http://git-wip-us.apache.org/repos/asf/jena/blob/c4b0113d/jena-permissions/src/main/java/org/apache/jena/security/SecuredAssembler.java ---------------------------------------------------------------------- diff --git a/jena-permissions/src/main/java/org/apache/jena/security/SecuredAssembler.java b/jena-permissions/src/main/java/org/apache/jena/security/SecuredAssembler.java deleted file mode 100644 index 02b255d..0000000 --- a/jena-permissions/src/main/java/org/apache/jena/security/SecuredAssembler.java +++ /dev/null @@ -1,264 +0,0 @@ -/* - * Licensed to the Apache Software Foundation (ASF) under one - * or more contributor license agreements. See the NOTICE file - * distributed with this work for additional information - * regarding copyright ownership. The ASF licenses this file - * to you under the Apache License, Version 2.0 (the - * "License"); you may not use this file except in compliance - * with the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ -package org.apache.jena.security; - -import java.lang.reflect.InvocationTargetException; -import java.lang.reflect.Method; -import java.lang.reflect.Modifier; - -import org.apache.jena.assembler.Assembler ; -import org.apache.jena.assembler.JA ; -import org.apache.jena.assembler.Mode ; -import org.apache.jena.assembler.assemblers.AssemblerGroup ; -import org.apache.jena.assembler.assemblers.ModelAssembler ; -import org.apache.jena.assembler.exceptions.AssemblerException ; -import org.apache.jena.rdf.model.Literal ; -import org.apache.jena.rdf.model.Model ; -import org.apache.jena.rdf.model.Resource ; -import org.apache.jena.sparql.util.MappingRegistry ; - -/** - * Assembler for a secured model. - * - * <p> - * The assembler file should include the following - * <code><pre> - * <>; ja:loadClass "org.apache.jena.security.SecuredAssembler" . - * - * sec:Model rdfs:subClassOf ja:NamedModel . - * - * sec:evaluator rdfs:domain sec:Model ; - * rdfs:range sec:Evaluator . - * </pre></code> - * - * The model definition should include something like. - * - * <code><pre> - * my:secModel a sec:Model ; - * sec:baseModel my:baseModel ; - * ja:modelName "http://example.com/securedModel"; ; - * sec:evaluatorFactory "org.apache.jena.security.MockSecurityEvaluator" ; - * . - * </pre></code> - * - * Terms used in above example: - * - * <dl> - * <dt>my:secModel</dt> - * <dd>The secured model as referenced in the assembler file.</dd> - * - * <dt>sec:Model</dt> - * <dd>Identifes my:secModel as a secured model</dd> - * - * <dt>sec:baseModel</dt> - * <dd>Identifies my:baseModel as the base model we are applying security to</dd> - * - * <dt>my:baseModel</dt> - * <dd>a ja:Model (or subclass) defined elsewhere in the assembler file</dd> - * - * <dt>ja:modelName</dt> - * <dd>The name of the graph as it will be addressed in the security environment - * (see ja:NamedModel examples from Jena)</dd> - * - * <dt>sec:evaluatorFactory</dt> - * <dd>Identifies "org.apache.jena.security.MockSecurityEvaluator" as the java class - * that implements an Evaluator Factory. The Factory must have - * static method <code>getInstance()</code> that returns a SecurityEvaluator.</dd> - * </dl> - * - * or if using an evaluator assembler - * - * <code><pre> - * my:secModel a sec:Model ; - * sec:baseModel my:baseModel ; - * ja:modelName "http://example.com/securedModel"; ; - * sec:evaluatorImpl ex:myEvaluator; - * . - * - * ex:myEvaluator a sec:Evaluator ; - * ex:arg1 "argument 1 for my evaluator constructor" ; - * ex:arg2 "argument 2 for my evaluator constructor" ; - * . - * - * </pre></code> - * - * Terms used in above example: - * - * <dl> - * <dt>my:secModel</dt> - * <dd>The secured model as referenced in the assembler file.</dd> - * - * <dt>sec:Model</dt> - * <dd>Identifes my:secModel as a secured model</dd> - * - * <dt>sec:baseModel</dt> - * <dd>Identifies my:baseModel as the base model we are applying security to</dd> - * - * <dt>my:baseModel</dt> - * <dd>a ja:Model (or subclass) defined elsewhere in the assembler file</dd> - * - * <dt>ja:modelName</dt> - * <dd>The name of the graph as it will be addressed in the security environment - * (see ja:NamedModel examples from Jena)</dd> - * - * <dt>sec:evaluatorImpl</dt> - * <dd>Identifies ex:myEvaluator as a SecurityEvaluator defined elsewhere in the assembler file. - * It must subclass as a sec:Evaluator.</dd> - * </dd> - * - * <dt>ex:arg1 and ex:arg2</dt> - * <dd>Arguments as defined by the user defined security evaluator assembler.</dd> - * </dl> - - * </p> - * - */ -public class SecuredAssembler extends ModelAssembler implements AssemblerConstants { - private static boolean initialized; - - // message formats - private static final String ERROR_FINDING_FACTORY = "Error finding factory class %s: %s"; - - static { init() ; } - - /** - * Initialize the assembler. - * Registers the prefix "sec" with the uri http://apache.org/jena/security/Assembler# - * and registers this assembler with the uri http://apache.org/jena/security/Assembler#Model - */ - static synchronized public void init() - { - if ( initialized ) - return ; - MappingRegistry.addPrefixMapping("sec", URI) ; - registerWith(Assembler.general) ; - initialized = true ; - } - - /** - * Register this assembler in the assembler group. - * @param group The assembler group to register with. - */ - static void registerWith(AssemblerGroup group) - { - if ( group == null ) - group = Assembler.general ; - group.implementWith( SECURED_MODEL, new SecuredAssembler()) ; - group.implementWith( EVALUATOR_ASSEMBLER, new SecurityEvaluatorAssembler()); - } - - @Override - public Model open(Assembler a, Resource root, Mode mode) { - - Resource rootModel = getUniqueResource( root, BASE_MODEL ); - if (rootModel == null) - { - throw new AssemblerException( root, String.format( NO_X_PROVIDED, BASE_MODEL, root )); - } - Model baseModel = a.openModel(rootModel, Mode.ANY); - - Literal modelName = getUniqueLiteral( root, JA.modelName ); - if (modelName == null) - { - throw new AssemblerException( root, String.format( NO_X_PROVIDED, JA.modelName, root )); - } - - Literal factoryName = getUniqueLiteral( root, EVALUATOR_FACTORY ); - Resource evaluatorImpl = getUniqueResource( root, EVALUATOR_IMPL ); - if (factoryName == null && evaluatorImpl == null) - { - throw new AssemblerException( root, - String.format( "Either a %s or a %s must be provided for %s" , - EVALUATOR_FACTORY, EVALUATOR_IMPL, root )); - } - if (factoryName != null && evaluatorImpl != null) - { - throw new AssemblerException( root, - String.format( "May not specify both a %s and a %s for %s" , - EVALUATOR_FACTORY, EVALUATOR_IMPL, root )); - } - SecurityEvaluator securityEvaluator = null; - if (factoryName != null) - { - securityEvaluator = executeEvaluatorFactory( root, factoryName ); - } - if (evaluatorImpl != null) - { - securityEvaluator = getEvaluatorImpl( a, evaluatorImpl ); - } - return Factory.getInstance(securityEvaluator, modelName.asLiteral().getString(), baseModel); - - } - - @Override - protected Model openEmptyModel(Assembler a, Resource root, Mode mode) { - return open(a, root, mode); - } - - private SecurityEvaluator executeEvaluatorFactory(Resource root, Literal factoryName ) { - try - { - Class<?> factoryClass = Class.forName( factoryName.getString() ); - Method method = factoryClass.getMethod("getInstance" ); - if ( ! SecurityEvaluator.class.isAssignableFrom(method.getReturnType())) - { - throw new AssemblerException( root, String.format( "%s (found at %s for %s) getInstance() must return an instance of SecurityEvaluator", factoryName, EVALUATOR_FACTORY, root )); - } - if ( ! Modifier.isStatic( method.getModifiers())) - { - throw new AssemblerException( root, String.format( "%s (found at %s for %s) getInstance() must be a static method", factoryName, EVALUATOR_FACTORY, root )); - } - return (SecurityEvaluator) method.invoke( null ); - } - catch (SecurityException e) - { - throw new AssemblerException( root, String.format( ERROR_FINDING_FACTORY, factoryName, e.getMessage() ), e); - } - catch (IllegalArgumentException e) - { - throw new AssemblerException( root, String.format( ERROR_FINDING_FACTORY, factoryName, e.getMessage() ), e); - } - catch (ClassNotFoundException e) - { - throw new AssemblerException( root, String.format( "Class %s (found at %s for %s) could not be loaded", factoryName, EVALUATOR_FACTORY, root )); - } - catch (NoSuchMethodException e) - { - throw new AssemblerException( root, String.format( "%s (found at %s for %s) must implement a static getInstance() that returns an instance of SecurityEvaluator", factoryName, EVALUATOR_FACTORY, root )); - } - catch (IllegalAccessException e) - { - throw new AssemblerException( root, String.format( ERROR_FINDING_FACTORY, factoryName, e.getMessage() ), e); - } - catch (InvocationTargetException e) - { - throw new AssemblerException( root, String.format( ERROR_FINDING_FACTORY, factoryName, e.getMessage() ), e); - } - } - - private SecurityEvaluator getEvaluatorImpl(Assembler a, Resource evaluatorImpl ) { - Object obj = a.open(a, evaluatorImpl, Mode.ANY); - if (obj instanceof SecurityEvaluator) - { - return (SecurityEvaluator) obj; - } - throw new AssemblerException( evaluatorImpl, String.format( - "%s does not specify a SecurityEvaluator instance", evaluatorImpl)); - } - -}
