http://git-wip-us.apache.org/repos/asf/jena/blob/c4b0113d/jena-permissions/src/main/java/org/apache/jena/security/model/impl/SecuredStatementImpl.java ---------------------------------------------------------------------- diff --git a/jena-permissions/src/main/java/org/apache/jena/security/model/impl/SecuredStatementImpl.java b/jena-permissions/src/main/java/org/apache/jena/security/model/impl/SecuredStatementImpl.java deleted file mode 100644 index 9981b00..0000000 --- a/jena-permissions/src/main/java/org/apache/jena/security/model/impl/SecuredStatementImpl.java +++ /dev/null @@ -1,560 +0,0 @@ -/* - * Licensed to the Apache Software Foundation (ASF) under one - * or more contributor license agreements. See the NOTICE file - * distributed with this work for additional information - * regarding copyright ownership. The ASF licenses this file - * to you under the Apache License, Version 2.0 (the - * "License"); you may not use this file except in compliance - * with the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ -package org.apache.jena.security.model.impl; - -import org.apache.jena.graph.NodeFactory ; -import org.apache.jena.graph.Triple ; -import org.apache.jena.rdf.model.* ; -import org.apache.jena.security.impl.ItemHolder ; -import org.apache.jena.security.impl.SecuredItemImpl ; -import org.apache.jena.security.impl.SecuredItemInvoker ; -import org.apache.jena.security.model.* ; -import org.apache.jena.shared.PropertyNotFoundException ; - -/** - * Implementation of SecuredStatement to be used by a SecuredItemInvoker proxy. - */ -public class SecuredStatementImpl extends SecuredItemImpl implements - SecuredStatement -{ - /** - * get a SecuredStatement - * - * @param securedModel - * The secured model that provides the security context - * @param stmt - * The statement to secure. - * @return the SecuredStatement - */ - public static SecuredStatement getInstance( - final SecuredModel securedModel, final Statement stmt ) - { - if (securedModel == null) - { - throw new IllegalArgumentException( - "Secured securedModel may not be null"); - } - if (stmt == null) - { - throw new IllegalArgumentException("Statement may not be null"); - } - - final ItemHolder<Statement, SecuredStatement> holder = new ItemHolder<Statement, SecuredStatement>( - stmt); - - final SecuredStatementImpl checker = new SecuredStatementImpl( - securedModel, holder); - // if we are going to create a duplicate proxy, just return this - // one. - if (stmt instanceof SecuredStatement) - { - if (checker.isEquivalent((SecuredStatement) stmt)) - { - return (SecuredStatement) stmt; - } - } - return holder.setSecuredItem(new SecuredItemInvoker(holder - .getBaseItem().getClass(), checker)); - } - - // the item holder that contains this SecuredStatement. - private final ItemHolder<Statement, SecuredStatement> holder; - - private final SecuredModel securedModel; - - /** - * Constructor. - * - * @param securityEvaluator - * The security evaluator to use. - * @param graphIRI - * the graph IRI to verify against. - * @param holder - * The item holder that will contain this SecuredStatement. - */ - private SecuredStatementImpl( final SecuredModel securedModel, - final ItemHolder<Statement, SecuredStatement> holder ) - { - super(securedModel, holder); - this.holder = holder; - this.securedModel = securedModel; - } - - @Override - public Triple asTriple() - { - checkRead(); - final Triple retval = holder.getBaseItem().asTriple(); - checkRead(retval); - return retval; - } - - @Override - public boolean canCreate() - { - return super.canCreate() ? canCreate(holder.getBaseItem()) : false; - } - - @Override - public boolean canDelete() - { - return super.canDelete() ? canDelete(holder.getBaseItem()) : false; - } - - @Override - public boolean canRead() - { - return super.canRead() ? canRead(holder.getBaseItem()) : false; - } - - @Override - public SecuredStatement changeLiteralObject( final boolean o ) - { - checkUpdate(); - final Triple base = holder.getBaseItem().asTriple(); - final Triple newBase = getNewTriple(base, o); - checkUpdate(base, newBase); - return SecuredStatementImpl.getInstance(getModel(), holder - .getBaseItem().changeLiteralObject(o)); - } - - @Override - public SecuredStatement changeLiteralObject( final char o ) - { - checkUpdate(); - final Triple base = holder.getBaseItem().asTriple(); - final Triple newBase = getNewTriple(base, o); - checkUpdate(base, newBase); - return SecuredStatementImpl.getInstance(getModel(), holder - .getBaseItem().changeLiteralObject(o)); - } - - @Override - public SecuredStatement changeLiteralObject( final double o ) - { - checkUpdate(); - final Triple base = holder.getBaseItem().asTriple(); - final Triple newBase = getNewTriple(base, o); - checkUpdate(base, newBase); - return SecuredStatementImpl.getInstance(getModel(), holder - .getBaseItem().changeLiteralObject(o)); - } - - @Override - public SecuredStatement changeLiteralObject( final float o ) - { - checkUpdate(); - final Triple base = holder.getBaseItem().asTriple(); - final Triple newBase = getNewTriple(base, o); - checkUpdate(base, newBase); - return SecuredStatementImpl.getInstance(getModel(), holder - .getBaseItem().changeLiteralObject(o)); - } - - @Override - public SecuredStatement changeLiteralObject( final int o ) - { - checkUpdate(); - final Triple base = holder.getBaseItem().asTriple(); - final Triple newBase = getNewTriple(base, o); - checkUpdate(base, newBase); - return SecuredStatementImpl.getInstance(getModel(), holder - .getBaseItem().changeLiteralObject(o)); - } - - @Override - public SecuredStatement changeLiteralObject( final long o ) - { - checkUpdate(); - final Triple base = holder.getBaseItem().asTriple(); - final Triple newBase = getNewTriple(base, o); - checkUpdate(base, newBase); - return SecuredStatementImpl.getInstance(getModel(), holder - .getBaseItem().changeLiteralObject(o)); - } - - @Override - public SecuredStatement changeObject( final RDFNode o ) - { - checkUpdate(); - final Triple base = holder.getBaseItem().asTriple(); - final Triple newBase = new Triple(base.getSubject(), - base.getPredicate(), o.asNode()); - checkUpdate(base, newBase); - return SecuredStatementImpl.getInstance(getModel(), holder - .getBaseItem().changeObject(o)); - } - - @Override - public SecuredStatement changeObject( final String o ) - { - checkUpdate(); - final Triple base = holder.getBaseItem().asTriple(); - final Triple newBase = getNewTriple(base, o); - checkUpdate(base, newBase); - return SecuredStatementImpl.getInstance(getModel(), holder - .getBaseItem().changeObject(o)); - } - - @Override - public SecuredStatement changeObject( final String o, - final boolean wellFormed ) - { - checkUpdate(); - final Triple base = holder.getBaseItem().asTriple(); - final Triple newBase = new Triple(base.getSubject(), - base.getPredicate(), NodeFactory.createLiteral(o, "", wellFormed)); - checkUpdate(base, newBase); - return SecuredStatementImpl.getInstance(getModel(), holder - .getBaseItem().changeObject(o)); - } - - @Override - public SecuredStatement changeObject( final String o, final String l ) - { - checkUpdate(); - final Triple base = holder.getBaseItem().asTriple(); - final Triple newBase = new Triple(base.getSubject(), - base.getPredicate(), NodeFactory.createLiteral(o, l, false)); - checkUpdate(base, newBase); - return SecuredStatementImpl.getInstance(getModel(), holder - .getBaseItem().changeObject(o, l)); - } - - @Override - public SecuredStatement changeObject( final String o, final String l, - final boolean wellFormed ) - { - checkUpdate(); - final Triple base = holder.getBaseItem().asTriple(); - final Triple newBase = new Triple(base.getSubject(), - base.getPredicate(), NodeFactory.createLiteral(o, l, wellFormed)); - checkUpdate(base, newBase); - return SecuredStatementImpl.getInstance(getModel(), holder - .getBaseItem().changeObject(o, l, wellFormed)); - } - - @Override - public SecuredReifiedStatement createReifiedStatement() - { - checkUpdate(); - checkCreateReified(null, - SecuredItemImpl.convert(holder.getBaseItem().asTriple())); - return SecuredReifiedStatementImpl.getInstance(getModel(), holder - .getBaseItem().createReifiedStatement()); - } - - @Override - public SecuredReifiedStatement createReifiedStatement( final String uri ) - { - checkUpdate(); - checkCreateReified(uri, - SecuredItemImpl.convert(holder.getBaseItem().asTriple())); - return SecuredReifiedStatementImpl.getInstance(getModel(), holder - .getBaseItem().createReifiedStatement(uri)); - } - - @Override - public SecuredAlt getAlt() - { - return SecuredAltImpl.getInstance(getModel(), holder.getBaseItem() - .getAlt()); - } - - @Override - public SecuredBag getBag() - { - return SecuredBagImpl.getInstance(getModel(), holder.getBaseItem() - .getBag()); - } - - @Override - public boolean getBoolean() - { - checkRead(); - checkRead(holder.getBaseItem().asTriple()); - return holder.getBaseItem().getBoolean(); - } - - @Override - public byte getByte() - { - checkRead(); - checkRead(holder.getBaseItem().asTriple()); - return holder.getBaseItem().getByte(); - } - - @Override - public char getChar() - { - checkRead(); - checkRead(holder.getBaseItem().asTriple()); - return holder.getBaseItem().getChar(); - - } - - @Override - public double getDouble() - { - checkRead(); - checkRead(holder.getBaseItem().asTriple()); - return holder.getBaseItem().getDouble(); - } - - @Override - public float getFloat() - { - checkRead(); - checkRead(holder.getBaseItem().asTriple()); - return holder.getBaseItem().getFloat(); - } - - @Override - public int getInt() - { - checkRead(); - checkRead(holder.getBaseItem().asTriple()); - return holder.getBaseItem().getInt(); - } - - @Override - public String getLanguage() - { - checkRead(); - checkRead(holder.getBaseItem().asTriple()); - return holder.getBaseItem().getLiteral().getLanguage(); - } - - @Override - public SecuredLiteral getLiteral() - { - return SecuredLiteralImpl.getInstance(getModel(), holder.getBaseItem() - .getLiteral()); - } - - @Override - public long getLong() - { - checkRead(); - checkRead(holder.getBaseItem().asTriple()); - return holder.getBaseItem().getLong(); - } - - @Override - public SecuredModel getModel() - { - return securedModel; - } - - private Triple getNewTriple( final Triple t, final Object o ) - { - return new Triple(t.getSubject(), t.getPredicate(), - NodeFactory.createLiteral(String.valueOf(o), "", false)); - } - - @Override - public SecuredRDFNode getObject() - { - checkRead(); - checkRead(holder.getBaseItem().asTriple()); - final RDFNode rdfNode = holder.getBaseItem().getObject(); - return SecuredRDFNodeImpl.getInstance(getModel(), rdfNode); - - } - - @Override - public SecuredProperty getPredicate() - { - return SecuredPropertyImpl.getInstance(getModel(), holder.getBaseItem() - .getPredicate()); - } - - @Override - public SecuredStatement getProperty( final Property p ) - { - final StmtIterator s = holder - .getBaseItem() - .getModel() - .listStatements(holder.getBaseItem().getObject().asResource(), - p, (RDFNode) null); - final SecuredStatementIterator iter = new SecuredStatementIterator( - getModel(), s); - try - { - if (iter.hasNext()) - { - return SecuredStatementImpl - .getInstance(getModel(), iter.next()); - } - else - { - throw new PropertyNotFoundException(p); - } - } - finally - { - iter.close(); - } - } - - @Override - public SecuredResource getResource() - { - return SecuredResourceImpl.getInstance(getModel(), holder.getBaseItem() - .getResource()); - } - - @Override - @Deprecated - public SecuredResource getResource( final ResourceF f ) - { - return SecuredResourceImpl.getInstance(getModel(), holder.getBaseItem() - .getResource(f)); - } - - @Override - public SecuredSeq getSeq() - { - return SecuredSeqImpl.getInstance(getModel(), holder.getBaseItem() - .getSeq()); - } - - @Override - public short getShort() - { - checkRead(); - checkRead(holder.getBaseItem().asTriple()); - return holder.getBaseItem().getShort(); - } - - @Override - public SecuredStatement getStatementProperty( final Property p ) - { - final RSIterator rsIter = holder.getBaseItem().listReifiedStatements(); - try - { - while (rsIter.hasNext()) - { - final ReifiedStatement s = rsIter.next(); - if (s.hasProperty(p)) - { - return SecuredStatementImpl.getInstance(getModel(), - s.getProperty(p)); - } - } - throw new PropertyNotFoundException(p); - } - finally - { - rsIter.close(); - } - } - - @Override - public String toString() - { - if (canRead() && canRead(holder.getBaseItem().asTriple())) - { - return holder.getBaseItem().toString(); - } - else - { - return super.toString(); - } - } - - @Override - public String getString() - { return getLiteral().getLexicalForm(); } - - @Override - public SecuredResource getSubject() - { - return SecuredResourceImpl.getInstance(getModel(), holder.getBaseItem() - .getSubject()); - } - - @Override - public boolean hasWellFormedXML() - { - checkRead(); - checkRead(holder.getBaseItem().asTriple()); - return holder.getBaseItem().getLiteral().isWellFormedXML(); - } - - @Override - public boolean isReified() - { - checkRead(); - checkRead(holder.getBaseItem().asTriple()); - return holder.getBaseItem().isReified(); - } - - @Override - public RSIterator listReifiedStatements() - { - checkRead(); - checkRead(holder.getBaseItem().asTriple()); - return new SecuredRSIterator(getModel(), holder.getBaseItem() - .listReifiedStatements()); - } - - @Override - public SecuredStatement remove() - { - checkUpdate(); - checkDelete(holder.getBaseItem()); - holder.getBaseItem().remove(); - return holder.getSecuredItem(); - } - - @Override - public void removeReification() - { - checkUpdate(); - if (!canDelete(Triple.ANY)) - { - StmtIterator iter = null; - final RSIterator rsIter = holder.getBaseItem() - .listReifiedStatements(); - try - { - while (rsIter.hasNext()) - { - final ReifiedStatement stmt = rsIter.next(); - iter = stmt.listProperties(); - while (iter.hasNext()) - { - final Statement s = iter.next(); - checkDelete(s); - } - } - } - finally - { - rsIter.close(); - if (iter != null) - { - iter.close(); - } - } - } - holder.getBaseItem().removeReification(); - } - -}
http://git-wip-us.apache.org/repos/asf/jena/blob/c4b0113d/jena-permissions/src/main/java/org/apache/jena/security/model/impl/SecuredStatementIterator.java ---------------------------------------------------------------------- diff --git a/jena-permissions/src/main/java/org/apache/jena/security/model/impl/SecuredStatementIterator.java b/jena-permissions/src/main/java/org/apache/jena/security/model/impl/SecuredStatementIterator.java deleted file mode 100644 index 6066da7..0000000 --- a/jena-permissions/src/main/java/org/apache/jena/security/model/impl/SecuredStatementIterator.java +++ /dev/null @@ -1,148 +0,0 @@ -/* - * Licensed to the Apache Software Foundation (ASF) under one - * or more contributor license agreements. See the NOTICE file - * distributed with this work for additional information - * regarding copyright ownership. The ASF licenses this file - * to you under the Apache License, Version 2.0 (the - * "License"); you may not use this file except in compliance - * with the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ -package org.apache.jena.security.model.impl; - -import java.util.Iterator; -import java.util.List; -import java.util.NoSuchElementException; -import java.util.Set; - -import org.apache.jena.rdf.model.Statement ; -import org.apache.jena.rdf.model.StmtIterator ; -import org.apache.jena.security.SecurityEvaluator.Action; -import org.apache.jena.security.model.SecuredModel; -import org.apache.jena.security.model.SecuredStatement; -import org.apache.jena.security.utils.PermStatementFilter; -import org.apache.jena.util.iterator.ExtendedIterator ; -import org.apache.jena.util.iterator.Filter ; -import org.apache.jena.util.iterator.Map1 ; - -/** - * A secured StatementIterator implementation - */ -public class SecuredStatementIterator implements StmtIterator -{ - - private class PermStatementMap implements Map1<Statement, Statement> - { - private final SecuredModel securedModel; - - public PermStatementMap( final SecuredModel securedModel ) - { - this.securedModel = securedModel; - } - - @Override - public SecuredStatement map1( final Statement o ) - { - return SecuredStatementImpl.getInstance(securedModel, o); - } - } - - private final ExtendedIterator<Statement> iter; - - /** - * Constructor. - * - * @param securedModel - * The item providing the security context. - * @param wrapped - * The iterator to wrap. - */ - public SecuredStatementIterator( final SecuredModel securedModel, - final ExtendedIterator<Statement> wrapped ) - { - final PermStatementFilter filter = new PermStatementFilter( - new Action[] { Action.Read }, securedModel); - final PermStatementMap map1 = new PermStatementMap(securedModel); - iter = wrapped.filterKeep(filter).mapWith(map1); - } - - @Override - public <X extends Statement> ExtendedIterator<Statement> andThen( - final Iterator<X> other ) - { - return iter.andThen(other); - } - - @Override - public void close() - { - iter.close(); - } - - @Override - public ExtendedIterator<Statement> filterDrop( final Filter<Statement> f ) - { - return iter.filterDrop(f); - } - - @Override - public ExtendedIterator<Statement> filterKeep( final Filter<Statement> f ) - { - return iter.filterKeep(f); - } - - @Override - public boolean hasNext() - { - return iter.hasNext(); - } - - @Override - public <U> ExtendedIterator<U> mapWith( final Map1<Statement, U> map1 ) - { - return iter.mapWith(map1); - } - - @Override - public Statement next() - { - return iter.next(); - } - - @Override - public Statement nextStatement() throws NoSuchElementException - { - return next(); - } - - @Override - public void remove() - { - iter.remove(); - } - - @Override - public Statement removeNext() - { - return iter.removeNext(); - } - - @Override - public List<Statement> toList() - { - return iter.toList(); - } - - @Override - public Set<Statement> toSet() - { - return iter.toSet(); - } -} http://git-wip-us.apache.org/repos/asf/jena/blob/c4b0113d/jena-permissions/src/main/java/org/apache/jena/security/package-info.java ---------------------------------------------------------------------- diff --git a/jena-permissions/src/main/java/org/apache/jena/security/package-info.java b/jena-permissions/src/main/java/org/apache/jena/security/package-info.java deleted file mode 100644 index 359dc3b..0000000 --- a/jena-permissions/src/main/java/org/apache/jena/security/package-info.java +++ /dev/null @@ -1,48 +0,0 @@ -/* - * Licensed to the Apache Software Foundation (ASF) under one - * or more contributor license agreements. See the NOTICE file - * distributed with this work for additional information - * regarding copyright ownership. The ASF licenses this file - * to you under the Apache License, Version 2.0 (the - * "License"); you may not use this file except in compliance - * with the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ -/** - * JenaSecurity is a SecurityEvaluator interface and a set of dynamic proxies that apply that - * interface to Jena Graphs, Models, and associated methods and classes. - * <p> - * The SecurityEvaluator class must be implemented. This class provides the interface to the - * authentication results (e.g. <code>getPrincipal()</code>) and the authorization system. - * </p><p> - * <ul> - * <li> - * Create