (Proxy.isProxyClass(args[0].getClass())) - { - return args[0].equals(securedItem); - } - else - { - return securedItem.equals(args[0]); - } - } - - if (SecuredItemInvoker.HASH_CODE.equals(method)) - { - return securedItem.hashCode(); - } - - if (SecuredItemInvoker.TO_STRING.equals(method)) - { - return securedItem.toString(); - } - - try - { - final Method m = securedItem.getClass().getMethod(method.getName(), - method.getParameterTypes()); - if (!Modifier.isAbstract(m.getModifiers())) - { - try - { - SecuredItemImpl.incrementUse(); - try - { - return m.invoke(securedItem, args); - } - finally - { - SecuredItemImpl.decrementUse(); - } - - } - catch (final java.lang.reflect.InvocationTargetException e2) - { - if (e2.getTargetException() instanceof RuntimeException) - { - throw e2.getTargetException(); - } - throw e2; - } - } - } - catch (final NoSuchMethodException e2) - { - // acceptable - } - - // if we get here then the method is not being proxied so call the - // original method on the base item. - return method.invoke(securedItem.getBaseItem(), args); - - } -} http://git-wip-us.apache.org/repos/asf/jena/blob/c4b0113d/jena-permissions/src/main/java/org/apache/jena/security/model/SecuredAlt.java ---------------------------------------------------------------------- diff --git a/jena-permissions/src/main/java/org/apache/jena/security/model/SecuredAlt.java b/jena-permissions/src/main/java/org/apache/jena/security/model/SecuredAlt.java deleted file mode 100644 index 6b4dea4..0000000 --- a/jena-permissions/src/main/java/org/apache/jena/security/model/SecuredAlt.java +++ /dev/null @@ -1,264 +0,0 @@ -/* - * Licensed to the Apache Software Foundation (ASF) under one - * or more contributor license agreements. See the NOTICE file - * distributed with this work for additional information - * regarding copyright ownership. The ASF licenses this file - * to you under the Apache License, Version 2.0 (the - * "License"); you may not use this file except in compliance - * with the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ -package org.apache.jena.security.model; - -import org.apache.jena.rdf.model.Alt ; -import org.apache.jena.rdf.model.RDFNode ; -import org.apache.jena.rdf.model.ResourceF ; -import org.apache.jena.security.AccessDeniedException; - -/** - * The interface for secured Alt instances. - * - * Use the SecuredAlt.Factory to create instances - */ -@SuppressWarnings("deprecation") -public interface SecuredAlt extends Alt, SecuredContainer -{ - /** - * @sec.graph Read - * @sec.triple Read SecTriple(this, RDF.li(1), o ) - * @throws AccessDeniedException - */ - @Override - public SecuredRDFNode getDefault() throws AccessDeniedException; - - /** - * @sec.graph Read - * @sec.triple Read SecTriple(this, RDF.li(1), o ) - * @throws AccessDeniedException - */ - @Override - public SecuredAlt getDefaultAlt() throws AccessDeniedException; - - /** - * @sec.graph Read - * @sec.triple Read SecTriple(this, RDF.li(1), o ) - * @throws AccessDeniedException - */ - @Override - public SecuredBag getDefaultBag() throws AccessDeniedException; - - /** - * @sec.graph Read - * @sec.triple Read SecTriple(this, RDF.li(1), o ) - * @throws AccessDeniedException - */ - @Override - public boolean getDefaultBoolean() throws AccessDeniedException; - - /** - * @sec.graph Read - * @sec.triple Read SecTriple(this, RDF.li(1), o ) - * @throws AccessDeniedException - */ - @Override - public byte getDefaultByte() throws AccessDeniedException; - - /** - * @sec.graph Read - * @sec.triple Read SecTriple(this, RDF.li(1), o ) - * @throws AccessDeniedException - */ - @Override - public char getDefaultChar() throws AccessDeniedException; - - /** - * @sec.graph Read - * @sec.triple Read SecTriple(this, RDF.li(1), o ) - * @throws AccessDeniedException - */ - @Override - public double getDefaultDouble() throws AccessDeniedException; - - /** - * @sec.graph Read - * @sec.triple Read SecTriple(this, RDF.li(1), o ) - * @throws AccessDeniedException - */ - @Override - public float getDefaultFloat() throws AccessDeniedException; - - /** - * @sec.graph Read - * @sec.triple Read SecTriple(this, RDF.li(1), o ) - * @throws AccessDeniedException - */ - @Override - public int getDefaultInt() throws AccessDeniedException; - - /** - * @sec.graph Read - * @sec.triple Read SecTriple(this, RDF.li(1), o ) - * @throws AccessDeniedException - */ - @Override - public String getDefaultLanguage() throws AccessDeniedException; - - /** - * @sec.graph Read - * @sec.triple Read SecTriple(this, RDF.li(1), o ) - * @throws AccessDeniedException - */ - @Override - public SecuredLiteral getDefaultLiteral() throws AccessDeniedException; - - /** - * @sec.graph Read - * @sec.triple Read SecTriple(this, RDF.li(1), o ) - * @throws AccessDeniedException - */ - @Override - public long getDefaultLong() throws AccessDeniedException; - - /** - * @sec.graph Read - * @sec.triple Read SecTriple(this, RDF.li(1), o ) - * @throws AccessDeniedException - */ - @Override - public SecuredResource getDefaultResource() throws AccessDeniedException; - - /** - * @sec.graph Read - * @sec.triple Read SecTriple(this, RDF.li(1), o ) - * @throws AccessDeniedException - */ - @Override - @Deprecated - public SecuredResource getDefaultResource( final ResourceF f ) - throws AccessDeniedException; - - /** - * @sec.graph Read - * @sec.triple Read SecTriple(this, RDF.li(1), o ) - * @throws AccessDeniedException - */ - @Override - public SecuredSeq getDefaultSeq() throws AccessDeniedException; - - /** - * @sec.graph Read - * @sec.triple Read SecTriple(this, RDF.li(1), o ) - * @throws AccessDeniedException - */ - @Override - public short getDefaultShort() throws AccessDeniedException; - - /** - * @sec.graph Read - * @sec.triple Read SecTriple(this, RDF.li(1), o ) - * @throws AccessDeniedException - */ - @Override - public String getDefaultString() throws AccessDeniedException; - - /** - * @sec.graph Update - * @sec.triple Update SecTriple(this, RDF.li(1), existing ), SecTriple(this, - * RDF.li(1), o ) - * @sec.triple Create SecTriple(this, RDF.li(1), o ) if no current default - * @throws AccessDeniedException - */ - @Override - public SecuredAlt setDefault( final boolean o ) - throws AccessDeniedException; - - /** - * @sec.graph Update - * @sec.triple Update SecTriple(this, RDF.li(1), existing ), SecTriple(this, - * RDF.li(1), o ) - * @sec.triple Create SecTriple(this, RDF.li(1), o ) if no current default - * @throws AccessDeniedException - */ - @Override - public SecuredAlt setDefault( final char o ) throws AccessDeniedException; - - /** - * @sec.graph Update - * @sec.triple Update SecTriple(this, RDF.li(1), existing ), SecTriple(this, - * RDF.li(1), o ) - * @sec.triple Create SecTriple(this, RDF.li(1), o ) if no current default - * @throws AccessDeniedException - */ - @Override - public SecuredAlt setDefault( final double o ) throws AccessDeniedException; - - /** - * @sec.graph Update - * @sec.triple Update SecTriple(this, RDF.li(1), existing ), SecTriple(this, - * RDF.li(1), o ) - * @sec.triple Create SecTriple(this, RDF.li(1), o ) if no current default - * @throws AccessDeniedException - */ - @Override - public SecuredAlt setDefault( final float o ) throws AccessDeniedException; - - /** - * @sec.graph Update - * @sec.triple Update SecTriple(this, RDF.li(1), existing ), SecTriple(this, - * RDF.li(1), o ) - * @sec.triple Create SecTriple(this, RDF.li(1), o ) if no current default - * @throws AccessDeniedException - */ - @Override - public SecuredAlt setDefault( final long o ) throws AccessDeniedException; - - /** - * @sec.graph Update - * @sec.triple Update SecTriple(this, RDF.li(1), existing ), SecTriple(this, - * RDF.li(1), o ) - * @sec.triple Create SecTriple(this, RDF.li(1), o ) if no current default - * @throws AccessDeniedException - */ - @Override - public SecuredAlt setDefault( final Object o ) throws AccessDeniedException; - - /** - * @sec.graph Update - * @sec.triple Update SecTriple(this, RDF.li(1), existing ), SecTriple(this, - * RDF.li(1), o ) - * @sec.triple Create SecTriple(this, RDF.li(1), o ) if no current default - * @throws AccessDeniedException - */ - @Override - public SecuredAlt setDefault( final RDFNode o ) - throws AccessDeniedException; - - /** - * @sec.graph Update - * @sec.triple