http://git-wip-us.apache.org/repos/asf/jena/blob/c4b0113d/jena-permissions/src/main/java/org/apache/jena/security/SecurityEvaluator.java ---------------------------------------------------------------------- diff --git a/jena-permissions/src/main/java/org/apache/jena/security/SecurityEvaluator.java b/jena-permissions/src/main/java/org/apache/jena/security/SecurityEvaluator.java deleted file mode 100644 index c700090..0000000 --- a/jena-permissions/src/main/java/org/apache/jena/security/SecurityEvaluator.java +++ /dev/null @@ -1,616 +0,0 @@ -/* - * Licensed to the Apache Software Foundation (ASF) under one - * or more contributor license agreements. See the NOTICE file - * distributed with this work for additional information - * regarding copyright ownership. The ASF licenses this file - * to you under the Apache License, Version 2.0 (the - * "License"); you may not use this file except in compliance - * with the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ -package org.apache.jena.security; - -import java.util.Arrays; -import java.util.Collection; -import java.util.LinkedHashSet; -import java.util.Set; - -import org.apache.commons.lang3.builder.HashCodeBuilder; - -/** - * SecurityEvaluator. - * <p> - * The security evaluator is the link between the graph security system and an - * external security system. This interface specifies the methods that are - * required by the graph security system. It is assumed that the implementation - * will handle tracking the current user and will query some underlying data - * source to determine what actions the user can and can not take. - * </p> - * <p> - * All questions of white listing or black listing will be handled in the - * concrete implementation. - * </p> - * <p> - * Implementations of this class should probably cache any evaluate calculations - * as the evaluate methods are called frequently. However, the underlying - * classes do cache results within a single method check. - * </p> - * <p> - * <dl> - * <dt>Secured operations</dt> - * <dd>The security system recognizes and secures each of the CRUD (Create, - * Read, Update and Delete) operations as represented by the Action enumeration. - * </dd> - * </dl> - * <dl> - * <dt>Levels of security</dt> - * <dd>The security interfaces operates at two (2) levels: graph (or Model) and - * triple. - * <p> - * At the the graph level the security evaluator may restrict CRUD access to the - * graph or model as a whole. When evaluating the restriction, if the user it - * not permitted to perform the operation on the graph or model access is - * denied. If the user is permitted any triple restrictions are evaluated. - * </p> - * <p> - * At the triple level the security evaluator may restrict CRUD access to - * specific triples. In order to skip potentially expensive triple security - * checks the system will generally ask if the user is permitted the CRUD action - * on any triple. This is represented by the SecTriple - * <code>(ANY, ANY, ANY)</code>. - * <ul> - * <li> - * If the system does not support triple level security the system should always - * return <code>true</code>.</li> - * If the system does support triple level security and is unable to verify that - * the user can execute the CRUD action against any arbitrary triple the system - * should return <code>false</code>. </li> - * <li>See <code>SecNode.ANY</code>, <code>SecNode.FUTURE</code>, and - * <code>SecNode.VARIABLE</code> for discussion of specifics of their respective - * usages.</li> - * </ul> - * </p> - * </dd> - * </dl> - * <dl> - * <dt> - * - * </p> - */ -public interface SecurityEvaluator { - /** - * Identifies a sepcific CRUD actions. - */ - static enum Action { - /** - * Allow creation of the object in question. - */ - Create, - /** - * Allow the user to read the object in question. - */ - Read, - /** - * Allow the user to update the object in question - */ - Update, - /** - * Allow the user to delete the object in question. - */ - Delete - - } - - /** - * A node in the evaluation. - * <p> - * A node with no value represents a node of that type but unknown - * exactitude. (e.g. <code>SecNode(URI,"")</code> is a URI but of unknown - * value. Useful for systems that restrict type creation. - * </p> - * <p> - * <code>SecNode(Anonymous,"")</code> represents an anonymous node that will - * be created. Otherwise anonymous node values are the values within the - * secured graph. - * </p> - * <p> - * An "Any" node type matches any node. - * </p> - */ - public static class SecNode implements Comparable<SecNode> { - - /** - * The types of nodes. - */ - public static enum Type { - /** - * A URI type node - */ - URI, - /** - * A Literal node. - */ - Literal, - /** - * An anonymous node. Also called a "blank" node. - */ - Anonymous, - /** - * Any node. - */ - Any - } - - /** - * Matches any node in the security system. - * <p> - * Used in triple checks as follows: - * <dl> - * <dt><code>(ANY, ANY, ANY)</code></dt> - * <dd>Asks if the user may perform the action on any triple.</dd> - * <dt><code>(X, ANY, ANY)</code></dt> - * <dd>Asks if the user may perform the action against any triple where - * X is the subject.</dd> - * <dt><code>(ANY, X, ANY)</code></dt> - * <dd>Asks if the user may perform the action against any triple where - * X is the predicate.</dd> - * <dt><code>(SecNode.ANY, SecNode.ANY, SecNode.X)</code></dt> - * <dd>Asks if if the user may perform the action against any triple - * where X is the object.</dd> - * </dl> - * The <code>ANY</code> may occur multiple times and may occur with the - * <code>VARIABLE</code> and/or <code>FUTURE</code> nodes. - * </p> - */ - public static final SecNode ANY = new SecNode(Type.Any, "any"); - - /** - * Indicates a variable in the triple. - * <p> - * </p> - * This differs from <code>ANY</code> in that the system is asking if - * there are any prohibitions not if the user may perform. Thus queries - * with the VARIABLE type node should return <code>true</code> where - * <code>ANY</code> returns <code>false</code>. In general this type is - * used in the query to determine if triple level filtering of results - * must be performed. - * <p> - * </p> - * <p> - * <dl> - * <dt><code>(VARIABLE, X, Y )</code></dt> - * <dd> - * Asks if there are any prohibitions against the user seeing all - * subjects that have property X and object Y.</dd> - * <dt> - * <code>(X, VARIABLE, Y )</code></dt> - * <dd> - * Asks if there are any prohibitions against the user seeing all - * predicates that have subject X and object Y.</dd> - * <dt> - * <code>(X, Y, VARIABLE)</code></dt> - * <dd> - * Asks if there are any prohibitions against the user seeing all - * objects that have subject X and predicate Y.</dd> - * </dl> - * The <code>VARIABLE</code> may occur multiple times and may occur with - * the <code>ANY</code> node. - * </p> - * - */ - public static final SecNode VARIABLE = new SecNode(Type.Any, "variable"); - - /** - * This is an anonymous node that will be created in the future. - * <p> - * FUTURE is used to check that an anonymous node may be created in as - * specific position in a triple. - * </p> - * <p> - * <dl> - * <dt><code>(FUTURE, X, Y )</code></dt> - * <dd> - * Asks if there the user may create an anonymous node that has property - * X and object Y.</dd> - * <dt> - * <code>(X, Y, FUTURE)</code></dt> - * <dd> - * Asks if there the user may create an anonymous node that has subject - * X and property Y.</dd> - * </dl> - * The <code>FUTURE</code> may occur multiple times and may occur with - * the <code>ANY</code> node. - * </p> - */ - public static final SecNode FUTURE = new SecNode(Type.Anonymous, ""); - - private final Type type; - private final String value; - private Integer hashCode; - - /** - * Create a SecNode of the type and value. - * - * @param type - * The type of the node - * @param value - * The value of the node. A null is interpreted as an empty - * string. - */ - public SecNode(final Type type, final String value) { - this.type = type; - this.value = value == null ? "" : value; - } - - @Override - public int compareTo(final SecNode node) { - final int retval = type.compareTo(node.type); - return retval == 0 ? value.compareTo(node.value) : retval; - } - - @Override - public boolean equals(final Object o) { - if (o instanceof SecNode) { - return this.compareTo((SecNode) o) == 0; - } - return false; - } - - /** - * Get the type of the node. - * - * @return The type of the node. - */ - public Type getType() { - return type; - } - - /** - * Get the value of the node. - * - * @return the value of the node - */ - public String getValue() { - return value; - } - - @Override - public int hashCode() { - if (hashCode == null) { - hashCode = new HashCodeBuilder().append(type).append(value) - .toHashCode(); - } - return hashCode; - } - - @Override - public String toString() { - return String.format("[%s:%s]", getType(), getValue()); - } - } - - /** - * An immutable triple of SecNodes. - */ - public static class SecTriple implements Comparable<SecTriple> { - private final SecNode subject; - private final SecNode predicate; - private final SecNode object; - private transient Integer hashCode; - - /** - * The triple of <code>(ANY, ANY, ANY)</code>. - */ - public static final SecTriple ANY = new SecTriple(SecNode.ANY, - SecNode.ANY, SecNode.ANY); - - /** - * Create the sec triple - * - * @param subject - * The subject node. - * @param predicate - * The predicate node. - * @param object - * The object node. - * @throws IllegalArgumentException - * is any value is null. - */ - public SecTriple(final SecNode subject, final SecNode predicate, - final SecNode object) { - if (subject == null) { - throw new IllegalArgumentException("Subject may not be null"); - } - if (predicate == null) { - throw new IllegalArgumentException("Predicate may not be null"); - } - if (object == null) { - throw new IllegalArgumentException("Object may not be null"); - } - this.subject = subject; - this.predicate = predicate; - this.object = object; - } - - @Override - public int compareTo(final SecTriple o) { - if (o == null) { - return 1; - } - int retval = subject.compareTo(o.subject); - if (retval == 0) { - retval = predicate.compareTo(o.predicate); - } - return retval == 0 ? object.compareTo(o.object) : retval; - } - - @Override - public boolean equals(final Object o) { - if (o instanceof SecTriple) { - return this.compareTo((SecTriple) o) == 0; - } - return false; - } - - /** - * @return the object node. - */ - public SecNode getObject() { - return object; - } - - /** - * @return the predicate node. - */ - public SecNode getPredicate() { - return predicate; - } - - /** - * @return the subject node. - */ - public SecNode getSubject() { - return subject; - } - - @Override - public int hashCode() { - if (hashCode == null) { - hashCode = new HashCodeBuilder().append(object) - .append(predicate).append(subject).toHashCode(); - } - return hashCode; - } - - @Override - public String toString() { - return String.format("( %s, %s, %s )", getSubject(), - getPredicate(), getObject()); - } - } - - /** - * A collection of utility functions for the SecurityEvaluator - * implementations. - */ - public static class Util { - /** - * Return an array of actions as a set. - * <p> - * The order of the collection is preserved - * </p> - * - * @param actions - * The actions. - * @return The set of actions. - */ - public static Set<Action> asSet(final Action[] actions) { - return Util.asSet(Arrays.asList(actions)); - } - - /** - * Return a collection of actions as a set. - * <p> - * The order of the collection is preserved - * </p> - * - * @param actions - * The collection of actions. - * @return The set of actions. - */ - public static Set<Action> asSet(final Collection<Action> actions) { - if (actions instanceof Set) { - return (Set<Action>) actions; - } - else { - return new LinkedHashSet<Action>(actions); - } - } - } - - /** - * Determine if the action is allowed on the graph. - * - * @param principal - * The principal that is attempting the action. - * - * @param action - * The action to perform - * @param graphIRI - * The IRI of the graph to check - * @return true if the action is allowed, false otherwise. - */ - public boolean evaluate(Object principal, Action action, SecNode graphIRI); - - /** - * Determine if the action is allowed on the triple within the graph. - * <p> - * The evaluation should be performed in the following order: - * <ol> - * <li> - * If the triple contains a <code>VARIABLE</code> then this method must - * return <code>true</code> if there are any restrictions where the - * remaining nodes are either constants or <code>ANY</code> nodes. This will - * force the system to use subsequent checks to verify access by - * substituting the value of the <code>VARIABLE</code>s. - * <em>If the system can not quickly verify the solution - * it is always acceptable to return <code>true</code>.</em> - * <li> - * Except as specified in the above check, if the triple contains an - * <code>ANY</code> then this method must return <code>false</code> if there - * are any restrictions where the remaining nodes are held constant and the - * ANY node is allowed to vary. This checks is used to avoid subsequent - * explicit triple checks. - * <em>If the system can not quickly verify the solution it is always - * acceptable to return <code>false</code>.</em></li> - * <li>All other triples are explict triples and the system must determine - * if the user is permitted to perform the action on the triple. If the - * triple contains a <code>FUTURE</code> node that node should be considered - * as an anonymous or blank node that is not yet created. It should only be - * used with <code>Create</code> actions and is asking if the user may - * create a blank node in that position in the triple.</li> - * </ol> - * </p> - * - * @param principal - * The principal that is attempting the action. - * - * @param action - * The action to perform - * @param graphIRI - * The IRI of the graph to the action is being taken upon. May be - * <code>ANY</code>. - * @param triple - * The triple to check - * @return true if the action is allowed, false otherwise. - * @throws IllegalArgumentException - * if any argument is null. - */ - public boolean evaluate(Object principal, Action action, SecNode graphIRI, - SecTriple triple); - - /** - * Determine if all actions are allowed on the graph. - * - * @param principal - * The principal that is attempting the action. - * - * @param actions - * The set of actions to perform - * @param graphIRI - * The IRI of the graph to the action is being taken upon. May be - * <code>ANY</code>. - * @return true if all the actions are allowed, false otherwise. - * @throws IllegalArgumentException - * if any argument is null. - */ - public boolean evaluate(Object principal, Set<Action> actions, - SecNode graphIRI); - - /** - * Determine if all the actions are allowed on the triple within the graph. - * <p> - * See evaluate( Action, SecNode, SecTriple ) for discussion of evaluation - * strategy. - * </p> - * - * @param actions - * The actions to perform. - * @param graphIRI - * The IRI of the graph to the action is being taken upon. May be - * <code>ANY</code>. - * @param triple - * The triple to check - * @return true if all the actions are allowed, false otherwise. - * @throws IllegalArgumentException - * if any argument is null. - */ - public boolean evaluate(Object principal, Set<Action> actions, - SecNode graphIRI, SecTriple triple); - - /** - * Determine if any of the actions are allowed on the graph. - * - * @param principal - * The principal that is attempting the action. - * - * @param actions - * The actions to perform - * @param graphIRI - * The IRI of the graph to the action is being taken upon. May be - * <code>ANY</code>. - * @return true true if any the actions are allowed, false otherwise. - * @throws IllegalArgumentException - * if any argument is null. - */ - public boolean evaluateAny(Object principal, Set<Action> actions, - SecNode graphIRI); - - /** - * Determine if any of the actions are allowed on the triple within the - * graph. - * <p> - * See evaluate( Action, SecNode, SecTriple ) for discussion of evaluation - * strategy. - * </p> - * - * @param principal - * The principal that is attempting the action. - * - * @param actions - * The actions to check. - * @param graphIRI - * The IRI of the graph to the action is being taken upon. May be - * <code>ANY</code>. - * @param triple - * The triple to check - * @return true if any the actions are allowed, false otherwise. - * @throws IllegalArgumentException - * if any argument is null. - */ - public boolean evaluateAny(Object principal, Set<Action> actions, - SecNode graphIRI, SecTriple triple); - - /** - * Determine if the user is allowed to update the "from" triple to the "to" - * triple. - * <p> - * Update is a special case since it modifies one triple to be another. So - * the user must have permissions to change the "from" triple into the "to" - * triple. - * - * @param principal - * The principal that is attempting the action. - * @param graphIRI - * The IRI of the graph to the action is being taken upon. May be - * <code>ANY</code>. - * @param from - * The triple to be changed - * @param to - * The value to change it to. - * @return true if the user may make the change, false otherwise. - * @throws IllegalArgumentException - * if any argument is null. - */ - public boolean evaluateUpdate(Object principal, SecNode graphIRI, - SecTriple from, SecTriple to); - - /** - * returns the current principal or null if there is no current principal. - * - * All security evaluation methods use this method to determine who the call - * is being executed as. This allows subsystems (like the listener system) - * to capture the current user and evaluate later calls in terms of that - * user. - * - * @return The current principal - */ - public Object getPrincipal(); -} http://git-wip-us.apache.org/repos/asf/jena/blob/c4b0113d/jena-permissions/src/main/java/org/apache/jena/security/SecurityEvaluatorAssembler.java ---------------------------------------------------------------------- diff --git a/jena-permissions/src/main/java/org/apache/jena/security/SecurityEvaluatorAssembler.java b/jena-permissions/src/main/java/org/apache/jena/security/SecurityEvaluatorAssembler.java deleted file mode 100644 index 57f6dfd..0000000 --- a/jena-permissions/src/main/java/org/apache/jena/security/SecurityEvaluatorAssembler.java +++ /dev/null @@ -1,183 +0,0 @@ -/* - * Licensed to the Apache Software Foundation (ASF) under one - * or more contributor license agreements. See the NOTICE file - * distributed with this work for additional information - * regarding copyright ownership. The ASF licenses this file - * to you under the Apache License, Version 2.0 (the - * "License"); you may not use this file except in compliance - * with the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ -package org.apache.jena.security; - -import java.lang.reflect.Constructor; -import java.lang.reflect.InvocationTargetException; -import java.util.ArrayList; -import java.util.List; - -import org.apache.jena.assembler.Assembler ; -import org.apache.jena.assembler.Mode ; -import org.apache.jena.assembler.assemblers.AssemblerBase ; -import org.apache.jena.assembler.exceptions.AssemblerException ; -import org.apache.jena.rdf.model.