a SecuredGraph by calling <code>Factory.getInstance( SecurityEvaluator, String, Graph );</code> - * </li><li> - * Create a SecuredModel by calling <code>Factory.getInstance( SecurityEvaluator, String, Model )</code> - * </li><li> - * It is not recommended that you create a model by calling the Jena <code>ModelFactory.createModelForGraph( SecuredGraph )</code> - * See Overview for discussion. - * </li> - * </ul> - * </p><p> - * <em>NOTES:</em> - * <ul> - * <li>See SecurityEvaluator documentation for description of cascading security checks</li> - * <li>Secured methods are annotated with: - * @sec.graph for permissions required on the graph to execute the method. - * @sec.triple for permissions required on the associated triples (if any) to execute the method. - * </li> - * <li>It is possible to implement a SecurityEvaluator that does not enforce security at the triple - * level. See SecurityEvaluator documentation for details</li> - * </ul> - * </p> - */ -package org.apache.jena.security; \ No newline at end of file http://git-wip-us.apache.org/repos/asf/jena/blob/c4b0113d/jena-permissions/src/main/java/org/apache/jena/security/query/SecuredQueryEngine.java ---------------------------------------------------------------------- diff --git a/jena-permissions/src/main/java/org/apache/jena/security/query/SecuredQueryEngine.java b/jena-permissions/src/main/java/org/apache/jena/security/query/SecuredQueryEngine.java deleted file mode 100644 index 1afec86..0000000 --- a/jena-permissions/src/main/java/org/apache/jena/security/query/SecuredQueryEngine.java +++ /dev/null @@ -1,152 +0,0 @@ -/* - * Licensed to the Apache Software Foundation (ASF) under one - * or more contributor license agreements. See the NOTICE file - * distributed with this work for additional information - * regarding copyright ownership. The ASF licenses this file - * to you under the Apache License, Version 2.0 (the - * "License"); you may not use this file except in compliance - * with the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ -package org.apache.jena.security.query; - -import java.security.Principal; -import java.util.Set; - -import org.apache.jena.graph.Graph ; -import org.apache.jena.query.Query ; -import org.apache.jena.security.SecurityEvaluator; -import org.apache.jena.security.SecurityEvaluator.SecNode; -import org.apache.jena.security.SecurityEvaluator.SecNode.Type; -import org.apache.jena.security.graph.SecuredGraph; -import org.apache.jena.security.query.rewriter.OpRewriter; -import org.apache.jena.sparql.algebra.Op ; -import org.apache.jena.sparql.core.DatasetGraph ; -import org.apache.jena.sparql.engine.binding.Binding ; -import org.apache.jena.sparql.engine.main.QueryEngineMain ; -import org.apache.jena.sparql.util.Context ; -import org.slf4j.Logger; -import org.slf4j.LoggerFactory; - -public class SecuredQueryEngine extends QueryEngineMain -{ - private static Logger LOG = LoggerFactory - .getLogger(SecuredQueryEngine.class); - - private SecurityEvaluator securityEvaluator; - private SecNode graphIRI; - - /* - * public SecuredQueryEngine( Op op, DatasetGraph dataset, Binding input, - * Context context ) - * { - * super(op, dataset, input, context); - * setGraphIRI( dataset ); - * } - */ - public SecuredQueryEngine( final Query query, final DatasetGraph dataset, - final Binding input, final Context context ) - { - super(query, dataset, input, context); - setGraphIRI(dataset); - } - - public SecurityEvaluator getSecurityEvaluator() - { - return securityEvaluator; - } - - @Override - protected Op modifyOp( final Op op ) - { - final OpRewriter rewriter = new OpRewriter(securityEvaluator, graphIRI); - SecuredQueryEngine.LOG.debug("Before: {}", op); - op.visit(rewriter); - Op result = rewriter.getResult(); - result = result == null ? op : result; - SecuredQueryEngine.LOG.debug("After: {}", result); - result = super.modifyOp(result); - SecuredQueryEngine.LOG.debug("After Optimize: {}", result); - return result; - } - - private void setGraphIRI( final DatasetGraph dataset ) - { - final Graph g = dataset.getDefaultGraph(); - if (g instanceof SecuredGraph) - { - final SecuredGraph sg = (SecuredGraph) g; - graphIRI = sg.getModelNode(); - this.securityEvaluator = sg.getSecurityEvaluator(); - } - else - { - graphIRI = new SecNode(Type.URI, "urn:x-arq:DefaultGraph"); - this.securityEvaluator = new SecurityEvaluator() { - - @Override - public boolean evaluate( final Object principal, final Action action, - final SecNode graphIRI ) - { - return true; - } - - @Override - public boolean evaluate( final Object principal, final Action action, - final SecNode graphIRI, final SecTriple triple ) - { - return true; - } - - @Override - public boolean evaluate( final Object principal, final Set<Action> action, - final SecNode graphIRI ) - { - return true; - } - - @Override - public boolean evaluate( final Object principal, final Set<Action> action, - final SecNode graphIRI, final SecTriple triple ) - { - return true; - } - - @Override - public boolean evaluateAny( final Object principal, final Set<Action> action, - final SecNode graphIRI ) - { - return true; - } - - @Override - public boolean evaluateAny( final Object principal, final Set<Action> action, - final SecNode graphIRI, final SecTriple triple ) - { - return true; - } - - @Override - public boolean evaluateUpdate( final Object principal, final SecNode graphIRI, - final SecTriple from, final SecTriple to ) - { - return true; - } - - @Override - public Principal getPrincipal() - { - return null; - } - }; - - } - } -} http://git-wip-us.apache.org/repos/asf/jena/blob/c4b0113d/jena-permissions/src/main/java/org/apache/jena/security/query/SecuredQueryEngineConfig.java ---------------------------------------------------------------------- diff --git a/jena-permissions/src/main/java/org/apache/jena/security/query/SecuredQueryEngineConfig.java b/jena-permissions/src/main/java/org/apache/jena/security/query/SecuredQueryEngineConfig.java deleted file mode 100644 index 479814b..0000000 --- a/jena-permissions/src/main/java/org/apache/jena/security/query/SecuredQueryEngineConfig.java +++ /dev/null @@ -1,29 +0,0 @@ -/* - * Licensed to the Apache Software Foundation (ASF) under one - * or more contributor license agreements. See the NOTICE file - * distributed with this work for additional information - * regarding copyright ownership. The ASF licenses this file - * to you under the Apache License, Version 2.0 (the - * "License"); you may not use this file except in compliance - * with the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ -package org.apache.jena.security.query; - -import org.apache.jena.sparql.util.Context ; - -public class SecuredQueryEngineConfig -{ - - public void initializeContext(Context context) - { - - } -} http://git-wip-us.apache.org/repos/asf/jena/blob/c4b0113d/jena-permissions/src/main/java/org/apache/jena/security/query/SecuredQueryEngineFactory.java ---------------------------------------------------------------------- diff --git a/jena-permissions/src/main/java/org/apache/jena/security/query/SecuredQueryEngineFactory.java b/jena-permissions/src/main/java/org/apache/jena/security/query/SecuredQueryEngineFactory.java deleted file mode 100644 index 41988b2..0000000 --- a/jena-permissions/src/main/java/org/apache/jena/security/query/SecuredQueryEngineFactory.java +++ /dev/null @@ -1,115 +0,0 @@ -/* - * Licensed to the Apache Software Foundation (ASF) under one - * or more contributor license agreements. See the NOTICE file - * distributed with this work for additional information - * regarding copyright ownership. The ASF licenses this file - * to you under the Apache License, Version 2.0 (the - * "License"); you may not use this file except in compliance - * with the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ -package org.apache.jena.security.query; - -import org.apache.jena.graph.Graph ; -import org.apache.jena.query.Query ; -import org.apache.jena.security.SecurityEvaluator; -import org.apache.jena.security.graph.SecuredGraph; -import org.apache.jena.sparql.ARQInternalErrorException ; -import org.apache.jena.sparql.algebra.Op ; -import org.apache.jena.sparql.core.DatasetGraph ; -import org.apache.jena.sparql.engine.Plan ; -import org.apache.jena.sparql.engine.QueryEngineFactory ; -import org.apache.jena.sparql.engine.QueryEngineRegistry ; -import org.apache.jena.sparql.engine.binding.Binding ; -import org.apache.jena.sparql.util.Context ; - -public class SecuredQueryEngineFactory implements QueryEngineFactory -{ - private boolean silentService = true; - private SecuredQueryEngineConfig cfgResource; - private SecurityEvaluator securityEvaluator; - - private static SecuredQueryEngineFactory factory = new SecuredQueryEngineFactory(); - - static public SecuredQueryEngineFactory getFactory() { - return factory; - } - - static public void register() { - QueryEngineRegistry.addFactory(factory); - } - - static public void unregister() { - QueryEngineRegistry.removeFactory(factory); - } - - public SecurityEvaluator getSecurityEvaluator() { - return securityEvaluator; - } - - public void setSecurityEvaluator(SecurityEvaluator securityEvaluator) { - this.securityEvaluator = securityEvaluator; - } - - public boolean isSilentService() { - return silentService; - } - - public void setSilentService(boolean silentService) { - this.silentService = silentService; - } - - public void setSecuredQueryEngineConfig(SecuredQueryEngineConfig cfgResource) { - this.cfgResource = cfgResource; - - } - - /** - * Only accept a secured dataset - */ - @Override - public boolean accept(Query query, DatasetGraph dataset, Context context) { - Graph g = dataset.getDefaultGraph(); - return g instanceof SecuredGraph; - } - - @Override - public Plan create(Query query, DatasetGraph dataset, Binding initial, - Context context) { - // set up the context - if (cfgResource != null) { - cfgResource.initializeContext( context ); - } - - // Create a query engine instance. - SecuredQueryEngine engine = new SecuredQueryEngine(query, dataset, - initial, context); - return engine.getPlan(); - } - - @Override - public boolean accept(Op op, DatasetGraph dataset, Context context) { // Refuse - // to - // accept - // algebra - // expressions - // directly. - return false; - } - - @Override - public Plan create(Op op, DatasetGraph dataset, Binding inputBinding, - Context context) { // Should not be called because acceept/Op is - // false - throw new ARQInternalErrorException(this.getClass().getSimpleName() - + ": factory called directly with an algebra expression"); - } - -} http://git-wip-us.apache.org/repos/asf/jena/blob/c4b0113d/jena-permissions/src/main/java/org/apache/jena/security/query/rewriter/OpRewriter.java ---------------------------------------------------------------------- diff --git a/jena-permissions/src/main/java/org/apache/jena/security/query/rewriter/OpRewriter.java b/jena-permissions/src/main/java/org/apache/jena/security/query/rewriter/OpRewriter.java deleted file mode 100644 index 1cd59c1..0000000 --- a/jena-permissions/src/main/java/org/apache/jena/security/query/rewriter/OpRewriter.java +++ /dev/null @@ -1,592 +0,0 @@ -/* - * Licensed to the Apache Software Foundation (ASF) under one - * or more contributor license agreements. See the NOTICE file - * distributed with this work for additional information - * regarding copyright ownership. The ASF licenses this file - * to you under the Apache License, Version 2.0 (the - * "License"); you may not use this file except in compliance - * with the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ -package org.apache.jena.security.query.rewriter; - -import java.util.ArrayList; -import java.util.List; - -import org.apache.jena.graph.Node ; -import org.apache.jena.graph.Triple ; -import org.apache.jena.security.AccessDeniedException; -import org.apache.jena.security.SecurityEvaluator; -import org.apache.jena.security.SecurityEvaluator.Action; -import org.apache.jena.security.SecurityEvaluator.SecNode; -import org.apache.jena.security.SecurityEvaluator.SecTriple; -import org.apache.jena.security.impl.SecuredItemImpl; -import org.apache.jena.sparql.algebra.Op ; -import org.apache.jena.sparql.algebra.OpVisitor ; -import org.apache.jena.sparql.algebra.op.* ; -import org.apache.jena.sparql.core.BasicPattern ; -import org.slf4j.Logger; -import org.slf4j.LoggerFactory; - -/** - * This class rewrites the query by examining each operation in the algebra - * returned by the Jena SPARQL parser. - * <p> - * This implementation inserts security evaluator checks where necessary. - * </p> - */ -public class OpRewriter implements OpVisitor -{ - private static Logger LOG = LoggerFactory.getLogger(OpRewriter.class); - private OpSequence result; - private final SecNode graphIRI; - private final SecurityEvaluator securityEvaluator; - // if true the restricted data are silently ignored. - // default false - private final boolean silentFail; - - /** - * Constructor - * @param securityEvaluator The security evaluator to use - * @param graphIRI The IRI for the default graph. - */ - public OpRewriter( final SecurityEvaluator securityEvaluator, - final SecNode graphIRI ) - { - this.securityEvaluator = securityEvaluator; - this.graphIRI = graphIRI; - this.silentFail = false; - reset(); - } - - /** - * Constructor - * @param securityEvaluator The security evaluator to use - * @param graphIRI The IRI for the default graph. - */ - public OpRewriter( final SecurityEvaluator securityEvaluator, - final String graphIRI ) - { - this(securityEvaluator, new SecNode(SecNode.Type.URI, graphIRI)); - } - - /** - * Add the operation to the result. - * @param op the operation to add. - */ - private void addOp( final Op op ) - { - result.add(op); - } - - /** - * Get the result of the rewrite. - * @return the resulting operator - */ - public Op getResult() - { - if (result.size() == 0) - { - return OpNull.create(); - } - if (result.size() == 1) - { - return result.get(0); - } - return result; - - } - - /** - * Register variables. - * - * Registers n as a variable if it is one. - * - * @param n the node to check - * @param variables the list of variable nodes - * @Return n for chaining. - */ - private Node registerVariables( final Node n, final List<Node> variables ) - { - if (n.isVariable() && !variables.contains(n)) - { - variables.add(n); - } - return n; - } - - /** - * Reset the rewriter to the initial state. - * @return this rewriter for chaining. - */ - public OpRewriter reset() - { - result = OpSequence.create(); - return this; - } - - /** - * Register all the variables in the triple. - * @param t the triple to register. - * @param variables The list of variables. - * @return t for chaining - */ - private Triple registerBGPTriple( final Triple t, - final List<Node> variables ) - { - registerVariables(t.getSubject(), variables); - registerVariables(t.getPredicate(), variables); - registerVariables(t.getObject(), variables); - return t; - } - - /** - * Rewrites the subop of op1 and returns the result. - * - * @param op1 - * @return the rewritten op. - */ - private Op rewriteOp1( final Op1 op1 ) - { - final OpRewriter rewriter = new OpRewriter(securityEvaluator, graphIRI); - op1.getSubOp().visit(rewriter); - return rewriter.getResult(); - } - - /** - * rewrites the left and right parts of the op2 the left part is - * returned the right part is placed in the rewriter - * - * @param op2 - * @param rewriter - * @return the rewritten op. - */ - private Op rewriteOp2( final Op2 op2, final OpRewriter rewriter ) - { - op2.getLeft().visit(rewriter.reset()); - final Op left = rewriter.getResult(); - op2.getRight().visit(rewriter.reset()); - return left; - } - - /** - * rewrite source to dest and returns dest - * - * @param source - * @param dest - * @return the rewritten op. - */ - private OpN rewriteOpN( final OpN source, final OpN dest ) - { - final OpRewriter rewriter = new OpRewriter(securityEvaluator, graphIRI); - for (final Op o : source.getElements()) - { - o.visit(rewriter.reset()); - dest.add(rewriter.getResult()); - } - return dest; - } - - /** - * rewrites the subop of assign. - */ - @Override - public void visit( final OpAssign opAssign ) - { - if (LOG.isDebugEnabled()) { LOG.debug( "Starting visiting OpAssign"); } - addOp(OpAssign.assign(rewriteOp1(opAssign), opAssign.getVarExprList())); - } - - @Override - public void visit( final OpBGP opBGP ) - { - if (LOG.isDebugEnabled()) { LOG.debug( "Starting visiting OpBGP"); } - Object principal = securityEvaluator.getPrincipal(); - if (!securityEvaluator.evaluate(principal, Action.Read, graphIRI)) - { - if (silentFail) - { - return; - } - else - { - throw new AccessDeniedException(graphIRI, Action.Read); - } - } - - // if the user can read any triple just add the opBGP - if (securityEvaluator.evaluate(principal, Action.Read, graphIRI, SecTriple.ANY)) - { - addOp(opBGP); - } - else - { - // add security filtering to the resulting triples - final List<Triple> newBGP = new ArrayList<Triple>(); - final List<Node> variables = new ArrayList<Node>(); - // register all variables - for (final Triple t : opBGP.getPattern().getList()) - { - newBGP.add(registerBGPTriple(t, variables)); - } - // create the security function. - final SecuredFunction secFunc = new SecuredFunction(graphIRI, - securityEvaluator, variables, newBGP); - // create the filter - Op filter = OpFilter.filter(secFunc, new OpBGP(BasicPattern.wrap(newBGP))); - // add the filter - addOp(filter); - } - } - - /** - * Rewrite left and right - */ - @Override - public void visit( final OpConditional opCondition ) - { - if (LOG.isDebugEnabled()) { LOG.debug( "Starting visiting OpConditional"); } - final OpRewriter rewriter = new OpRewriter(securityEvaluator, graphIRI); - addOp(new OpConditional(rewriteOp2(opCondition, rewriter), - rewriter.getResult())); - } - - /** - * returns the dsNames - */ - @Override - public void visit( final OpDatasetNames dsNames ) - { - if (LOG.isDebugEnabled()) { LOG.debug( "Starting visiting OpDatasetName"); } - addOp(dsNames); - } - - /** - * Rewrite left and right - */ - @Override - public void visit( final OpDiff opDiff ) - { - if (LOG.isDebugEnabled()) { LOG.debug( "Starting visiting OpDiff"); } - final OpRewriter rewriter = new OpRewriter(securityEvaluator, graphIRI); - addOp(OpDiff.create(rewriteOp2(opDiff, rewriter), rewriter.getResult())); - } - - /** - * Rewrite sequence elements - */ - @Override - public void visit( final OpDisjunction opDisjunction ) - { - if (LOG.isDebugEnabled()) { LOG.debug( "Starting visiting OpDisjunction"); } - addOp(rewriteOpN(opDisjunction, OpDisjunction.create())); - } - - /** - * rewrites the subop of distinct - */ - @Override - public void visit( final OpDistinct opDistinct ) - { - if (LOG.isDebugEnabled()) { LOG.debug( "Starting visiting OpDistinct"); } - addOp(new OpDistinct(rewriteOp1(opDistinct))); - } - - /** - * Returns the Ext - */ - @Override - public void visit( final OpExt opExt ) - { - if (LOG.isDebugEnabled()) { LOG.debug( "Starting visiting OpExt"); } - addOp(opExt); - } - - /** - * rewrites the subop of extend. - */ - @Override - public void visit( final OpExtend opExtend ) - { - if (LOG.isDebugEnabled()) { LOG.debug( "Starting visiting OpExtend"); } - addOp(OpExtend.extend(rewriteOp1(opExtend), opExtend.getVarExprList())); - } - - /** - * rewrites