Update SecTriple(this, RDF.li(1), existing ), SecTriple(this, - * RDF.li(1), o ) - * @sec.triple Create SecTriple(this, RDF.li(1), o ) if no current default - * @throws AccessDeniedException - */ - @Override - public SecuredAlt setDefault( final String o ) throws AccessDeniedException; - - /** - * @sec.graph Update - * @sec.triple Update SecTriple(this, RDF.li(1), existing ), SecTriple(this, - * RDF.li(1), o ) - * @sec.triple Create SecTriple(this, RDF.li(1), o ) if no current default - * @throws AccessDeniedException - */ - @Override - public SecuredAlt setDefault( final String o, final String l ) - throws AccessDeniedException; - -} http://git-wip-us.apache.org/repos/asf/jena/blob/c4b0113d/jena-permissions/src/main/java/org/apache/jena/security/model/SecuredBag.java ---------------------------------------------------------------------- diff --git a/jena-permissions/src/main/java/org/apache/jena/security/model/SecuredBag.java b/jena-permissions/src/main/java/org/apache/jena/security/model/SecuredBag.java deleted file mode 100644 index 62d63fa..0000000 --- a/jena-permissions/src/main/java/org/apache/jena/security/model/SecuredBag.java +++ /dev/null @@ -1,29 +0,0 @@ -/* - * Licensed to the Apache Software Foundation (ASF) under one - * or more contributor license agreements. See the NOTICE file - * distributed with this work for additional information - * regarding copyright ownership. The ASF licenses this file - * to you under the Apache License, Version 2.0 (the - * "License"); you may not use this file except in compliance - * with the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ -package org.apache.jena.security.model; - -import org.apache.jena.rdf.model.Bag ; - -/** - * The interface for secured Bag instances. - * - * Use the SecuredBag.Factory to create instances - */ -public interface SecuredBag extends Bag, SecuredContainer -{ -} http://git-wip-us.apache.org/repos/asf/jena/blob/c4b0113d/jena-permissions/src/main/java/org/apache/jena/security/model/SecuredContainer.java ---------------------------------------------------------------------- diff --git a/jena-permissions/src/main/java/org/apache/jena/security/model/SecuredContainer.java b/jena-permissions/src/main/java/org/apache/jena/security/model/SecuredContainer.java deleted file mode 100644 index eff2858..0000000 --- a/jena-permissions/src/main/java/org/apache/jena/security/model/SecuredContainer.java +++ /dev/null @@ -1,218 +0,0 @@ -/* - * Licensed to the Apache Software Foundation (ASF) under one - * or more contributor license agreements. See the NOTICE file - * distributed with this work for additional information - * regarding copyright ownership. The ASF licenses this file - * to you under the Apache License, Version 2.0 (the - * "License"); you may not use this file except in compliance - * with the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ -package org.apache.jena.security.model; - -import java.util.Set; - -import org.apache.jena.rdf.model.Container ; -import org.apache.jena.rdf.model.RDFNode ; -import org.apache.jena.rdf.model.Statement ; -import org.apache.jena.security.AccessDeniedException; -import org.apache.jena.security.SecurityEvaluator.Action; -import org.apache.jena.security.model.impl.SecuredNodeIterator; - -/** - * The interface for secured Container instances. - * - * Use one of the SecuredContainer derived class Factory methods to create - * instances - */ -public interface SecuredContainer extends Container, SecuredResource -{ - - /** - * @sec.graph Update - * @sec.triple Create SecTriple( this, RDF.li, o ); - * @throws AccessDeniedException - */ - @Override - public SecuredContainer add( final boolean o ) throws AccessDeniedException; - - /** - * @sec.graph Update - * @sec.triple Create SecTriple( this, RDF.li, o ); - * @throws AccessDeniedException - */ - @Override - public SecuredContainer add( final char o ) throws AccessDeniedException; - - /** - * @sec.graph Update - * @sec.triple Create SecTriple( this, RDF.li, o ); - * @throws AccessDeniedException - */ - @Override - public SecuredContainer add( final double o ) throws