* ; - -/** - * A simple assembler for a SecurityEvaluator - * <p> - * This assembler load the specified class, locates the first constructor that accepts - * the number of arguments in the assembler file, and calls it passing the arguments. - * Generally the result of this assembler is passed to a sec:Model construction. - * @see SecuredAssembler - * </p> - * <ul> - * <li>The evaluator must have one and only one public constructor - * that takes the number of arguments specified in the assembler file. - * </li> - * - * <li> - * The evaluator may have more constructors but they may not have the same - * number of arguments as specified in the assembler file. - * </li> - * - * <li> - * The arguments must be specified in the assembler file in the order that they - * should be passed to the constructor. - * </li> - * </ul> - * - * <p> - * Literal arguments are converted to their data type before calling the constructor. For example - * "13"^^xsd:int will be converted to an Integer with the value of 13. - * </p> - * The assembler file should include the following - * <code><pre> - * @prefix xsd: <http://www.w3.org/2001/XMLSchema#> - * - * <>; ja:loadClass "org.apache.jena.security.SecuredAssembler" . - * - * sec:Model rdfs:subClassOf ja:NamedModel . - * - * </pre></code> - * - * The model definition should include something like. - * - * <code><pre> - * ex:myEvaluator a sec:Evaluator ; - * sec:args [ rdf:_1 "argument 1 for my evaluator constructor" ; - * rdf:_2 "13"^^xsd:int ; ]; - * sec:evaluatorClass "evaluatorClassname"; - * . - * </pre></code> - * - * Terms used in above example: - * - * <dl> - * <dt>my:secEvaluator</dt> - * <dd>The security evaluator as referenced in the assembler file.</dd> - * - * <dt>sec:Evaluator</dt> - * <dd>Identifies my:secEvaluator as a SecurityEvaluator</dd> - * - * <dt>sec:args</dt> - * <dd>Identifies the argument list</dd> - * - * <dt>rdf:_1</dt> - * <dd>The first argument</dd> - * - * <dt>rdf:_2</dt> - * <dd>The second argument (an integer in this case</dd> - * - * <dt>sec:evaluatorClass</dt> - * <dd>The fully qualified name of the SecurityEvaluator class to call. This class must extend - * SecurityEvaluator, and must have one and only one constructor that takes the number of arguments - * specified in sec:args</dd> - * - * </p> - * - */ -public class SecurityEvaluatorAssembler extends AssemblerBase implements Assembler, AssemblerConstants { - // initialization and registration is performed by SecuredAssembler - - @Override - public SecurityEvaluator open(Assembler a, Resource root, Mode mode) { - - Literal className = getUniqueLiteral( root, EVALUATOR_CLASS ); - if (className == null) - { - throw new AssemblerException( root, String.format( NO_X_PROVIDED, EVALUATOR_CLASS, root )); - } - - Class<?> clazz; - try { - clazz = Class.forName(className.getString()); - } catch (ClassNotFoundException e1) { - throw new AssemblerException( root, String.format( "Can not locate class %s as specified by %s in %s", className, EVALUATOR_CLASS, root )); - } - if ( ! SecurityEvaluator.class.isAssignableFrom( clazz )) - { - throw new AssemblerException( root, String.format( "Class %s as specified by %s in %s does not implement SecurityEvaluator", className, EVALUATOR_CLASS, root )); - } - - // get the arguments as specified. - List<Object> args = new ArrayList<Object>(); - Resource argRes = getUniqueResource( root, ARGUMENT_LIST ); - if (argRes != null) - { - Seq seq = argRes.as( Seq.class ); - NodeIterator iter = seq.iterator(); - RDFNode n = null; - while (iter.hasNext()) - { - n = iter.next(); - if (n.isLiteral()) - { - args.add( n.asLiteral().getValue()); - } - else if (n.isResource()) - { - args.add( a.open( a, n.asResource(), mode ) ); - } - else - { - throw new AssemblerException( root, String.format( "%s must be a literal or a resource", n )); - } - } - } - - for (Constructor<?> c : clazz.getConstructors()) - { - if (c.getParameterTypes().length == args.size()) - { - try { - if (args.size() == 0) - { - return (SecurityEvaluator) c.newInstance(); - } - else - { - return (SecurityEvaluator) c.newInstance( args.toArray() ); - } - } catch (InstantiationException e) { - throw new AssemblerException( root, e.getMessage(), e ); - } catch (IllegalAccessException e) { - throw new AssemblerException( root, e.getMessage(), e ); - } catch (IllegalArgumentException e) { - throw new AssemblerException( root, e.getMessage(), e ); - } catch (InvocationTargetException e) { - throw new AssemblerException( root, e.getMessage(), e ); - } - } - - } - throw new AssemblerException( root, String.format( "Class %s does not have a %s argument constructor", className, args.size() )); - - } - -} http://git-wip-us.apache.org/repos/asf/jena/blob/c4b0113d/jena-permissions/src/main/java/org/apache/jena/security/graph/SecuredBulkUpdateHandler.java ---------------------------------------------------------------------- diff --git a/jena-permissions/src/main/java/org/apache/jena/security/graph/SecuredBulkUpdateHandler.java b/jena-permissions/src/main/java/org/apache/jena/security/graph/SecuredBulkUpdateHandler.java deleted file mode 100644 index 6263af9..0000000 --- a/jena-permissions/src/main/java/org/apache/jena/security/graph/SecuredBulkUpdateHandler.java +++ /dev/null @@ -1,148 +0,0 @@ -/* - * Licensed to the Apache Software Foundation (ASF) under one - * or more contributor license agreements. See the NOTICE file - * distributed with this work for additional information - * regarding copyright ownership. The ASF licenses this file - * to you under the Apache License, Version 2.0 (the - * "License"); you may not use this file except in compliance - * with the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ -package org.apache.jena.security.graph; - -import java.util.Iterator; -import java.util.List; - -import org.apache.jena.graph.BulkUpdateHandler ; -import org.apache.jena.graph.Graph ; -import org.apache.jena.graph.Node ; -import org.apache.jena.graph.Triple ; -import org.apache.jena.security.AccessDeniedException; -import org.apache.jena.security.impl.SecuredItem; - -/** - * The interface for secured BulkUpdateHanlder instances. - * - * Use the SecuredBulkUpdateHandler.Factory to create instances - */ -public interface SecuredBulkUpdateHandler extends BulkUpdateHandler, - SecuredItem -{ - - /** - * @sec.graph Update - * @sec.triple Create - * @throws AccessDeniedException - */ - @Override - public void add( final Graph g ) throws AccessDeniedException; - - /** - * @sec.graph Update - * @sec.triple Create - * @throws AccessDeniedException - */ - @Override - @Deprecated - public void add( final Graph g, final boolean withReifications ) - throws AccessDeniedException; - - /** - * @sec.graph Update - * @sec.triple Create - * @throws AccessDeniedException - */ - @Override - @Deprecated - public void add( final Iterator<Triple> it ) throws AccessDeniedException; - - /** - * @sec.graph Update - * @sec.triple Create - * @throws AccessDeniedException - */ - @Override - @Deprecated - public void add( final List<Triple> triples ) throws AccessDeniedException; - - /** - * @sec.graph Update - * @sec.triple Create - * @throws AccessDeniedException - */ - @Override - @Deprecated - public void add( final Triple[] triples ) throws AccessDeniedException; - - /** - * @sec.graph Update - * @sec.triple Delete - * @throws AccessDeniedException - */ - @Override - public void delete( final Graph g ) throws AccessDeniedException; - - /** - * @sec.graph Update - * @sec.triple Delete - * @throws AccessDeniedException - */ - @Override - @Deprecated - public void delete( final Graph g, final boolean withReifications ) - throws AccessDeniedException; - - /** - * @sec.graph Update - * @sec.triple Delete - * @throws AccessDeniedException - */ - @Override - @Deprecated - public void delete( final Iterator<Triple> it ) - throws AccessDeniedException; - - /** - * @sec.graph Update - * @sec.triple Delete - * @throws AccessDeniedException - */ - @Override - @Deprecated - public void delete( final List<Triple> triples ) - throws AccessDeniedException; - - /** - * @sec.graph Update - * @sec.triple Delete - * @throws AccessDeniedException - */ - @Override - @Deprecated - public void delete( final Triple[] triples ) throws AccessDeniedException; - - /** - * @sec.graph Update - * @sec.triple Delete - * @throws AccessDeniedException - */ - @Override - public void remove( final Node s, final Node p, final Node o ) - throws AccessDeniedException; - - /** - * @sec.graph Update - * @sec.triple Delete - * @throws AccessDeniedException - */ - @Override - public void removeAll() throws AccessDeniedException; - -} http://git-wip-us.apache.org/repos/asf/jena/blob/c4b0113d/jena-permissions/src/main/java/org/apache/jena/security/graph/SecuredCapabilities.java ---------------------------------------------------------------------- diff --git a/jena-permissions/src/main/java/org/apache/jena/security/graph/SecuredCapabilities.java b/jena-permissions/src/main/java/org/apache/jena/security/graph/SecuredCapabilities.java deleted file mode 100644 index 6a12fa1..0000000 --- a/jena-permissions/src/main/java/org/apache/jena/security/graph/SecuredCapabilities.java +++ /dev/null @@ -1,151 +0,0 @@ -/* - * Licensed to the Apache Software Foundation (ASF) under one - * or more contributor license agreements. See the NOTICE file - * distributed with this work for additional information - * regarding copyright ownership. The ASF licenses this file - * to you under the Apache License, Version 2.0 (the - * "License"); you may not use this file except in compliance - * with the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ -package org.apache.jena.security.graph; - -import org.apache.jena.graph.Capabilities ; -import org.apache.jena.security.SecurityEvaluator; -import org.apache.jena.security.SecurityEvaluator.Action; -import org.apache.jena.security.SecurityEvaluator.SecNode; -import org.apache.jena.security.SecurityEvaluator.SecTriple; -import org.apache.jena.security.SecurityEvaluator.SecNode.Type; - -/** - * The interface for secured Capabilities instances. - * - */ -public class SecuredCapabilities implements Capabilities -{ - // the security evaluator in use - private final SecurityEvaluator securityEvaluator; - // the graphIRI that the capabilities belong to. - private final SecNode graphIRI; - // the unsecured capabilities. - private final Capabilities capabilities; - - /** - * Constructor. - * - * @param securityEvaluator - * The security evaluator in use. - * @param graphURI - * The graphIRI that the capabilities describe. - * @param capabilities - * The unsecured capabilities. - */ - public SecuredCapabilities( final SecurityEvaluator securityEvaluator, - final String graphURI, final Capabilities capabilities ) - { - this.securityEvaluator = securityEvaluator; - this.graphIRI = new SecNode(Type.URI, graphURI); - this.capabilities = capabilities; - } - - /** - * @sec.graph Update - */ - @Override - public boolean addAllowed() - { - return securityEvaluator.evaluate(securityEvaluator.getPrincipal(), Action.Update, graphIRI) - && capabilities.addAllowed(); - } - - /** - * @sec.graph Update - * @sec.triple Create (if everyTriple is true) - */ - @Override - public boolean addAllowed( final boolean everyTriple ) - { - Object principal = securityEvaluator.getPrincipal(); - - boolean retval = securityEvaluator.evaluate(principal, Action.Update, graphIRI) - && capabilities.addAllowed(everyTriple); - if (retval && everyTriple) - { - // special security check - retval = securityEvaluator.evaluate(principal, Action.Create, graphIRI, - SecTriple.ANY); - } - return retval; - } - - @Override - public boolean canBeEmpty() - { - return capabilities.canBeEmpty(); - } - - /** - * @sec.graph Update - */ - @Override - public boolean deleteAllowed() - { - return securityEvaluator.evaluate(securityEvaluator.getPrincipal(), Action.Update, graphIRI) - && capabilities.deleteAllowed(); - } - - /** - * @sec.graph Update - * @sec.triple Delete (if everyTriple is true) - */ - @Override - public boolean deleteAllowed( final boolean everyTriple ) - { - Object principal = securityEvaluator.getPrincipal(); - - boolean retval = securityEvaluator.evaluate(principal, Action.Update, graphIRI) - && capabilities.addAllowed(everyTriple); - if (retval && everyTriple) - { - // special security check - retval = securityEvaluator.evaluate(principal, Action.Delete, graphIRI, - SecTriple.ANY); - } - return retval; - } - - @Override - public boolean findContractSafe() - { - return capabilities.findContractSafe(); - } - - @Override - public boolean handlesLiteralTyping() - { - return capabilities.handlesLiteralTyping(); - } - - /** - * @sec.graph Update - */ - @Override - public boolean iteratorRemoveAllowed() - { - return securityEvaluator.evaluate(securityEvaluator.getPrincipal(), Action.Update, graphIRI) - && capabilities.iteratorRemoveAllowed(); - } - - @Override - public boolean sizeAccurate() - { - return capabilities.sizeAccurate(); - } -} \ No newline at end of file http://git-wip-us.apache.org/repos/asf/jena/blob/c4b0113d/jena-permissions/src/main/java/org/apache/jena/security/graph/SecuredGraph.java ---------------------------------------------------------------------- diff --git a/jena-permissions/src/main/java/org/apache/jena/security/graph/SecuredGraph.java b/jena-permissions/src/main/java/org/apache/jena/security/graph/SecuredGraph.java deleted file mode 100644 index afdfdc8..0000000 --- a/jena-permissions/src/main/java/org/apache/jena/security/graph/SecuredGraph.java +++ /dev/null @@ -1,176 +0,0 @@ -/* - * Licensed to the Apache Software Foundation (ASF) under one - * or more contributor license agreements. See the NOTICE file - * distributed with this work for additional information - * regarding copyright ownership. The ASF licenses this file - * to you under the Apache License, Version 2.0 (the - * "License"); you may not use this file except in compliance - * with the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ -package org.apache.jena.security.graph; - -import org.apache.jena.graph.Graph ; -import org.apache.jena.graph.GraphStatisticsHandler ; -import org.apache.jena.graph.Node ; -import org.apache.jena.graph.Triple ; -import org.apache.jena.security.AccessDeniedException ; -import org.apache.jena.security.SecurityEvaluator ; -import org.apache.jena.security.SecurityEvaluator.SecNode ; -import org.apache.jena.shared.AddDeniedException ; -import org.apache.jena.shared.DeleteDeniedException ; -import org.apache.jena.util.iterator.ExtendedIterator ; - -/** - * The interface for secured Graph instances. - * - * Use the SecuredGraph.Factory to create instances - */ -public interface SecuredGraph extends Graph -{ - - /** - * @sec.graph Update - * @sec.triple Create - * @throws AccessDeniedException - * @throws AddDeniedException - */ - @Override - public void add( final Triple t ) throws AddDeniedException, - AccessDeniedException; - - /** - * @sec.graph Read - * @sec.triple Read - * @throws AccessDeniedException - */ - @Override - public boolean contains( final Node s, final Node p, final Node o ) - throws AccessDeniedException; - - /** - * @sec.graph Read - * @sec.triple Read - * @throws AccessDeniedException - */ - @Override - public boolean contains( final Triple t ) throws AccessDeniedException; - - /** - * @sec.graph Update - * @sec.triple Delete - * @throws AccessDeniedException - * @throws DeleteDeniedException - */ - @Override - public void delete( final Triple t ) throws DeleteDeniedException, - AccessDeniedException; - - /** - * @sec.graph Read - * @throws AccessDeniedException - */ - @Override - public boolean dependsOn( final Graph other ) throws AccessDeniedException; - - /** - * @sec.graph Read - * @sec.triple Read, otherwise filtered from iterator. - * @throws AccessDeniedException - */ - @Override - public ExtendedIterator<Triple> find( final Node s, final Node p, - final Node o ) throws AccessDeniedException; - - /** - * @sec.graph Read - * @sec.triple Read, otherwise filtered from iterator. - * @throws AccessDeniedException - * @deprecated Use {@link #find(Triple)} - */ - @Deprecated - @Override - public ExtendedIterator<Triple> find( final org.apache.jena.graph.TripleMatch triple ) - throws AccessDeniedException; - - /** - * @sec.graph Read - * @sec.triple Read, otherwise filtered from iterator. - * @throws AccessDeniedException - */ - @Override - public ExtendedIterator<Triple> find( final Triple triple ) - throws AccessDeniedException; - - @Override - public SecuredBulkUpdateHandler getBulkUpdateHandler(); - - @Override - public SecuredCapabilities getCapabilities(); - - @Override - public SecuredGraphEventManager getEventManager(); - - public SecNode getModelNode(); - - @Override - public SecuredPrefixMapping getPrefixMapping(); - - public SecurityEvaluator getSecurityEvaluator(); - - /** - * @sec.graph Read - * @throws AccessDeniedException - */ - @Override - public GraphStatisticsHandler getStatisticsHandler() - throws AccessDeniedException; - - /** - * @sec.graph Read - * @throws AccessDeniedException - */ - @Override - public boolean isEmpty() throws AccessDeniedException; - - /** - * @sec.graph Read - * @sec.triple Read - * @throws AccessDeniedException - */ - @Override - public boolean isIsomorphicWith( final Graph g ) - throws AccessDeniedException; - - - /** - * @sec.graph Read - * @throws AccessDeniedException - */ - @Override - public int size() throws AccessDeniedException; - - /** - * @sec.graph Update - * @sec.triple Delete for every triple - * @throws AccessDeniedException - */ - @Override - public void clear(); - - /** - * @sec.graph Update - * @sec.triple Delete (s, p, o ) - * @throws AccessDeniedException - */ - @Override - public void remove( Node s, Node p, Node o ); - -} http://git-wip-us.apache.org/repos/asf/jena/blob/c4b0113d/jena-permissions/src/main/java/org/apache/jena/security/graph/SecuredGraphEventManager.java ---------------------------------------------------------------------- diff --git a/jena-permissions/src/main/java/org/apache/jena/security/graph/SecuredGraphEventManager.java b/jena-permissions/src/main/java/org/apache/jena/security/graph/SecuredGraphEventManager.java deleted file mode 100644 index 9c62127..0000000 --- a/jena-permissions/src/main/java/org/apache/jena/security/graph/SecuredGraphEventManager.java +++ /dev/null @@ -1,608 +0,0 @@ -/* - * Licensed to the Apache Software Foundation (ASF) under one - * or more contributor license agreements. See the NOTICE file - * distributed with this work for additional information - * regarding copyright ownership. The ASF licenses this file - * to you under the Apache License, Version 2.0 (the - * "License"); you may not use this file except in compliance - * with the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ -package org.apache.jena.security.graph; - -import java.util.Arrays; -import java.util.Collection; -import java.util.Collections; -import java.util.HashMap; -import java.util.HashSet; -import java.util.Iterator; -import java.util.List; -import java.util.Map; -import java.util.Set; -import java.util.Stack; - -import org.apache.jena.graph.Graph ; -import org.apache.jena.graph.GraphEventManager ; -import org.apache.jena.graph.GraphListener ; -import org.apache.jena.graph.Triple ; -import org.apache.jena.graph.impl.CollectionGraph ; -import org.apache.jena.security.SecurityEvaluator; -import org.apache.jena.security.SecurityEvaluator.Action; -import org.apache.jena.security.graph.impl.SecuredGraphImpl; -import org.apache.jena.security.impl.CachedSecurityEvaluator; -import org.apache.jena.security.impl.SecuredItemImpl; -import org.apache.jena.security.utils.PermTripleFilter; -import org.apache.jena.util.iterator.ExtendedIterator ; -import org.apache.jena.util.iterator.NiceIterator ; -import org.apache.jena.util.iterator.WrappedIterator ; - -/** - * Since we sit between the graph and