the subop of filter. - */ - @Override - public void visit( final OpFilter opFilter ) - { - if (LOG.isDebugEnabled()) { LOG.debug( "Starting visiting OpFilter"); } - addOp(OpFilter.filter(opFilter.getExprs(), rewriteOp1(opFilter))); - } - - /** - * rewrites the subop of graph. - */ - @Override - public void visit( final OpGraph opGraph ) - { - if (LOG.isDebugEnabled()) { LOG.debug( "Starting visiting OpGraph"); } - final OpRewriter rewriter = new OpRewriter(securityEvaluator, - SecuredItemImpl.convert(opGraph.getNode())); - opGraph.getSubOp().visit(rewriter); - addOp(new OpGraph(opGraph.getNode(), rewriter.getResult())); - } - - /** - * rewrites the subop of group. - */ - @Override - public void visit( final OpGroup opGroup ) - { - if (LOG.isDebugEnabled()) { LOG.debug( "Starting visiting OpGroup"); } - addOp(new OpGroup(rewriteOp1(opGroup), opGroup.getGroupVars(), - opGroup.getAggregators())); - } - - /** - * Parses the joins and recursively calls the left and right parts - */ - @Override - public void visit( final OpJoin opJoin ) - { - if (LOG.isDebugEnabled()) { LOG.debug( "Starting visiting OpJoin"); } - final OpRewriter rewriter = new OpRewriter(securityEvaluator, graphIRI); - addOp(OpJoin.create(rewriteOp2(opJoin, rewriter), rewriter.getResult())); - } - - /** - * returns the label - */ - @Override - public void visit( final OpLabel opLabel ) - { - if (LOG.isDebugEnabled()) { LOG.debug( "Starting visiting OpLabel"); } - addOp(opLabel); - } - - /** - * Parses the joins and recursively calls the left and right parts - */ - @Override - public void visit( final OpLeftJoin opLeftJoin ) - { - if (LOG.isDebugEnabled()) { LOG.debug( "Starting visiting OpLeftJoin"); } - final OpRewriter rewriter = new OpRewriter(securityEvaluator, graphIRI); - addOp(OpLeftJoin.create(rewriteOp2(opLeftJoin, rewriter), - rewriter.getResult(), opLeftJoin.getExprs())); - } - - /** - * rewrites the subop of list. - */ - @Override - public void visit( final OpList opList ) - { - if (LOG.isDebugEnabled()) { LOG.debug( "Starting visiting OpList"); } - addOp(new OpList(rewriteOp1(opList))); - } - - /** - * Rewrite left and right - */ - @Override - public void visit( final OpMinus opMinus ) - { - if (LOG.isDebugEnabled()) { LOG.debug( "Starting visiting OpMinus"); } - final OpRewriter rewriter = new OpRewriter(securityEvaluator, graphIRI); - addOp(OpMinus.create(rewriteOp2(opMinus, rewriter), - rewriter.getResult())); - } - - /** - * returns the null - */ - @Override - public void visit( final OpNull opNull ) - { - if (LOG.isDebugEnabled()) { LOG.debug( "Starting visiting OpNull"); } - addOp(opNull); - } - - /** - * rewrites the subop of order. - */ - @Override - public void visit( final OpOrder opOrder ) - { - if (LOG.isDebugEnabled()) { LOG.debug( "Starting visiting OpOrder"); } - addOp(new OpOrder(rewriteOp1(opOrder), opOrder.getConditions())); - } - - /** - * Returns the path - */ - @Override - public void visit( final OpPath opPath ) - { - if (LOG.isDebugEnabled()) { LOG.debug( "Starting visiting OpPath"); } - addOp(opPath); - } - - /** - * rewrites the subop of proc. - */ - @Override - public void visit( final OpProcedure opProc ) - { - if (LOG.isDebugEnabled()) { LOG.debug( "Starting visiting OpProc"); } - if (opProc.getProcId() != null) - { - addOp(new OpProcedure(opProc.getProcId(), opProc.getArgs(), - rewriteOp1(opProc))); - } - else - { - addOp(new OpProcedure(opProc.getURI(), opProc.getArgs(), - rewriteOp1(opProc))); - } - } - - /** - * rewrites the subop of project. - */ - @Override - public void visit( final OpProject opProject ) - { - if (LOG.isDebugEnabled()) { LOG.debug( "Starting visiting OpProject"); } - addOp(new OpProject(rewriteOp1(opProject), opProject.getVars())); - } - - /** - * rewrites the subop of propFunc. - */ - @Override - public void visit( final OpPropFunc opPropFunc ) - { - if (LOG.isDebugEnabled()) { LOG.debug( "Starting visiting OpPropFunc"); } - addOp(new OpPropFunc(opPropFunc.getProperty(), - opPropFunc.getSubjectArgs(), opPropFunc.getObjectArgs(), - rewriteOp1(opPropFunc))); - } - - /** - * Returns the quad - */ - @Override - public void visit( final OpQuad opQuad ) - { - if (LOG.isDebugEnabled()) { LOG.debug( "Starting visiting OpQuad"); } - addOp(opQuad); - } - - /** - * Returns the quadpattern - */ - @Override - public void visit( final OpQuadPattern quadPattern ) - { - if (LOG.isDebugEnabled()) { LOG.debug( "Starting visiting OpQuadPattern"); } - addOp(quadPattern); - } - - /** - * rewrites the subop of reduced. - */ - @Override - public void visit( final OpReduced opReduced ) - { - if (LOG.isDebugEnabled()) { LOG.debug( "Starting visiting OpReduced"); } - addOp(OpReduced.create(rewriteOp1(opReduced))); - } - - /** - * Rewrite sequence elements - */ - @Override - public void visit( final OpSequence opSequence ) - { - if (LOG.isDebugEnabled()) { LOG.debug( "Starting visiting OpSequence"); } - addOp(rewriteOpN(opSequence, OpSequence.create())); - } - - /** - * returns the service - */ - @Override - public void visit( final OpService opService ) - { - if (LOG.isDebugEnabled()) { LOG.debug( "Starting visiting opService"); } - addOp(opService); - } - - /** - * rewrites the subop of slice - * - * This also handles the limit case - */ - @Override - public void visit( final OpSlice opSlice ) - { - if (LOG.isDebugEnabled()) { LOG.debug( "Starting visiting OpSlice"); } - addOp(opSlice); - } - - /** - * returns the table - */ - @Override - public void visit( final OpTable opTable ) - { - if (LOG.isDebugEnabled()) { LOG.debug( "Starting visiting OpTable"); } - addOp(opTable); - } - - /** - * rewrites the subop of top. - */ - @Override - public void visit( final OpTopN opTop ) - { - if (LOG.isDebugEnabled()) { LOG.debug( "Starting visiting OpTop"); } - addOp(new OpTopN(rewriteOp1(opTop), opTop.getLimit(), - opTop.getConditions())); - } - - /** - * Converts to BGP - */ - @Override - public void visit( final OpTriple opTriple ) - { - if (LOG.isDebugEnabled()) { LOG.debug( "Starting visiting OpTriple"); } - visit(opTriple.asBGP()); - } - - /** - * Rewrite left and right - */ - @Override - public void visit( final OpUnion opUnion ) - { - if (LOG.isDebugEnabled()) { LOG.debug( "Starting visiting OpUnion"); } - final OpRewriter rewriter = new OpRewriter(securityEvaluator, graphIRI); - addOp(OpUnion.create(rewriteOp2(opUnion, rewriter), - rewriter.getResult())); - } - - @Override - public void visit(OpQuadBlock quadBlock) { - if (LOG.isDebugEnabled()) { LOG.debug( "Starting visiting OpQuadBlock"); } - addOp(quadBlock); - } -} http://git-wip-us.apache.org/repos/asf/jena/blob/c4b0113d/jena-permissions/src/main/java/org/apache/jena/security/query/rewriter/SecuredFunction.java ---------------------------------------------------------------------- diff --git a/jena-permissions/src/main/java/org/apache/jena/security/query/rewriter/SecuredFunction.java b/jena-permissions/src/main/java/org/apache/jena/security/query/rewriter/SecuredFunction.java deleted file mode 100644 index b765061..0000000 --- a/jena-permissions/src/main/java/org/apache/jena/security/query/rewriter/SecuredFunction.java +++ /dev/null @@ -1,138 +0,0 @@ -/* - * Licensed to the Apache Software Foundation (ASF) under one - * or more contributor license agreements. See the NOTICE file - * distributed with this work for additional information - * regarding copyright ownership. The ASF licenses this file - * to you under the Apache License, Version 2.0 (the - * "License"); you may not use this file except in compliance - * with the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ -package org.apache.jena.security.query.rewriter; - -import java.util.List; - -import org.apache.jena.graph.Node ; -import org.apache.jena.graph.Triple ; -import org.apache.jena.security.SecurityEvaluator; -import org.apache.jena.security.SecurityEvaluator.Action; -import org.apache.jena.security.SecurityEvaluator.SecNode; -import org.apache.jena.security.SecurityEvaluator.SecTriple; -import org.apache.jena.security.impl.SecuredItemImpl; -import org.apache.jena.sparql.core.Var ; -import org.apache.jena.sparql.engine.binding.Binding ; -import org.apache.jena.sparql.expr.* ; -import org.apache.jena.sparql.function.FunctionEnv ; -import org.apache.jena.sparql.graph.NodeTransform ; - -public class SecuredFunction extends ExprFunctionN -{ - private final SecurityEvaluator securityEvaluator; - private final List<Node> variables; - private final List<Triple> bgp; - private final SecNode graphIRI; - - private static ExprList createArgs( List<Node> variables ) - { - ExprList retval = new ExprList(); - for (Node n : variables ) - { - retval.add( new ExprVar( n )); - } - return retval; - } - - public SecuredFunction( final SecNode graphIRI, - final SecurityEvaluator securityEvaluator, - final List<Node> variables, final List<Triple> bgp ) - { - super(String.format("<java:%s>", SecuredFunction.class.getName() ), createArgs( variables)); - //, - // new ElementTriplesBlock( BasicPattern.wrap(bgp) ), - // new OpBGP( BasicPattern.wrap(bgp) ) - // ); - this.securityEvaluator = securityEvaluator; - this.variables = variables; - this.bgp = bgp; - this.graphIRI = graphIRI; - } - - private boolean checkAccess( Binding values ) - { - Object principal = securityEvaluator.getPrincipal(); - for (final Triple t : bgp) - { - final SecTriple secT = createSecTriple(t, values); - if (!securityEvaluator.evaluate(principal, Action.Read, graphIRI, secT)) - { - return false; - } - } - return true; - } - - private SecTriple createSecTriple( final Triple t, final Binding values ) - { - int idx = variables.indexOf(t.getSubject()); - - final SecNode s = SecuredItemImpl.convert(idx ==-1 ? t.getSubject() - : values.get(Var.alloc( variables.get(idx)))); - - idx = variables.indexOf(t.getPredicate()); - final SecNode p = SecuredItemImpl.convert(idx == -1 ? t - .getPredicate() - : values.get(Var.alloc( variables.get(idx)))); - idx = variables.indexOf(t.getObject()); - final SecNode o = SecuredItemImpl.convert(idx == -1 ? t.getObject() - : values.get(Var.alloc( variables.get(idx)))); - return new SecTriple(s, p, o); - } - - - @Override - public Expr copySubstitute( Binding binding ) - { - return this; - } - - @Override - public Expr applyNodeTransform( NodeTransform transform ) - { - return this; - } - - @Override - public void visit( ExprVisitor visitor ) - { - visitor.visit( this ); - } - - @Override - public NodeValue eval( List<NodeValue> args ) - { - // TODO Auto-generated method stub - return null; - } - - @Override - public Expr copy( ExprList newArgs ) - { - return this; - } - - @Override - protected NodeValue evalSpecial( Binding binding, FunctionEnv env ) - { - return NodeValue.booleanReturn( checkAccess( binding )); - } - - - -} http://git-wip-us.apache.org/repos/asf/jena/blob/c4b0113d/jena-permissions/src/main/java/org/apache/jena/security/utils/ContainerFilter.java ---------------------------------------------------------------------- diff --git a/jena-permissions/src/main/java/org/apache/jena/security/utils/ContainerFilter.java b/jena-permissions/src/main/java/org/apache/jena/security/utils/ContainerFilter.java deleted file mode 100644 index d49792f..0000000 --- a/jena-permissions/src/main/java/org/apache/jena/security/utils/ContainerFilter.java +++ /dev/null @@ -1,48 +0,0 @@ -/* - * Licensed to the Apache Software Foundation (ASF) under one - * or more contributor license agreements. See the NOTICE file - * distributed with this work for additional information - * regarding copyright ownership. The ASF licenses this file - * to you under the Apache License, Version 2.0 (the - * "License"); you may not use this file except in compliance - * with the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ -package org.apache.jena.security.utils; - -import org.apache.jena.rdf.model.Property ; -import org.apache.jena.rdf.model.Statement ; -import org.apache.jena.util.iterator.Filter ; -import org.apache.jena.vocabulary.RDF ; - -public class ContainerFilter extends Filter<Statement> -{ - - @Override - public boolean accept( final Statement o ) - { - final Property p = o.getPredicate(); - if (p.getNameSpace().equals(RDF.getURI()) - && p.getLocalName().startsWith("_")) - { - try - { - Integer.parseInt(p.getLocalName().substring(1)); - return true; - } - catch (final NumberFormatException e) - { - // acceptable; - } - } - return false; - } - -} http://git-wip-us.apache.org/repos/asf/jena/blob/c4b0113d/jena-permissions/src/main/java/org/apache/jena/security/utils/PermStatementFilter.java ---------------------------------------------------------------------- diff --git a/jena-permissions/src/main/java/org/apache/jena/security/utils/PermStatementFilter.java b/jena-permissions/src/main/java/org/apache/jena/security/utils/PermStatementFilter.java deleted file mode 100644 index b2217a1..0000000 --- a/jena-permissions/src/main/java/org/apache/jena/security/utils/PermStatementFilter.java +++ /dev/null @@ -1,164 +0,0 @@ -/* - * Licensed to the Apache Software Foundation (ASF) under one - * or more contributor license agreements. See the NOTICE file - * distributed with this work for additional information - * regarding copyright ownership. The ASF licenses this file - * to you under the Apache License, Version 2.0 (the - * "License"); you may not use this file except in compliance - * with the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ -package org.apache.jena.security.utils; - -import java.util.Collection; -import java.util.Set; - -import org.apache.jena.rdf.model.Statement ; -import org.apache.jena.security.SecurityEvaluator; -import org.apache.jena.security.SecurityEvaluator.Action; -import org.apache.jena.security.SecurityEvaluator.SecNode; -import org.apache.jena.security.impl.SecuredItem; -import org.apache.jena.security.impl.SecuredItemImpl; -import org.apache.jena.util.iterator.Filter ; - -/** - * A filter for to filter ExtendedIterators on Statements. - * This filter removes any triple that the user can not perform all - * the actions on. - */ -public class PermStatementFilter extends Filter<Statement> -{ - private final SecurityEvaluator evaluator; - private final SecNode modelNode; - private final Set<Action> actions; - private final Object principal; - - /** - * Creates a filter that requires that the user have all the permissions - * listed in the actions parameter - * - * @param action - * The action the user must be permitted to perform. - * @param securedItem - * The secured item that secures this iterator. - */ - public PermStatementFilter( final Action action, - final SecuredItem securedItem ) - { - this.modelNode = securedItem.getModelNode(); - this.actions = SecurityEvaluator.Util.asSet(new Action[] { action }); - this.evaluator = securedItem.getSecurityEvaluator(); - this.principal = evaluator.getPrincipal(); - } - - /** - * Creates a filter that requires that the user have all the permissions - * listed in the actions parameter - * - * @param action - * The action the user must be permitted to perform. - * @param securedItem - * The secured item that secures this iterator. - * @param evaluator - * The security evaluator to evaluate the security queries. - */ - public PermStatementFilter( final Action action, - final SecuredItem securedItem, final SecurityEvaluator evaluator ) - { - this.modelNode = securedItem.getModelNode(); - this.actions = SecurityEvaluator.Util.asSet(new Action[] { action }); - this.evaluator = evaluator; - this.principal = evaluator.getPrincipal(); - } - - /** - * Creates a filter that requires that the user have all the permissions - * listed in the actions parameter - * - * @param actions - * The actions the user must be permitted to perform. - * @param securedItem - * The secured item that secures this iterator. - */ - public PermStatementFilter( final Action[] actions, - final SecuredItem securedItem ) - { - this.modelNode = securedItem.getModelNode(); - this.actions = SecurityEvaluator.Util.asSet(actions); - this.evaluator = securedItem.getSecurityEvaluator(); - this.principal = evaluator.getPrincipal(); - } - - /** - * Creates a filter that requires that the user have all the permissions - * listed in the actions parameter - * - * @param actions - * The actions the user must be permitted to perform. - * @param securedItem - * The secured item that secures this iterator. - * @param evaluator - * The security evaluator to evaluate the security queries. - */ - public PermStatementFilter( final Action[] actions, - final SecuredItem securedItem, final SecurityEvaluator evaluator ) - { - this.modelNode = securedItem.getModelNode(); - this.actions = SecurityEvaluator.Util.asSet(actions); - this.evaluator = evaluator; - this.principal = evaluator.getPrincipal(); - } - - /** - * Creates a filter that requires that the user have all the permissions - * listed in the actions parameter - * - * @param actions - * The actions the user must be permitted to perform. - * @param securedItem - * The secured item that secures this iterator. - */ - public PermStatementFilter( final Collection<Action> actions, - final SecuredItem securedItem ) - { - this.modelNode = securedItem.getModelNode(); - this.actions = SecurityEvaluator.Util.asSet(actions); - this.evaluator = securedItem.getSecurityEvaluator(); - this.principal = evaluator.getPrincipal(); - } - - /** - * Creates a filter that requires that the user have all the permissions - * listed in the actions parameter - * - * @param actions - * The actions the user must be permitted to perform. - * @param securedItem - * The secured item that secures this iterator. - * @param evaluator - * The security evaluator to evaluate the security queries. - */ - public PermStatementFilter( final Collection<Action> actions, - final SecuredItem securedItem, final SecurityEvaluator evaluator ) - { - this.modelNode = securedItem.getModelNode(); - this.actions = SecurityEvaluator.Util.asSet(actions); - this.evaluator = evaluator; - this.principal = evaluator.getPrincipal(); - } - - @Override - public boolean accept( final Statement s ) - { - return evaluator.evaluateAny(principal, actions, modelNode, - SecuredItemImpl.convert(s.asTriple())); - } - -} \ No newline at end of file http://git-wip-us.apache.org/repos/asf/jena/blob/c4b0113d/jena-permissions/src/main/java/org/apache/jena/security/utils/PermTripleFilter.java ---------------------------------------------------------------------- diff --git a/jena-permissions/src/main/java/org/apache/jena/security/utils/PermTripleFilter.java b/jena-permissions/src/main/java/org/apache/jena/security/utils/PermTripleFilter.java deleted file mode 100644 index 5f6cfa1..0000000 --- a/jena-permissions/src/main/java/org/apache/jena/security/utils/PermTripleFilter.java +++ /dev/null @@ -1,163 +0,0 @@ -/* - * Licensed to the Apache Software Foundation (ASF) under one - * or more contributor license agreements. See the NOTICE file - * distributed with this work for additional information - * regarding copyright ownership. The ASF licenses this file - * to you under the Apache License, Version 2.0 (the - * "License"); you may not use this file except in compliance - * with the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ -package org.apache.jena.security.utils; - -import java.util.Collection; -import java.util.Set; - -import org.apache.jena.graph.Triple ; -import