AccessDeniedException; - - /** - * @sec.graph Update - * @sec.triple Create SecTriple( this, RDF.li, o ); - * @throws AccessDeniedException - */ - @Override - public SecuredContainer add( final float o ) throws AccessDeniedException; - - /** - * @sec.graph Update - * @sec.triple Create SecTriple( this, RDF.li, o ); - * @throws AccessDeniedException - */ - @Override - public SecuredContainer add( final long o ) throws AccessDeniedException; - - /** - * @sec.graph Update - * @sec.triple Create SecTriple( this, RDF.li, o ); - * @throws AccessDeniedException - */ - @Override - public SecuredContainer add( final Object o ) throws AccessDeniedException; - - /** - * @sec.graph Update - * @sec.triple Create SecTriple( this, RDF.li, o ); - * @throws AccessDeniedException - */ - @Override - public SecuredContainer add( final RDFNode o ) throws AccessDeniedException; - - /** - * @sec.graph Update - * @sec.triple Create SecTriple( this, RDF.li, o ); - * @throws AccessDeniedException - */ - @Override - public SecuredContainer add( final String o ) throws AccessDeniedException; - - /** - * @sec.graph Update - * @sec.triple Create SecTriple( this, RDF.li, o ); - * @throws AccessDeniedException - */ - @Override - public SecuredContainer add( final String o, final String l ) - throws AccessDeniedException; - - /** - * @sec.graph Read - * @sec.triple Read SecTriple( this, RDF.li, o ); - * @throws AccessDeniedException - */ - @Override - public boolean contains( final boolean o ) throws AccessDeniedException; - - /** - * @sec.graph Read - * @sec.triple Read SecTriple( this, RDF.li, o ); - * @throws AccessDeniedException - */ - @Override - public boolean contains( final char o ) throws AccessDeniedException; - - /** - * @sec.graph Read - * @sec.triple Read SecTriple( this, RDF.li, o ); - * @throws AccessDeniedException - */ - @Override - public boolean contains( final double o ) throws AccessDeniedException; - - /** - * @sec.graph Read - * @sec.triple Read SecTriple( this, RDF.li, o ); - * @throws AccessDeniedException - */ - @Override - public boolean contains( final float o ) throws AccessDeniedException; - - /** - * @sec.graph Read - * @sec.triple Read SecTriple( this, RDF.li, o ); - * @throws AccessDeniedException - */ - @Override - public boolean contains( final long o ) throws AccessDeniedException; - - /** - * @sec.graph Read - * @sec.triple Read SecTriple( this, RDF.li, o ); - * @throws AccessDeniedException - */ - @Override - public boolean contains( final Object o ) throws AccessDeniedException; - - /** - * @sec.graph Read - * @sec.triple Read SecTriple( this, RDF.li, o ); - * @throws AccessDeniedException - */ - @Override - public boolean contains( final RDFNode o ) throws AccessDeniedException; - - /** - * @sec.graph Read - * @sec.triple Read SecTriple( this, RDF.li, o ); - * @throws AccessDeniedException - */ - @Override - public boolean contains( final String o ) throws AccessDeniedException; - - /** - * @sec.graph Read - * @sec.triple Read SecTriple( this, RDF.li, o ); - * @throws AccessDeniedException - */ - @Override - public boolean contains( final String o, final String l ) - throws AccessDeniedException; - - /** - * @sec.graph Read - * @sec.triple Read on each triple ( this, rdf:li_? node ) returned by - * iterator; - * @throws AccessDeniedException - */ - @Override - public SecuredNodeIterator<RDFNode> iterator() throws AccessDeniedException; - - /** - * @param perms the Permissions required on each node returned - * @sec.graph Read - * @sec.triple Read + perms on each triple ( this, rdf:li_? node ) returned - * by iterator; - * @throws AccessDeniedException - */ - public SecuredNodeIterator<RDFNode> iterator( Set<Action> perms ) - throws AccessDeniedException; - - /** - * @sec.graph Update - * @sec.triple Delete s as triple; - * @throws AccessDeniedException - */ - @Override - public SecuredContainer remove( final Statement s ) - throws AccessDeniedException; - - /** - * @sec.graph Read - * @throws AccessDeniedException - */ - @Override - public int size() throws AccessDeniedException; -} http://git-wip-us.apache.org/repos/asf/jena/blob/c4b0113d/jena-permissions/src/main/java/org/apache/jena/security/model/SecuredLiteral.java ---------------------------------------------------------------------- diff --git a/jena-permissions/src/main/java/org/apache/jena/security/model/SecuredLiteral.java b/jena-permissions/src/main/java/org/apache/jena/security/model/SecuredLiteral.java deleted file mode 100644 index bb34453..0000000 --- a/jena-permissions/src/main/java/org/apache/jena/security/model/SecuredLiteral.java +++ /dev/null @@ -1,165 +0,0 @@ -/* - * Licensed to the Apache Software Foundation (ASF) under one - * or more contributor license agreements. See the NOTICE file - * distributed with this work for additional information - * regarding copyright ownership. The ASF licenses this file - * to you under the Apache License, Version 2.0 (the - * "License"); you may not use this file except in compliance - * with the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ -package org.apache.jena.security.model; - -import org.apache.jena.datatypes.DatatypeFormatException ; -import org.apache.jena.datatypes.RDFDatatype ; -import org.apache.jena.rdf.model.Literal ; -import org.apache.jena.rdf.model.Model ; -import org.apache.jena.security.AccessDeniedException; - -/** - * The interface for secured Literal instances. - * - * Use the SecuredLiteral.Factory to create instances - */ -public interface SecuredLiteral extends Literal, SecuredRDFNode -{ - - @Override - public SecuredLiteral asLiteral(); - - // @Override - // public SecuredResource asResource(); - - /** - * @sec.graph Read - * @throws AccessDeniedException - */ - @Override - public boolean getBoolean() throws AccessDeniedException, - DatatypeFormatException; - - /** - * @sec.graph Read - * @throws AccessDeniedException - */ - @Override - public byte getByte() throws AccessDeniedException, DatatypeFormatException; - - /** - * @sec.graph Read - * @throws AccessDeniedException - */ - @Override - public char getChar() throws AccessDeniedException, DatatypeFormatException; - - /** - * @sec.graph Read - * @throws AccessDeniedException - */ - @Override - public RDFDatatype getDatatype() throws AccessDeniedException; - - /** - * @sec.graph Read - * @throws AccessDeniedException - */ - @Override - public String getDatatypeURI() throws AccessDeniedException; - - /** - * @sec.graph Read - * @throws AccessDeniedException - */ - @Override - public double getDouble() throws AccessDeniedException, - DatatypeFormatException; - - /** - * @sec.graph Read - * @throws AccessDeniedException - */ - @Override - public float getFloat() throws AccessDeniedException, - DatatypeFormatException; - - /** - * @sec.graph Read - * @throws AccessDeniedException - */ - @Override - public int getInt() throws AccessDeniedException, DatatypeFormatException; - - /** - * @sec.graph Read - * @throws AccessDeniedException - */ - @Override - public String getLanguage() throws AccessDeniedException; - - /** - * @sec.graph Read - * @throws AccessDeniedException - */ - @Override - public String getLexicalForm() throws AccessDeniedException; - - /** - * @sec.graph Read - * @throws AccessDeniedException - */ - @Override - public long getLong() throws AccessDeniedException, DatatypeFormatException; - - /** - * @sec.graph Read - * @throws AccessDeniedException - */ - @Override - public short getShort() throws AccessDeniedException, - DatatypeFormatException; - - /** - * @sec.graph Read - * @throws AccessDeniedException - */ - @Override - public String getString() throws AccessDeniedException, - DatatypeFormatException; - - /** - * @sec.graph Read - * @throws AccessDeniedException - */ - @Override - public Object getValue() throws AccessDeniedException; - - /** - * @sec.graph Read - * @throws AccessDeniedException - */ - @Override - public Literal inModel( final Model m ) throws AccessDeniedException; - - /** - * @sec.graph Read - * @throws AccessDeniedException - */ - @Override - public boolean isWellFormedXML() throws AccessDeniedException; - - /** - * @sec.graph Read - * @throws AccessDeniedException - */ - @Override - public boolean sameValueAs( final Literal other ) - throws AccessDeniedException; - -}