other items we have to determine when the - * message is first seen and send it to the underlying graph if necessary. - */ -public class SecuredGraphEventManager implements GraphEventManager { - private class SecuredGraphListener implements GraphListener { - private final GraphListener wrapped; - private final Object runAs; - - SecuredGraphListener(final GraphListener wrapped) { - if (wrapped == null) { - throw new IllegalArgumentException( - "Wrapped listener may not be null"); - } - this.wrapped = wrapped; - this.runAs = securedGraph.getSecurityEvaluator().getPrincipal(); - } - - private Triple[] getArray(final Graph g, final Triple[] triples, - final Set<Action> perms) { - Triple[] retval = triples; - if (g instanceof SecuredGraphImpl) { - final SecuredGraphImpl sg = (SecuredGraphImpl) g; - final SecurityEvaluator evaluator = new CachedSecurityEvaluator(sg.getSecurityEvaluator(), runAs); - if (evaluator.evaluateAny(runAs, perms, sg.getModelNode())) { - if (!evaluator.evaluateAny(runAs, perms, sg.getModelNode(), - SecuredItemImpl.convert(Triple.ANY))) { - final List<Triple> list = wrapPermIterator(sg, - Arrays.asList(triples).iterator(), perms) - .toList(); - retval = list.toArray(new Triple[list.size()]); - } - else { - retval = triples; - } - } - else { - retval = new Triple[0]; - } - } - return retval; - } - - @Override - public void notifyAddArray(final Graph g, final Triple[] triples) { - final Triple[] added = getArray(g, triples, - SecuredGraphEventManager.ADD); - - if (added.length > 0) { - wrapped.notifyAddArray(g, added); - } - } - - @Override - public void notifyAddGraph(final Graph g, final Graph added) { - Graph addGraph = added; - if (g instanceof SecuredGraph) { - final SecuredGraph sg = (SecuredGraph) g; - final SecurityEvaluator evaluator = new CachedSecurityEvaluator(sg.getSecurityEvaluator(), runAs); - if (evaluator.evaluateAny(runAs, SecuredGraphEventManager.ADD, - sg.getModelNode())) { - if (!evaluator.evaluateAny(runAs, - SecuredGraphEventManager.ADD, sg.getModelNode(), - SecuredItemImpl.convert(Triple.ANY))) { - final List<Triple> lst = added.find(Triple.ANY) - .toList(); - addGraph = new CollectionGraph(Arrays.asList(getArray( - g, lst.toArray(new Triple[lst.size()]), - SecuredGraphEventManager.ADD))); - } - else { - addGraph = added; - } - } - else { - addGraph = new CollectionGraph( - Collections.<Triple> emptyList()); - } - } - if (addGraph.size() > 0) { - wrapped.notifyAddGraph(g, addGraph); - - } - } - - @Override - public void notifyAddIterator(final Graph g, final Iterator<Triple> it) { - - if (g instanceof SecuredGraphImpl) { - final SecuredGraphImpl sg = (SecuredGraphImpl) g; - final SecurityEvaluator evaluator = new CachedSecurityEvaluator(sg.getSecurityEvaluator(), runAs); - // only report if we can write to the graph - if (evaluator.evaluateAny(runAs, SecuredGraphEventManager.ADD, - sg.getModelNode())) { - final ExtendedIterator<Triple> iter = wrapPermIterator(sg, - it, SecuredGraphEventManager.ADD); - try { - wrapped.notifyAddIterator(g, iter); - } finally { - iter.close(); - } - } - } - else { - wrapped.notifyAddIterator(g, it); - } - - } - - @Override - public void notifyAddList(final Graph g, final List<Triple> triples) { - List<Triple> list = triples; - if (g instanceof SecuredGraphImpl) { - final SecuredGraphImpl sg = (SecuredGraphImpl) g; - final SecurityEvaluator evaluator = new CachedSecurityEvaluator(sg.getSecurityEvaluator(), runAs); - if (evaluator.evaluateAny(runAs, SecuredGraphEventManager.ADD, - sg.getModelNode())) { - if (!evaluator.evaluateAny(runAs, - SecuredGraphEventManager.ADD, sg.getModelNode(), - SecuredItemImpl.convert(Triple.ANY))) { - list = wrapPermIterator(sg, triples.iterator(), - SecuredGraphEventManager.ADD).toList(); - } - else { - list = triples; - } - } - else { - list = Collections.emptyList(); - } - } - - if (list.size() > 0) { - - wrapped.notifyAddList(g, list); - } - } - - @Override - public void notifyAddTriple(final Graph g, final Triple t) { - boolean notify = false; - if (g instanceof SecuredGraph) { - final SecuredGraph sg = (SecuredGraph) g; - final SecurityEvaluator evaluator = new CachedSecurityEvaluator(sg.getSecurityEvaluator(), runAs); - notify = evaluator.evaluateAny(runAs, - SecuredGraphEventManager.ADD, sg.getModelNode()); - if (notify) { - notify = evaluator.evaluateAny(runAs, - SecuredGraphEventManager.ADD, sg.getModelNode(), - SecuredItemImpl.convert(t)); - } - } - else { - notify = true; - } - if (notify) { - wrapped.notifyAddTriple(g, t); - } - } - - @Override - public void notifyDeleteArray(final Graph g, final Triple[] triples) { - Triple[] deleted = triples; - if (g instanceof SecuredGraphImpl) { - final SecuredGraphImpl sg = (SecuredGraphImpl) g; - final SecurityEvaluator evaluator = new CachedSecurityEvaluator(sg.getSecurityEvaluator(), runAs); - if (evaluator.evaluateAny(runAs, - SecuredGraphEventManager.DELETE, sg.getModelNode())) { - if (!evaluator.evaluateAny(runAs, - SecuredGraphEventManager.DELETE, sg.getModelNode(), - SecuredItemImpl.convert(Triple.ANY))) { - final List<Triple> list = wrapPermIterator(sg, - Arrays.asList(triples).iterator(), - SecuredGraphEventManager.DELETE).toList(); - deleted = list.toArray(new Triple[list.size()]); - } - else { - deleted = triples; - } - } - else { - deleted = new Triple[0]; - } - } - - if (deleted.length > 0) { - wrapped.notifyDeleteArray(g, deleted); - } - } - - @Override - public void notifyDeleteGraph(final Graph g, final Graph removed) { - if (g instanceof SecuredGraphImpl) { - final SecuredGraphImpl sg = (SecuredGraphImpl) g; - final SecurityEvaluator evaluator = new CachedSecurityEvaluator(sg.getSecurityEvaluator(), runAs); - if (evaluator.evaluateAny(runAs, - SecuredGraphEventManager.DELETE, sg.getModelNode())) { - Graph g2 = removed; - if (!evaluator.evaluateAny(runAs, - SecuredGraphEventManager.DELETE, sg.getModelNode(), - SecuredItemImpl.convert(Triple.ANY))) { - g2 = new CollectionGraph( - removed.find(Triple.ANY) - .filterKeep( - new PermTripleFilter( - SecuredGraphEventManager.DELETE, - sg, evaluator)) - .toList()); - - } - wrapped.notifyDeleteGraph(g, g2); - } - else { - // do nothing. - } - } - else { - wrapped.notifyDeleteGraph(g, removed); - } - } - - @Override - public void notifyDeleteIterator(final Graph g, - final Iterator<Triple> it) { - Iterator<Triple> iter = it; - if (g instanceof SecuredGraphImpl) { - final SecuredGraphImpl sg = (SecuredGraphImpl) g; - final SecurityEvaluator evaluator = new CachedSecurityEvaluator(sg.getSecurityEvaluator(), runAs); - if (evaluator.evaluateAny(runAs, - SecuredGraphEventManager.DELETE, sg.getModelNode())) { - - if (!evaluator.evaluateAny(runAs, - SecuredGraphEventManager.DELETE, sg.getModelNode(), - SecuredItemImpl.convert(Triple.ANY))) { - iter = WrappedIterator.create(it).filterKeep( - new PermTripleFilter( - SecuredGraphEventManager.DELETE, sg, - evaluator)); - } - // else use the default list as all can bee seen - wrapped.notifyDeleteIterator(g, iter); - } - else { - // do nothing. - } - } - else { - wrapped.notifyDeleteIterator(g, iter); - } - - } - - @Override - public void notifyDeleteList(final Graph g, final List<Triple> triples) { - List<Triple> list = triples; - if (g instanceof SecuredGraphImpl) { - final SecuredGraphImpl sg = (SecuredGraphImpl) g; - final SecurityEvaluator evaluator = new CachedSecurityEvaluator(sg.getSecurityEvaluator(), runAs); - if (evaluator.evaluateAny(runAs, - SecuredGraphEventManager.DELETE, sg.getModelNode())) { - if (!evaluator.evaluateAny(runAs, - SecuredGraphEventManager.DELETE, sg.getModelNode(), - SecuredItemImpl.convert(Triple.ANY))) { - list = WrappedIterator - .create(triples.iterator()) - .filterKeep( - new PermTripleFilter( - SecuredGraphEventManager.DELETE, - sg, evaluator)).toList(); - } - // else use the default list as all can bee seen - } - else { - list = Collections.emptyList(); - } - } - - if (list.size() > 0) { - wrapped.notifyDeleteList(g, list); - } - } - - @Override - public void notifyDeleteTriple(final Graph g, final Triple t) { - boolean notify = false; - if (g instanceof SecuredGraph) { - final SecuredGraph sg = (SecuredGraph) g; - final SecurityEvaluator evaluator = new CachedSecurityEvaluator(sg.getSecurityEvaluator(), runAs); - notify = evaluator.evaluateAny(runAs, - SecuredGraphEventManager.DELETE, sg.getModelNode()); - if (notify) { - notify = evaluator.evaluateAny(runAs, - SecuredGraphEventManager.DELETE, sg.getModelNode(), - SecuredItemImpl.convert(t)); - } - } - else { - notify = true; - } - if (notify) { - wrapped.notifyDeleteTriple(g, t); - } - } - - @Override - public void notifyEvent(final Graph source, final Object value) { - wrapped.notifyEvent(source, value); - } - - private ExtendedIterator<Triple> wrapPermIterator( - final SecuredGraphImpl sg, final Iterator<Triple> it, - final Set<Action> perms) { - final SecurityEvaluator evaluator = new CachedSecurityEvaluator(sg.getSecurityEvaluator(), runAs); - if (!evaluator.evaluateAny(runAs, perms, sg.getModelNode(), - SecuredItemImpl.convert(Triple.ANY))) { - // nope so wrap the iterator with security iterator - return WrappedIterator.create(it).filterKeep( - new PermTripleFilter(perms, sg, evaluator)); - } - return WrappedIterator.create(it); - } - - } - - // the security evaluator in use - private final SecuredGraph securedGraph; - private final Graph baseGraph; - private final Map<GraphListener, Stack<SecuredGraphListener>> listenerMap = new HashMap<GraphListener, Stack<SecuredGraphListener>>(); - private static Set<Action> DELETE; - - private static Set<Action> ADD; - - static { - SecuredGraphEventManager.ADD = new HashSet<Action>( - Arrays.asList(new Action[] { - Action.Create, Action.Read - })); - SecuredGraphEventManager.DELETE = new HashSet<Action>( - Arrays.asList(new Action[] { - Action.Delete, Action.Read - })); - } - - public SecuredGraphEventManager(final SecuredGraph securedGraph, - final Graph baseGraph, final GraphEventManager manager) { - this.securedGraph = securedGraph; - this.baseGraph = baseGraph; - manager.register(this); - } - - private synchronized Collection<SecuredGraphListener> getListenerCollection() { - ExtendedIterator<SecuredGraphListener> retval = NiceIterator - .emptyIterator(); - for (final Collection<SecuredGraphListener> coll : listenerMap.values()) { - retval = retval.andThen(coll.iterator()); - } - return retval.toList(); - } - - @Override - public boolean listening() { - return !listenerMap.isEmpty(); - } - - @Override - public void notifyAddArray(final Graph g, final Triple[] triples) { - final boolean wrap = baseGraph.equals(g); - - for (final SecuredGraphListener sgl : getListenerCollection()) { - if (wrap) { - sgl.notifyAddArray(securedGraph, triples); - } - else { - sgl.notifyAddArray(g, triples); - } - } - } - - @Override - public void notifyAddGraph(final Graph g, final Graph added) { - final boolean wrap = baseGraph.equals(g); - - for (final SecuredGraphListener sgl : getListenerCollection()) { - if (wrap) { - sgl.notifyAddGraph(securedGraph, added); - } - else { - sgl.notifyAddGraph(g, added); - } - } - } - - @Override - public void notifyAddIterator(final Graph g, final Iterator<Triple> it) { - notifyAddIterator(g, WrappedIterator.create(it).toList()); - baseGraph.equals(g); - } - - @Override - public void notifyAddIterator(final Graph g, final List<Triple> triples) { - final boolean wrap = baseGraph.equals(g); - - for (final SecuredGraphListener sgl : getListenerCollection()) { - if (wrap) { - sgl.notifyAddIterator(securedGraph, triples.iterator()); - } - else { - sgl.notifyAddIterator(g, triples.iterator()); - } - } - } - - @Override - public void notifyAddList(final Graph g, final List<Triple> triples) { - final boolean wrap = baseGraph.equals(g); - - for (final SecuredGraphListener sgl : getListenerCollection()) { - if (wrap) { - sgl.notifyAddList(securedGraph, triples); - } - else { - sgl.notifyAddList(g, triples); - } - } - } - - @Override - public void notifyAddTriple(final Graph g, final Triple t) { - final boolean wrap = baseGraph.equals(g); - - for (final SecuredGraphListener sgl : getListenerCollection()) { - if (wrap) { - sgl.notifyAddTriple(securedGraph, t); - } - else { - sgl.notifyAddTriple(g, t); - } - } - } - - @Override - public void notifyDeleteArray(final Graph g, final Triple[] triples) { - final boolean wrap = baseGraph.equals(g); - - for (final SecuredGraphListener sgl : getListenerCollection()) { - if (wrap) { - sgl.notifyDeleteArray(securedGraph, triples); - } - else { - sgl.notifyDeleteArray(g, triples); - } - } - } - - @Override - public void notifyDeleteGraph(final Graph g, final Graph removed) { - final boolean wrap = baseGraph.equals(g); - - for (final SecuredGraphListener sgl : getListenerCollection()) { - if (wrap) { - sgl.notifyDeleteGraph(securedGraph, removed); - } - else { - sgl.notifyDeleteGraph(g, removed); - } - } - } - - @Override - public void notifyDeleteIterator(final Graph g, final Iterator<Triple> it) { - notifyDeleteIterator(g, WrappedIterator.create(it).toList()); - } - - @Override - public void notifyDeleteIterator(final Graph g, final List<Triple> triples) { - final boolean wrap = baseGraph.equals(g); - - for (final SecuredGraphListener sgl : getListenerCollection()) { - if (wrap) { - sgl.notifyDeleteIterator(securedGraph, triples.iterator()); - } - else { - sgl.notifyDeleteIterator(g, triples.iterator()); - } - } - } - - @Override - public void notifyDeleteList(final Graph g, final List<Triple> L) { - final boolean wrap = baseGraph.equals(g); - - for (final SecuredGraphListener sgl : getListenerCollection()) { - if (wrap) { - sgl.notifyDeleteList(securedGraph, L); - } - else { - sgl.notifyDeleteList(g, L); - } - } - } - - @Override - public void notifyDeleteTriple(final Graph g, final Triple t) { - final boolean wrap = baseGraph.equals(g); - - for (final SecuredGraphListener sgl : getListenerCollection()) { - if (wrap) { - sgl.notifyDeleteTriple(securedGraph, t); - } - else { - sgl.notifyDeleteTriple(g, t); - } - } - } - - @Override - public void notifyEvent(final Graph source, final Object value) { - if ((source instanceof SecuredGraph) && securedGraph.equals(source)) { - baseGraph.getEventManager().notifyEvent(baseGraph, value); - } - else { - - final boolean wrap = baseGraph.equals(source); - - for (final SecuredGraphListener sgl : getListenerCollection()) { - if (wrap) { - sgl.notifyEvent(securedGraph, value); - } - else { - sgl.notifyEvent(source, value); - } - } - } - } - - @Override - public synchronized GraphEventManager register(final GraphListener listener) { - Stack<SecuredGraphListener> sgl = listenerMap.get(listener); - if (sgl == null) { - sgl = new Stack<SecuredGraphListener>(); - } - sgl.push(new SecuredGraphListener(listener)); - listenerMap.put(listener, sgl); - return this; - } - - @Override - public synchronized GraphEventManager unregister( - final GraphListener listener) { - final Stack<SecuredGraphListener> sgl = listenerMap.get(listener); - if (sgl != null) { - if (sgl.size() == 1) { - listenerMap.remove(listener); - } - else { - sgl.pop(); - listenerMap.put(listener, sgl); - } - } - return this; - } - -} http://git-wip-us.apache.org/repos/asf/jena/blob/c4b0113d/jena-permissions/src/main/java/org/apache/jena/security/graph/SecuredPrefixMapping.java ---------------------------------------------------------------------- diff --git a/jena-permissions/src/main/java/org/apache/jena/security/graph/SecuredPrefixMapping.java b/jena-permissions/src/main/java/org/apache/jena/security/graph/SecuredPrefixMapping.java deleted file mode 100644 index 61c2544..0000000 --- a/jena-permissions/src/main/java/org/apache/jena/security/graph/SecuredPrefixMapping.java +++ /dev/null @@ -1,133 +0,0 @@ -/* - * Licensed to the Apache Software Foundation (ASF) under one - * or more contributor license agreements. See the NOTICE file - * distributed with this work for additional information - * regarding copyright ownership. The ASF licenses this file - * to you under the Apache License, Version 2.0 (the - * "License"); you may not use this file except in compliance - * with the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ -package org.apache.jena.security.graph; - -import java.util.Map; - -import org.apache.jena.security.AccessDeniedException; -import org.apache.jena.security.impl.SecuredItem; -import org.apache.jena.shared.PrefixMapping ; - -/** - * The interface for secured PrefixMapping instances. - * - * Use the SecuredPrefixMapping.Factory to create instances - */ -public interface SecuredPrefixMapping extends PrefixMapping, SecuredItem -{ - /** - * @sec.graph Read - * @throws AccessDeniedException - */ - @Override - public String expandPrefix( final String prefixed ) - throws AccessDeniedException; - - /** - * @sec.graph Read - * @throws AccessDeniedException - */ - @Override - public Map<String, String> getNsPrefixMap() throws AccessDeniedException; - - /** - * @sec.graph Read - * @throws AccessDeniedException - */ - @Override - public String getNsPrefixURI( final String prefix ) - throws AccessDeniedException; - - /** - * @sec.graph Read - * @throws AccessDeniedException - */ - @Override - public String getNsURIPrefix( final String uri ) - throws AccessDeniedException; - - /** - * @sec.graph Update - * @throws AccessDeniedException - */ - @Override - public SecuredPrefixMapping lock() throws AccessDeniedException; - - /** - * @sec.graph Read - * @throws AccessDeniedException - */ - @Override - public String qnameFor( final String uri ) throws AccessDeniedException; - - /** - * @sec.graph Update - * @throws AccessDeniedException - */ - @Override - public SecuredPrefixMapping removeNsPrefix( final String prefix ) - throws AccessDeniedException; - - /** - * @sec.graph Read - * @throws AccessDeniedException - */ - @Override - public boolean samePrefixMappingAs( final PrefixMapping other ) - throws AccessDeniedException; - - /** - * @sec.graph Update - * @throws AccessDeniedException - */ - @Override - public SecuredPrefixMapping setNsPrefix( final String prefix, - final String uri ) throws AccessDeniedException; - - /** - * @sec.graph Update - * @throws AccessDeniedException - */ - @Override - public SecuredPrefixMapping setNsPrefixes( final Map<String, String> map ) - throws AccessDeniedException; - - /** - * @sec.graph Update - * @throws AccessDeniedException - */ - @Override - public SecuredPrefixMapping setNsPrefixes( final PrefixMapping other ) - throws AccessDeniedException; - - /** - * @sec.graph Read - * @throws AccessDeniedException - */ - @Override - public String shortForm( final String uri ) throws AccessDeniedException; - - /** - * @sec.graph Update - * @throws AccessDeniedException - */ - @Override - public SecuredPrefixMapping withDefaultMappings( final PrefixMapping map ) - throws AccessDeniedException; - -} http://git-wip-us.apache.org/repos/asf/jena/blob/c4b0113d/jena-permissions/src/main/java/org/apache/jena/security/graph/impl/Factory.java ---------------------------------------------------------------------- diff --git a/jena-permissions/src/main/java/org/apache/jena/security/graph/impl/Factory.java b/jena-permissions/src/main/java/org/apache/jena/security/graph/impl/Factory.java deleted file mode 100644 index d66d46e..0000000 --- a/jena-permissions/src/main/java/org/apache/jena/security/graph/impl/Factory.java +++ /dev/null @@ -1,129 +0,0 @@ -/* - * Licensed to the Apache Software Foundation (ASF) under one - * or more contributor license agreements. See the NOTICE file - * distributed with this work for additional information - * regarding copyright ownership. The ASF licenses this file - * to you under the Apache License, Version 2.0 (the - * "License"); you may not use this file except in compliance - * with the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ -package org.apache.jena.security.graph.impl; - -import org.apache.jena.graph.BulkUpdateHandler ; -import org.apache.jena.graph.Graph ; -import org.apache.jena.security.SecurityEvaluator; -import org.apache.jena.security.graph.SecuredBulkUpdateHandler; -import org.apache.jena.security.graph.SecuredGraph; -import org.apache.jena.security.graph.SecuredPrefixMapping; -import org.apache.jena.security.impl.ItemHolder; -import org.apache.jena.security.impl.SecuredItemInvoker; -import org.apache.jena.shared.PrefixMapping ; - -public class Factory -{ - - /** - * Create an instance of the SecuredBulkUpdateHandler - * - * @param graph - * The SecuredGraph that created the handler - * @param handler - * The unsecured handler from the base graph. - * @return SecuredBulkUpdateHandler. - */ - static SecuredBulkUpdateHandler getInstance( final SecuredGraphImpl graph, - final Graph baseGraph, final BulkUpdateHandler handler ) - { - final ItemHolder<BulkUpdateHandler, SecuredBulkUpdateHandler> holder = new ItemHolder<BulkUpdateHandler, SecuredBulkUpdateHandler>( - handler); - - final SecuredBulkUpdateHandlerImpl checker = new SecuredBulkUpdateHandlerImpl( - graph, baseGraph, holder); - - // if we are going to create a duplicate proxy, just return this - // one. - if (handler instanceof SecuredBulkUpdateHandler) - { - if (checker.isEquivalent((SecuredBulkUpdateHandler) handler)) - { - return (SecuredBulkUpdateHandler) handler; - } - } - - return holder.setSecuredItem(new SecuredItemInvoker(handler.getClass(), - checker)); - } - - /** - * Create an instance of SecuredPrefixMapping - * - * @param graph - * The SecuredGraph that contains the prefixmapping. - * @param prefixMapping - * The prefixmapping returned from the base graph. - * @return The SecuredPrefixMapping. - */ - static SecuredPrefixMapping getInstance( final SecuredGraphImpl graph, - final PrefixMapping prefixMapping ) - { - - final ItemHolder<PrefixMapping, SecuredPrefixMapping> holder = new ItemHolder<PrefixMapping, SecuredPrefixMapping>( - prefixMapping); - final SecuredPrefixMappingImpl checker = new SecuredPrefixMappingImpl( - graph, holder); - // if we are going to create a duplicate proxy just return this one. - if (prefixMapping instanceof SecuredPrefixMapping) - { - if (checker.isEquivalent((SecuredPrefixMapping) prefixMapping)) - { - return (SecuredPrefixMapping) prefixMapping; - } - } - - return holder.setSecuredItem(new SecuredItemInvoker(prefixMapping - .getClass(), checker)); - } - - /** - * Create an instance of the SecuredGraph - * - * @param securityEvaluator - * The security evaluator to use - * @param graphIRI - * The IRI for the graph. - * @param graph - * The graph that we are wrapping. - * @return the secured graph - */ - public static SecuredGraph getInstance( - final SecurityEvaluator securityEvaluator, final String graphIRI, - final Graph graph ) - { - - final ItemHolder<Graph, SecuredGraphImpl> holder = new ItemHolder<Graph, SecuredGraphImpl>( - graph); - final SecuredGraphImpl checker = new SecuredGraphImpl( - securityEvaluator, graphIRI, holder) { - }; - - // If we going to create a duplicate proxy return this one. - if (graph instanceof SecuredGraphImpl) - { - if (checker.isEquivalent((SecuredGraphImpl) graph)) - { - return (SecuredGraph) graph; - } - } - return holder.setSecuredItem(new SecuredItemInvoker(graph.getClass(), - checker)); - } - -} http://git-wip-us.apache.org/repos/asf/jena/blob/c4b0113d/jena-permissions/src/main/java/org/apache/jena/security/graph/impl/SecuredBulkUpdateHandlerImpl.java ---------------------------------------------------------------------- diff --git a/jena-permissions/src/main/java/org/apache/jena/security/graph/impl/SecuredBulkUpdateHandlerImpl.java b/jena-permissions/src/main/java/org/apache/jena/security/graph/impl/SecuredBulkUpdateHandlerImpl.java deleted file mode 100644 index 9d0d990..0000000 --- a/jena-permissions/src/main/java/org/apache/jena/security/graph/impl/SecuredBulkUpdateHandlerImpl.java +++ /dev/null @@ -1,242 +0,0 @@ -/* - * Licensed to the Apache Software Foundation (ASF) under one - * or more contributor license agreements. See the NOTICE file - * distributed with this work for additional information - * regarding copyright ownership. The ASF licenses this file - * to you under the Apache License, Version 2.0 (the - * "License"); you may not use this file except in compliance - * with the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ -package org.apache.jena.security.graph.impl; - -import java.util.Arrays; -import java.util.Iterator; -import java.util.List; - -import org.apache.jena.graph.BulkUpdateHandler ; -import org.apache.jena.graph.Graph ; -import org.apache.jena.graph.Node ; -import org.apache.jena.graph.Triple ; -import org.apache.jena.security.graph.SecuredBulkUpdateHandler; -import org.apache.jena.security.graph.SecuredGraph; -import org.apache.jena.security.impl.ItemHolder; -import org.apache.jena.security.impl.SecuredItemImpl; -import org.apache.jena.util.iterator.ExtendedIterator ; -import org.apache.jena.util.iterator.WrappedIterator ; - -/** - * Implementation of SecuredBulkUpdateHandler to be used by a SecuredItemInvoker - * proxy. - */ -@SuppressWarnings("deprecation") -public class SecuredBulkUpdateHandlerImpl extends SecuredItemImpl implements - SecuredBulkUpdateHandler -{ - // the base graph for he secured graph. - private final Graph baseGraph; - // the graph this handler is for. - private final SecuredGraph graph; - // the item holder holding this SecuredBulkUpdateHandler. - private final ItemHolder<BulkUpdateHandler, SecuredBulkUpdateHandler> holder; - - /** - * Constructor. - * - * @param graph - * The graph handler is for. - * @param holder - * The item holder that will hold this SecuredBulkUpdateHandler. - */ - SecuredBulkUpdateHandlerImpl( final SecuredGraphImpl graph, - final Graph baseGraph, - final ItemHolder<BulkUpdateHandler, SecuredBulkUpdateHandler> holder ) - { - super(graph, holder); - this.holder = holder; - this.graph = graph; - this.baseGraph = baseGraph; - } - - @Override - public void add( final Graph g ) - { - checkUpdate(); - final Graph g2 = g; - if (!canCreate(Triple.ANY)) - { - checkCreateTriples(g.find(Triple.ANY)); - } - holder.getBaseItem().add(g2); - } - - @Override - @Deprecated - public void add( final Graph g, final boolean withReifications ) - { - checkUpdate(); - - if (!canCreate(Triple.ANY)) - { - checkCreateTriples(g.find(Triple.ANY)); - } - holder.getBaseItem().add(g, withReifications); - } - - @Override - @Deprecated - public void add( final Iterator<Triple> it ) - { - checkUpdate(); - if (canCreate(Triple.ANY)) - { - holder.getBaseItem().add(it); - } - else - { - final List<Triple> lst = WrappedIterator.create(it).toList(); - for (final Triple t : lst) - { - checkCreate(t); - } - holder.getBaseItem().add(lst.iterator()); - } - } - - @Override - @Deprecated - public void add( final List<Triple> triples ) - { - checkUpdate(); - if (!canCreate(Triple.ANY)) - { - checkCreateTriples(WrappedIterator.create(triples.iterator())); - } - holder.getBaseItem().add(triples); - } - - @Override - @Deprecated - public void add( final Triple[] triples ) - { - checkUpdate(); - if (!canCreate(Triple.ANY)) - { - checkCreateTriples(WrappedIterator.create(Arrays.asList(triples) - .iterator())); - } - holder.getBaseItem().add(triples); - } - - private void checkExtendedTripleDelete( final Triple t ) - { - final ExtendedIterator<Triple> iter = baseGraph.find(t); - try - { - while (iter.hasNext()) - { - checkDelete(iter.next()); - } - } - finally - { - iter.close(); - } - } - - @Override - public void delete( final Graph g ) - { - checkUpdate(); - if (!canDelete(Triple.ANY)) - { - checkDeleteTriples(g.find(Triple.ANY)); - } - holder.getBaseItem().delete(g); - - } - - @Override - @Deprecated - public void delete( final Graph g, final boolean withReifications ) - { - checkUpdate(); - if (!canDelete(Triple.ANY)) - { - checkDeleteTriples(g.find(Triple.ANY)); - } - holder.getBaseItem().delete(g, withReifications); - - } - - @Override - @Deprecated - public void delete( final Iterator<Triple> it ) - { - checkUpdate(); - final List<Triple> lst = WrappedIterator.create(it).toList(); - if (!canDelete(Triple.ANY)) - { - checkDeleteTriples(WrappedIterator.create(lst.iterator())); - } - holder.getBaseItem().delete(lst.iterator()); - } - - @Override - @Deprecated - public void delete( final List<Triple> triples ) - { - checkUpdate(); - if (!canDelete(Triple.ANY)) - { - checkDeleteTriples(WrappedIterator.create(triples.iterator())); - } - holder.getBaseItem().delete(triples); - } - - @Override - @Deprecated - public void delete( final Triple[] triples ) - { - checkUpdate(); - if (!canDelete(Triple.ANY)) - { - checkDeleteTriples(WrappedIterator.create(Arrays.asList(triples) - .iterator())); - } - holder.getBaseItem().delete(triples); - } - - @Override - public void remove( final Node s, final Node p, final Node o ) - { - checkUpdate(); - if (!canDelete(Triple.ANY)) - { - // the remove can be a pattern so expand it. - checkExtendedTripleDelete(new Triple(s, p, o)); - } - holder.getBaseItem().remove(s, p, o); - } - - @Override - public void removeAll() - { - checkUpdate(); - - if (!canDelete(Triple.ANY)) - { - checkDeleteTriples(graph.find(Triple.ANY)); - } - - holder.getBaseItem().removeAll(); - } - -}