org.apache.jena.security.SecurityEvaluator; -import org.apache.jena.security.SecurityEvaluator.Action; -import org.apache.jena.security.SecurityEvaluator.SecNode; -import org.apache.jena.security.impl.SecuredItem; -import org.apache.jena.security.impl.SecuredItemImpl; -import org.apache.jena.util.iterator.Filter ; - -/** - * A filter for to filter ExtendedIterators on Triples. - * This filter removes any triple that the user can not perform all - * the actions on. - */ -public class PermTripleFilter extends Filter<Triple> -{ - private final SecurityEvaluator evaluator; - private final SecNode modelNode; - private final Set<Action> actions; - private final Object principal; - - /** - * Creates a filter that requires that the user have all the permissions - * listed in the actions parameter - * - * @param action - * The action the user must be permitted to perform. - * @param securedItem - * The secured item that secures this iterator. - */ - public PermTripleFilter( final Action action, final SecuredItem securedItem ) - { - this.modelNode = securedItem.getModelNode(); - this.actions = SecurityEvaluator.Util.asSet(new Action[] { action }); - this.evaluator = securedItem.getSecurityEvaluator(); - this.principal = evaluator.getPrincipal(); - } - - /** - * Creates a filter that requires that the user have all the permissions - * listed in the actions parameter - * - * @param action - * The action the user must be permitted to perform. - * @param securedItem - * The secured item that secures this iterator. - * @param evaluator - * The security evaluator to evaluate the security queries. - */ - public PermTripleFilter( final Action action, - final SecuredItem securedItem, final SecurityEvaluator evaluator ) - { - this.modelNode = securedItem.getModelNode(); - this.actions = SecurityEvaluator.Util.asSet(new Action[] { action }); - this.evaluator = evaluator; - this.principal = evaluator.getPrincipal(); - } - - /** - * Creates a filter that requires that the user have all the permissions - * listed in the actions parameter - * - * @param actions - * The actions the user must be permitted to perform. - * @param securedItem - * The secured item that secures this iterator. - */ - public PermTripleFilter( final Action[] actions, - final SecuredItem securedItem ) - { - this.modelNode = securedItem.getModelNode(); - this.actions = SecurityEvaluator.Util.asSet(actions); - this.evaluator = securedItem.getSecurityEvaluator(); - this.principal = evaluator.getPrincipal(); - } - - /** - * Creates a filter that requires that the user have all the permissions - * listed in the actions parameter - * - * @param actions - * The actions the user must be permitted to perform. - * @param securedItem - * The secured item that secures this iterator. - * @param evaluator - * The security evaluator to evaluate the security queries. - */ - public PermTripleFilter( final Action[] actions, - final SecuredItem securedItem, final SecurityEvaluator evaluator ) - { - this.modelNode = securedItem.getModelNode(); - this.actions = SecurityEvaluator.Util.asSet(actions); - this.evaluator = evaluator; - this.principal = evaluator.getPrincipal(); - } - - /** - * Creates a filter that requires that the user have all the permissions - * listed in the actions parameter - * - * @param actions - * The actions the user must be permitted to perform. - * @param securedItem - * The secured item that secures this iterator. - */ - public PermTripleFilter( final Collection<Action> actions, - final SecuredItem securedItem ) - { - this.modelNode = securedItem.getModelNode(); - this.actions = SecurityEvaluator.Util.asSet(actions); - this.evaluator = securedItem.getSecurityEvaluator(); - this.principal = evaluator.getPrincipal(); - } - - /** - * Creates a filter that requires that the user have all the permissions - * listed in the actions parameter - * - * @param actions - * The actions the user must be permitted to perform. - * @param securedItem - * The secured item that secures this iterator. - * @param evaluator - * The security evaluator to evaluate the security queries. - */ - public PermTripleFilter( final Collection<Action> actions, - final SecuredItem securedItem, final SecurityEvaluator evaluator ) - { - this.modelNode = securedItem.getModelNode(); - this.actions = SecurityEvaluator.Util.asSet(actions); - this.evaluator = evaluator; - this.principal = evaluator.getPrincipal(); - } - - @Override - public boolean accept( final Triple t ) - { - return evaluator.evaluateAny(principal, actions, modelNode, - SecuredItemImpl.convert(t)); - } - -} \ No newline at end of file http://git-wip-us.apache.org/repos/asf/jena/blob/c4b0113d/jena-permissions/src/main/java/org/apache/jena/security/utils/RDFListIterator.java ---------------------------------------------------------------------- diff --git a/jena-permissions/src/main/java/org/apache/jena/security/utils/RDFListIterator.java b/jena-permissions/src/main/java/org/apache/jena/security/utils/RDFListIterator.java deleted file mode 100644 index 9c86b95..0000000 --- a/jena-permissions/src/main/java/org/apache/jena/security/utils/RDFListIterator.java +++ /dev/null @@ -1,79 +0,0 @@ -/* - * Licensed to the Apache Software Foundation (ASF) under one - * or more contributor license agreements. See the NOTICE file - * distributed with this work for additional information - * regarding copyright ownership. The ASF licenses this file - * to you under the Apache License, Version 2.0 (the - * "License"); you may not use this file except in compliance - * with the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ -package org.apache.jena.security.utils; - -import java.util.Iterator; -import java.util.NoSuchElementException; - -import org.apache.jena.rdf.model.RDFList ; -import org.apache.jena.vocabulary.RDF ; - -public class RDFListIterator implements Iterator<RDFList> -{ - private RDFList current; - private Boolean found; - - public RDFListIterator( final RDFList start ) - { - this.current = start; - } - - private boolean endOfList() - { - return current.equals(RDF.nil); - } - - @Override - public boolean hasNext() - { - if ((found == null) && !endOfList()) - { - found = !endOfList(); - } - return found == null ? false : found; - } - - private void incrementCurrent() - { - if (!endOfList()) - { - current = current.getRequiredProperty(RDF.rest).getResource() - .as(RDFList.class); - } - } - - @Override - public RDFList next() - { - if (hasNext()) - { - found = null; - final RDFList retval = current; - incrementCurrent(); - return retval; - } - throw new NoSuchElementException(); - } - - @Override - public void remove() - { - throw new UnsupportedOperationException(); - } - -} http://git-wip-us.apache.org/repos/asf/jena/blob/c4b0113d/jena-permissions/src/main/java/org/apache/jena/security/utils/RDFListSecFilter.java ---------------------------------------------------------------------- diff --git a/jena-permissions/src/main/java/org/apache/jena/security/utils/RDFListSecFilter.java b/jena-permissions/src/main/java/org/apache/jena/security/utils/RDFListSecFilter.java deleted file mode 100644 index 3127c4f..0000000 --- a/jena-permissions/src/main/java/org/apache/jena/security/utils/RDFListSecFilter.java +++ /dev/null @@ -1,58 +0,0 @@ -/* - * Licensed to the Apache Software Foundation (ASF) under one - * or more contributor license agreements. See the NOTICE file - * distributed with this work for additional information - * regarding copyright ownership. The ASF licenses this file - * to you under the Apache License, Version 2.0 (the - * "License"); you may not use this file except in compliance - * with the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ -package org.apache.jena.security.utils; - -import java.util.Set; - -import org.apache.jena.rdf.model.RDFList ; -import org.apache.jena.rdf.model.Statement ; -import org.apache.jena.security.SecurityEvaluator; -import org.apache.jena.security.SecurityEvaluator.Action; -import org.apache.jena.security.impl.SecuredItem; -import org.apache.jena.security.impl.SecuredItemImpl; -import org.apache.jena.util.iterator.Filter ; -import org.apache.jena.vocabulary.RDF ; - -public class RDFListSecFilter<T extends RDFList> extends Filter<T> -{ - private final SecuredItem securedItem; - private final Set<Action> perms; - private final Object principal; - - public RDFListSecFilter( final SecuredItem securedItem, final Action perm ) - { - this(securedItem, SecurityEvaluator.Util.asSet(new Action[] { perm })); - } - - public RDFListSecFilter( final SecuredItem securedItem, - final Set<Action> perms ) - { - this.securedItem = securedItem; - this.perms = perms; - this.principal = securedItem.getSecurityEvaluator().getPrincipal(); - } - - @Override - public boolean accept( final RDFList o ) - { - final Statement s = o.getRequiredProperty(RDF.first); - return securedItem.getSecurityEvaluator().evaluate(principal, perms, - securedItem.getModelNode(), - SecuredItemImpl.convert(s.asTriple())); - } -} http://git-wip-us.apache.org/repos/asf/jena/blob/c4b0113d/jena-permissions/src/test/java/org/apache/jena/permissions/EqualityTester.java ---------------------------------------------------------------------- diff --git a/jena-permissions/src/test/java/org/apache/jena/permissions/EqualityTester.java b/jena-permissions/src/test/java/org/apache/jena/permissions/EqualityTester.java new file mode 100644 index 0000000..aaeb473 --- /dev/null +++ b/jena-permissions/src/test/java/org/apache/jena/permissions/EqualityTester.java @@ -0,0 +1,49 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package org.apache.jena.permissions; + +import org.junit.Assert; + +public class EqualityTester +{ + + public static void testEquality( final String label, final Object o1, + final Object o2 ) + { + Assert.assertEquals(label, o1, o2); + Assert.assertEquals(label + " inverse", o2, o1); + Assert.assertEquals(label + " hashCode", o1.hashCode(), o2.hashCode()); + } + + public static void testInequality( final String label, final Object o1, + final Object o2 ) + { + if ((o1 == null) && (o2 == null)) + { + Assert.fail(label + ": both arguments are null"); + } + if ((o1 == null) || (o2 == null)) + { + return; + } + Assert.assertFalse(label, o2.equals(o1)); + Assert.assertFalse(label, o1.equals(o2)); + + } + +} http://git-wip-us.apache.org/repos/asf/jena/blob/c4b0113d/jena-permissions/src/test/java/org/apache/jena/permissions/MockPrefixMapping.java ---------------------------------------------------------------------- diff --git a/jena-permissions/src/test/java/org/apache/jena/permissions/MockPrefixMapping.java b/jena-permissions/src/test/java/org/apache/jena/permissions/MockPrefixMapping.java new file mode 100644 index 0000000..a52b659 --- /dev/null +++ b/jena-permissions/src/test/java/org/apache/jena/permissions/MockPrefixMapping.java @@ -0,0 +1,105 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package org.apache.jena.permissions; + +import java.util.Collections; +import java.util.Map; + +import org.apache.jena.shared.PrefixMapping ; + +public class MockPrefixMapping implements PrefixMapping +{ + + @Override + public String expandPrefix( final String prefixed ) + { + return prefixed; + } + + @Override + public Map<String, String> getNsPrefixMap() + { + return Collections.emptyMap(); + } + + @Override + public String getNsPrefixURI( final String prefix ) + { + return null; + } + + @Override + public String getNsURIPrefix( final String uri ) + { + return null; + } + + @Override + public PrefixMapping lock() + { + return this; + } + + @Override + public String qnameFor( final String uri ) + { + return null; + } + + @Override + public PrefixMapping removeNsPrefix( final String prefix ) + { + return this; + } + + @Override + public boolean samePrefixMappingAs( final PrefixMapping other ) + { + return false; + } + + @Override + public PrefixMapping setNsPrefix( final String prefix, final String uri ) + { + throw new UnsupportedOperationException(); + } + + @Override + public PrefixMapping setNsPrefixes( final Map<String, String> map ) + { + throw new UnsupportedOperationException(); + } + + @Override + public PrefixMapping setNsPrefixes( final PrefixMapping other ) + { + throw new UnsupportedOperationException(); + } + + @Override + public String shortForm( final String uri ) + { + return uri; + } + + @Override + public PrefixMapping withDefaultMappings( final PrefixMapping map ) + { + throw new UnsupportedOperationException(); + } +} \ No newline at end of file http://git-wip-us.apache.org/repos/asf/jena/blob/c4b0113d/jena-permissions/src/test/java/org/apache/jena/permissions/MockSecurityEvaluator.java ---------------------------------------------------------------------- diff --git a/jena-permissions/src/test/java/org/apache/jena/permissions/MockSecurityEvaluator.java b/jena-permissions/src/test/java/org/apache/jena/permissions/MockSecurityEvaluator.java new file mode 100644 index 0000000..9c0b099 --- /dev/null +++ b/jena-permissions/src/test/java/org/apache/jena/permissions/MockSecurityEvaluator.java @@ -0,0 +1,228 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package org.apache.jena.permissions; + +import java.security.Principal; +import java.util.Collections; +import java.util.Set; + +import org.apache.jena.permissions.SecurityEvaluator; +import org.apache.jena.rdf.model.Resource ; + +public class MockSecurityEvaluator implements SecurityEvaluator +{ + + private final boolean loggedIn; + private final boolean create; + private final boolean read; + private final boolean update; + private final boolean delete; + private final boolean forceTripleChecks; + + public static MockSecurityEvaluator getInstance() + { + return new MockSecurityEvaluator( true, true, true, true, true, true ); + } + + + public MockSecurityEvaluator( final boolean loggedIn, final boolean create, + final boolean read, final boolean update, final boolean delete, + final boolean forceTripleChecks ) + { + this.loggedIn = loggedIn; + this.create = create; + this.read = read; + this.update = update; + this.delete = delete; + this.forceTripleChecks = forceTripleChecks; + } + + public boolean evaluate( final Action action ) + { + switch (action) + { + case Read: + return read; + case Create: + return create; + case Update: + return update; + case Delete: + return delete; + default: + throw new IllegalArgumentException(); + } + } + + /** + * Answers the question. can the logged in user perform action on the + * object. + * + * if there is no logged in user then anonymous access is assumed. + * + * @param action + * @param object + * @return boolean + */ + public boolean evaluate( final Action action, final Resource object ) + { + + return evaluate(action); + } + + @Override + public boolean evaluate( final Object principal, final Action action, final SecNode uri ) + { + return evaluate(action); + } + + @Override + public boolean evaluate( final Object principal, final Action action, final SecNode graphIRI, + final SecTriple triple ) + { + if (forceTripleChecks) + { + if (triple.getSubject().equals(SecNode.ANY) + || triple.getPredicate().equals(SecNode.ANY) + || triple.getObject().equals(SecNode.ANY)) + { + return false; + } + } + return evaluate(action); + } + + public boolean evaluate( final Action[] actions ) + { + for (final Action a : actions) + { + if (!evaluate(a)) + { + return false; + } + } + return true; + } + + public boolean evaluate( final Set<Action> action ) + { + boolean result = true; + for (final Action a : action) + { + result &= evaluate(a); + } + return result; + } + + public boolean evaluate( final Set<Action> action, final Resource object ) + { + boolean result = true; + for (final Action a : action) + { + result &= evaluate(a); + } + return result; + } + + @Override + public boolean evaluate( final Object principal, final Set<Action> action, final SecNode uri ) + { + return evaluate(action); + } + + @Override + public boolean evaluate( final Object principal, final Set<Action> action, final SecNode graphIRI, + final SecTriple triple ) + { + for (final Action a : action) + { + if (!evaluate(a)) + { + return false; + } + } + return true; + } + + @Override + public boolean evaluateAny( final Object principal, final Set<Action> action, final SecNode graphIRI ) + { + for (final Action a : action) + { + if (evaluate(a)) + { + return true; + } + } + return false; + } + + @Override + public boolean evaluateAny( final Object principal, final Set<Action> action, + final SecNode graphIRI, final SecTriple triple ) + { + return evaluateAny( principal, action, graphIRI); + } + + @Override + public boolean evaluateUpdate( final Object principal, final SecNode graphIRI, + final SecTriple from, final SecTriple to ) + { + return evaluate(Action.Update); + } + + public Set<Action> getPermissions( final Resource resourceID ) + { + return Collections.emptySet(); + } + + public Set<Action> getPermissions( final SecNode uri ) + { + return Collections.emptySet(); + } + + @Override + public Principal getPrincipal() + { + if (loggedIn) + { + return new Principal() { + + @Override + public String getName() + { + return "TestingPrincipal"; + } + }; + } + return null; + } + + public boolean isLoggedIn() + { + return loggedIn; + } + + @Override + public String toString() + { + return String.format("C:%s R:%s U:%s D:%s force:%s", create, read, + update, delete, forceTripleChecks); + } + +} http://git-wip-us.apache.org/repos/asf/jena/blob/c4b0113d/jena-permissions/src/test/java/org/apache/jena/permissions/ModelBasedSecurityEvaluator.java ---------------------------------------------------------------------- diff --git a/jena-permissions/src/test/java/org/apache/jena/permissions/ModelBasedSecurityEvaluator.java b/jena-permissions/src/test/java/org/apache/jena/permissions/ModelBasedSecurityEvaluator.java new file mode 100644 index 0000000..f61e1bb --- /dev/null +++ b/jena-permissions/src/test/java/org/apache/jena/permissions/ModelBasedSecurityEvaluator.java @@ -0,0 +1,77 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package org.apache.jena.permissions; + +import java.util.Set; + +import org.apache.jena.permissions.SecurityEvaluator; +import org.apache.jena.rdf.model.Model ; + +public class ModelBasedSecurityEvaluator implements SecurityEvaluator { + + //private Model model; + + public ModelBasedSecurityEvaluator( Model model) { + //this.model = model; + } + + + + @Override + public boolean evaluate(final Object principal, Action action, SecNode graphIRI) { + return true; + } + + @Override + public boolean evaluate(final Object principal, Action action, SecNode graphIRI, SecTriple triple) { + return true; + } + + @Override + public boolean evaluate(final Object principal, Set<Action> actions, SecNode graphIRI) { + return true; + } + + @Override + public boolean evaluate(final Object principal, Set<Action> actions, SecNode graphIRI, + SecTriple triple) { + return true; + } + + @Override + public boolean evaluateAny(final Object principal, Set<Action> actions, SecNode graphIRI) { + return true; + } + + @Override + public boolean evaluateAny(final Object principal, Set<Action> actions, SecNode graphIRI, + SecTriple triple) { + return true; + } + + @Override + public boolean evaluateUpdate(final Object principal, SecNode graphIRI, SecTriple from, SecTriple to) { + return true; + } + + @Override + public Object getPrincipal() { + return null; + } + +}
