http://git-wip-us.apache.org/repos/asf/jena/blob/c4b0113d/jena-permissions/src/test/java/org/apache/jena/permissions/model/SecuredContainerTest.java ---------------------------------------------------------------------- diff --git a/jena-permissions/src/test/java/org/apache/jena/permissions/model/SecuredContainerTest.java b/jena-permissions/src/test/java/org/apache/jena/permissions/model/SecuredContainerTest.java new file mode 100644 index 0000000..2d80725 --- /dev/null +++ b/jena-permissions/src/test/java/org/apache/jena/permissions/model/SecuredContainerTest.java @@ -0,0 +1,480 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package org.apache.jena.permissions.model; + +import java.util.Set; + +import org.apache.jena.permissions.AccessDeniedException; +import org.apache.jena.permissions.MockSecurityEvaluator; +import org.apache.jena.permissions.SecurityEvaluator; +import org.apache.jena.permissions.SecurityEvaluatorParameters; +import org.apache.jena.permissions.SecurityEvaluator.Action; +import org.apache.jena.permissions.model.SecuredContainer; +import org.apache.jena.permissions.model.impl.SecuredContainerImpl; +import org.apache.jena.rdf.model.Container ; +import org.apache.jena.rdf.model.ResourceFactory ; +import org.apache.jena.rdf.model.Statement ; +import org.junit.Assert; +import org.junit.Before; +import org.junit.Test; +import org.junit.runner.RunWith; + +@RunWith( value = SecurityEvaluatorParameters.class ) +public abstract class SecuredContainerTest extends SecuredResourceTest +{ + + public SecuredContainerTest( final MockSecurityEvaluator securityEvaluator ) + { + super(securityEvaluator); + } + + private SecuredContainer getSecuredContainer() + { + return (SecuredContainer) getSecuredRDFNode(); + } + + @Override + @Before + public void setup() + { + super.setup(); + final Container container = baseModel + .getBag("http://example.com/testContainer";); + container.add("SomeDummyItem"); + setSecuredRDFNode( + SecuredContainerImpl.getInstance(securedModel, container), + container); + } + + @Test + public void test() + { + try + { + getSecuredContainer().size(); + if (!securityEvaluator.evaluate(Action.Read)) + { + Assert.fail("Should have thrown AccessDenied Exception"); + } + } + catch (final AccessDeniedException e) + { + if (securityEvaluator.evaluate(Action.Read)) + { + Assert.fail(String + .format("Should not have thrown AccessDenied Exception: %s - %s", + e, e.getTriple())); + } + } + } + + /** + * @sec.graph Update + * @sec.triple Create SecTriple( this, RDF.li, o ); + * @throws AccessDeniedException + */ + @Test + public void testAdd() + { + final Set<Action> perms = SecurityEvaluator.Util.asSet(new Action[] { + Action.Update, Action.Create }); + try + { + getSecuredContainer().add(true); + if (!securityEvaluator.evaluate(perms)) + { + Assert.fail("Should have thrown AccessDenied Exception"); + } + } + catch (final AccessDeniedException e) + { + if (securityEvaluator.evaluate(perms)) + { + Assert.fail(String + .format("Should not have thrown AccessDenied Exception: %s - %s", + e, e.getTriple())); + } + } + + try + { + getSecuredContainer().add('c'); + if (!securityEvaluator.evaluate(perms)) + { + Assert.fail("Should have thrown AccessDenied Exception"); + } + } + catch (final AccessDeniedException e) + { + if (securityEvaluator.evaluate(perms)) + { + Assert.fail(String + .format("Should not have thrown AccessDenied Exception: %s - %s", + e, e.getTriple())); + } + } + + try + { + getSecuredContainer().add(3.14D); + if (!securityEvaluator.evaluate(perms)) + { + Assert.fail("Should have thrown AccessDenied Exception"); + } + } + catch (final AccessDeniedException e) + { + if (securityEvaluator.evaluate(perms)) + { + Assert.fail(String + .format("Should not have thrown AccessDenied Exception: %s - %s", + e, e.getTriple())); + } + } + + try + { + getSecuredContainer().add(3.14F); + if (!securityEvaluator.evaluate(perms)) + { + Assert.fail("Should have thrown AccessDenied Exception"); + } + } + catch (final AccessDeniedException e) + { + if (securityEvaluator.evaluate(perms)) + { + Assert.fail(String + .format("Should not have thrown AccessDenied Exception: %s - %s", + e, e.getTriple())); + } + } + + try + { + getSecuredContainer().add(2L); + if (!securityEvaluator.evaluate(perms)) + { + Assert.fail("Should have thrown AccessDenied Exception"); + } + } + catch (final AccessDeniedException e) + { + if (securityEvaluator.evaluate(perms)) + { + Assert.fail(String + .format("Should not have thrown AccessDenied Exception: %s - %s", + e, e.getTriple())); + } + } + + final Object o = Integer.valueOf("1234"); + try + { + getSecuredContainer().add(o); + if (!securityEvaluator.evaluate(perms)) + { + Assert.fail("Should have thrown AccessDenied Exception"); + } + } + catch (final AccessDeniedException e) + { + if (securityEvaluator.evaluate(perms)) + { + Assert.fail(String + .format("Should not have thrown AccessDenied Exception: %s - %s", + e, e.getTriple())); + } + } + + try + { + getSecuredContainer().add( + ResourceFactory + .createResource("http://example.com/testResource";)); + if (!securityEvaluator.evaluate(perms)) + { + Assert.fail("Should have thrown AccessDenied Exception"); + } + } + catch (final AccessDeniedException e) + { + if (securityEvaluator.evaluate(perms)) + { + Assert.fail(String + .format("Should not have thrown AccessDenied Exception: %s - %s", + e, e.getTriple())); + } + } + + try + { + getSecuredContainer().add("foo"); + if (!securityEvaluator.evaluate(perms)) + { + Assert.fail("Should have thrown AccessDenied Exception"); + } + } + catch (final AccessDeniedException e) + { + if (securityEvaluator.evaluate(perms)) + { + Assert.fail(String + .format("Should not have thrown AccessDenied Exception: %s - %s", + e, e.getTriple())); + } + } + + try + { + getSecuredContainer().add("dos", "esp"); + if (!securityEvaluator.evaluate(perms)) + { + Assert.fail("Should have thrown AccessDenied Exception"); + } + } + catch (final AccessDeniedException e) + { + if (securityEvaluator.evaluate(perms)) + { + Assert.fail(String + .format("Should not have thrown AccessDenied Exception: %s - %s", + e, e.getTriple())); + } + } + + } + + @Test + public void testContains() + { + try + { + getSecuredContainer().contains(true); + if (!securityEvaluator.evaluate(Action.Read)) + { + Assert.fail("Should have thrown AccessDenied Exception"); + } + } + catch (final AccessDeniedException e) + { + if (securityEvaluator.evaluate(Action.Read)) + { + Assert.fail(String + .format("Should not have thrown AccessDenied Exception: %s - %s", + e, e.getTriple())); + } + } + + try + { + getSecuredContainer().contains('c'); + if (!securityEvaluator.evaluate(Action.Read)) + { + Assert.fail("Should have thrown AccessDenied Exception"); + } + } + catch (final AccessDeniedException e) + { + if (securityEvaluator.evaluate(Action.Read)) + { + Assert.fail(String + .format("Should not have thrown AccessDenied Exception: %s - %s", + e, e.getTriple())); + } + } + + try + { + getSecuredContainer().contains(3.14D); + if (!securityEvaluator.evaluate(Action.Read)) + { + Assert.fail("Should have thrown AccessDenied Exception"); + } + } + catch (final AccessDeniedException e) + { + if (securityEvaluator.evaluate(Action.Read)) + { + Assert.fail(String + .format("Should not have thrown AccessDenied Exception: %s - %s", + e, e.getTriple())); + } + } + + try + { + getSecuredContainer().contains(3.14F); + if (!securityEvaluator.evaluate(Action.Read)) + { + Assert.fail("Should have thrown AccessDenied Exception"); + } + } + catch (final AccessDeniedException e) + { + if (securityEvaluator.evaluate(Action.Read)) + { + Assert.fail(String + .format("Should not have thrown AccessDenied Exception: %s - %s", + e, e.getTriple())); + } + } + + try + { + getSecuredContainer().contains(2L); + if (!securityEvaluator.evaluate(Action.Read)) + { + Assert.fail("Should have thrown AccessDenied Exception"); + } + } + catch (final AccessDeniedException e) + { + if (securityEvaluator.evaluate(Action.Read)) + { + Assert.fail(String + .format("Should not have thrown AccessDenied Exception: %s - %s", + e, e.getTriple())); + } + } + + final Object o = Integer.valueOf("1234"); + try + { + getSecuredContainer().contains(o); + if (!securityEvaluator.evaluate(Action.Read)) + { + Assert.fail("Should have thrown AccessDenied Exception"); + } + } + catch (final AccessDeniedException e) + { + if (securityEvaluator.evaluate(Action.Read)) + { + Assert.fail(String + .format("Should not have thrown AccessDenied Exception: %s - %s", + e, e.getTriple())); + } + } + + try + { + getSecuredContainer().contains( + ResourceFactory + .createResource("http://example.com/testResource";)); + if (!securityEvaluator.evaluate(Action.Read)) + { + Assert.fail("Should have thrown AccessDenied Exception"); + } + } + catch (final AccessDeniedException e) + { + if (securityEvaluator.evaluate(Action.Read)) + { + Assert.fail(String + .format("Should not have thrown AccessDenied Exception: %s - %s", + e, e.getTriple())); + } + } + + try + { + getSecuredContainer().contains("foo"); + if (!securityEvaluator.evaluate(Action.Read)) + { + Assert.fail("Should have thrown AccessDenied Exception"); + } + } + catch (final AccessDeniedException e) + { + if (securityEvaluator.evaluate(Action.Read)) + { + Assert.fail(String + .format("Should not have thrown AccessDenied Exception: %s - %s", + e, e.getTriple())); + } + } + + try + { + getSecuredContainer().contains("dos", "esp"); + if (!securityEvaluator.evaluate(Action.Read)) + { + Assert.fail("Should have thrown AccessDenied Exception"); + } + } + catch (final AccessDeniedException e) + { + if (securityEvaluator.evaluate(Action.Read)) + { + Assert.fail(String + .format("Should not have thrown AccessDenied Exception: %s - %s", + e, e.getTriple())); + } + } + } + + @Test + public void testIterator() + { + try + { + getSecuredContainer().iterator(); + if (!securityEvaluator.evaluate(Action.Read)) + { + Assert.fail("Should have thrown AccessDenied Exception"); + } + } + catch (final AccessDeniedException e) + { + if (securityEvaluator.evaluate(Action.Read)) + { + Assert.fail(String + .format("Should not have thrown AccessDenied Exception: %s - %s", + e, e.getTriple())); + } + } + } + + @Test + public void testRemove() + { + final Set<Action> perms = SecurityEvaluator.Util.asSet(new Action[] { + Action.Update, Action.Delete }); + final Statement s = baseModel.listStatements().next(); + try + { + getSecuredContainer().remove(s); + if (!securityEvaluator.evaluate(perms)) + { + Assert.fail("Should have thrown AccessDenied Exception"); + } + } + catch (final AccessDeniedException e) + { + if (securityEvaluator.evaluate(perms)) + { + Assert.fail(String + .format("Should not have thrown AccessDenied Exception: %s - %s", + e, e.getTriple())); + } + } + + } + +}
http://git-wip-us.apache.org/repos/asf/jena/blob/c4b0113d/jena-permissions/src/test/java/org/apache/jena/permissions/model/SecuredLiteralTest.java ---------------------------------------------------------------------- diff --git a/jena-permissions/src/test/java/org/apache/jena/permissions/model/SecuredLiteralTest.java b/jena-permissions/src/test/java/org/apache/jena/permissions/model/SecuredLiteralTest.java new file mode 100644 index 0000000..446bdc4 --- /dev/null +++ b/jena-permissions/src/test/java/org/apache/jena/permissions/model/SecuredLiteralTest.java @@ -0,0 +1,469 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package org.apache.jena.permissions.model; + +import org.apache.jena.datatypes.DatatypeFormatException ; +import org.apache.jena.permissions.AccessDeniedException; +import org.apache.jena.permissions.MockSecurityEvaluator; +import org.apache.jena.permissions.SecurityEvaluatorParameters; +import org.apache.jena.permissions.SecurityEvaluator.Action; +import org.apache.jena.permissions.model.SecuredLiteral; +import org.apache.jena.permissions.model.impl.SecuredLiteralImpl; +import org.apache.jena.rdf.model.Literal ; +import org.apache.jena.rdf.model.ResourceFactory ; +import org.apache.jena.rdf.model.ResourceRequiredException ; +import org.apache.jena.shared.BadBooleanException ; +import org.apache.jena.shared.BadCharLiteralException ; +import org.junit.Assert ; +import org.junit.Before ; +import org.junit.Test ; +import org.junit.runner.RunWith ; + +@RunWith( value = SecurityEvaluatorParameters.class ) +public class SecuredLiteralTest extends SecuredRDFNodeTest +{ + + public SecuredLiteralTest( final MockSecurityEvaluator securityEvaluator ) + { + super(securityEvaluator); + } + + private SecuredLiteral getSecuredLiteral() + { + return (SecuredLiteral) getSecuredRDFNode(); + } + + @Test + public void sameValueAs() + { + try + { + getSecuredLiteral().sameValueAs( + ResourceFactory.createPlainLiteral("Junk")); + if (!securityEvaluator.evaluate(Action.Read)) + { + Assert.fail("Should have thrown AccessDenied Exception"); + } + } + catch (final AccessDeniedException e) + { + if (securityEvaluator.evaluate(Action.Read)) + { + Assert.fail(String + .format("Should not have thrown AccessDenied Exception: %s - %s", + e, e.getTriple())); + } + } + } + + @Override + @Before + public void setup() + { + super.setup(); + Literal l = ResourceFactory.createTypedLiteral("literal"); + setSecuredRDFNode(SecuredLiteralImpl.getInstance(securedModel, l), l); + } + + @Test + public void testAsLiteral() + { + getSecuredLiteral().asLiteral(); + } + + @Test + public void testAsResource() + { + try + { + getSecuredLiteral().asResource(); + Assert.fail("Should have thrown ResoruceRequiredException"); + } + catch (final ResourceRequiredException e) + { + // expected + } + } + + @Test + public void testGetBoolean() + { + try + { + getSecuredLiteral().getBoolean(); + if (!securityEvaluator.evaluate(Action.Read)) + { + Assert.fail("Should have thrown AccessDenied Exception"); + } + } + catch (final AccessDeniedException e) + { + if (securityEvaluator.evaluate(Action.Read)) + { + Assert.fail(String + .format("Should not have thrown AccessDenied Exception: %s - %s", + e, e.getTriple())); + } + } + catch (final DatatypeFormatException | BadBooleanException e ) + { + // expected + } + } + + @Test + public void testGetByte() + { + try + { + getSecuredLiteral().getByte(); + if (!securityEvaluator.evaluate(Action.Read)) + { + Assert.fail("Should have thrown AccessDenied Exception"); + } + } + catch (final AccessDeniedException e) + { + if (securityEvaluator.evaluate(Action.Read)) + { + Assert.fail(String + .format("Should not have thrown AccessDenied Exception: %s - %s", + e, e.getTriple())); + } + } + catch (final DatatypeFormatException | NumberFormatException e ) + { + // expected + } + } + + @Test + public void testGetChar() + { + try + { + getSecuredLiteral().getChar(); + if (!securityEvaluator.evaluate(Action.Read)) + { + Assert.fail("Should have thrown AccessDenied Exception"); + } + } + catch (final AccessDeniedException e) + { + if (securityEvaluator.evaluate(Action.Read)) + { + Assert.fail(String + .format("Should not have thrown AccessDenied Exception: %s - %s", + e, e.getTriple())); + } + } + catch (final DatatypeFormatException | BadCharLiteralException e ) + { + // expected + } + } + + @Test + public void testGetDatatype() + { + try + { + getSecuredLiteral().getDatatype(); + if (!securityEvaluator.evaluate(Action.Read)) + { + Assert.fail("Should have thrown AccessDenied Exception"); + } + } + catch (final AccessDeniedException e) + { + if (securityEvaluator.evaluate(Action.Read)) + { + Assert.fail(String + .format("Should not have thrown AccessDenied Exception: %s - %s", + e, e.getTriple())); + } + } + } + + @Test + public void testGetDatatypeURI() + { + try + { + getSecuredLiteral().getDatatypeURI(); + if (!securityEvaluator.evaluate(Action.Read)) + { + Assert.fail("Should have thrown AccessDenied Exception"); + } + } + catch (final AccessDeniedException e) + { + if (securityEvaluator.evaluate(Action.Read)) + { + Assert.fail(String + .format("Should not have thrown AccessDenied Exception: %s - %s", + e, e.getTriple())); + } + } + } + + @Test + public void testGetDouble() + { + try + { + getSecuredLiteral().getDouble(); + if (!securityEvaluator.evaluate(Action.Read)) + { + Assert.fail("Should have thrown AccessDenied Exception"); + } + } + catch (final AccessDeniedException e) + { + if (securityEvaluator.evaluate(Action.Read)) + { + Assert.fail(String + .format("Should not have thrown AccessDenied Exception: %s - %s", + e, e.getTriple())); + } + } + catch (final DatatypeFormatException | NumberFormatException e ) + { + // expected + } + + } + + @Test + public void testGetFloat() + { + try + { + getSecuredLiteral().getFloat(); + if (!securityEvaluator.evaluate(Action.Read)) + { + Assert.fail("Should have thrown AccessDenied Exception"); + } + } + catch (final AccessDeniedException e) + { + if (securityEvaluator.evaluate(Action.Read)) + { + Assert.fail(String + .format("Should not have thrown AccessDenied Exception: %s - %s", + e, e.getTriple())); + } + } + catch (final DatatypeFormatException | NumberFormatException e ) + { + // expected + } + } + + @Test + public void testGetInt() + { + try + { + getSecuredLiteral().getInt(); + if (!securityEvaluator.evaluate(Action.Read)) + { + Assert.fail("Should have thrown AccessDenied Exception"); + } + } + catch (final AccessDeniedException e) + { + if (securityEvaluator.evaluate(Action.Read)) + { + Assert.fail(String + .format("Should not have thrown AccessDenied Exception: %s - %s", + e, e.getTriple())); + } + } + catch (final DatatypeFormatException | NumberFormatException e ) + { + // expected + } + } + + @Test + public void testGetLanguage() + { + try + { + getSecuredLiteral().getLanguage(); + if (!securityEvaluator.evaluate(Action.Read)) + { + Assert.fail("Should have thrown AccessDenied Exception"); + } + } + catch (final AccessDeniedException e) + { + if (securityEvaluator.evaluate(Action.Read)) + { + Assert.fail(String + .format("Should not have thrown AccessDenied Exception: %s - %s", + e, e.getTriple())); + } + } + } + + @Test + public void testGetLexicalForm() + { + try + { + getSecuredLiteral().getLexicalForm(); + if (!securityEvaluator.evaluate(Action.Read)) + { + Assert.fail("Should have thrown AccessDenied Exception"); + } + } + catch (final AccessDeniedException e) + { + if (securityEvaluator.evaluate(Action.Read)) + { + Assert.fail(String + .format("Should not have thrown AccessDenied Exception: %s - %s", + e, e.getTriple())); + } + } + } + + @Test + public void testGetLong() + { + try + { + getSecuredLiteral().getLong(); + if (!securityEvaluator.evaluate(Action.Read)) + { + Assert.fail("Should have thrown AccessDenied Exception"); + } + } + catch (final AccessDeniedException e) + { + if (securityEvaluator.evaluate(Action.Read)) + { + Assert.fail(String + .format("Should not have thrown AccessDenied Exception: %s - %s", + e, e.getTriple())); + } + } + catch (final DatatypeFormatException | NumberFormatException e ) + { + // expected + } + } + + @Test + public void testGetShort() + { + try + { + getSecuredLiteral().getShort(); + if (!securityEvaluator.evaluate(Action.Read)) + { + Assert.fail("Should have thrown AccessDenied Exception"); + } + } + catch (final AccessDeniedException e) + { + if (securityEvaluator.evaluate(Action.Read)) + { + Assert.fail(String + .format("Should not have thrown AccessDenied Exception: %s - %s", + e, e.getTriple())); + } + } + catch (final DatatypeFormatException | NumberFormatException e ) + { + // expected + } + } + + @Test + public void testGetString() + { + try + { + getSecuredLiteral().getString(); + if (!securityEvaluator.evaluate(Action.Read)) + { + Assert.fail("Should have thrown AccessDenied Exception"); + } + } + catch (final AccessDeniedException e) + { + if (securityEvaluator.evaluate(Action.Read)) + { + Assert.fail(String + .format("Should not have thrown AccessDenied Exception: %s - %s", + e, e.getTriple())); + } + } + catch (final DatatypeFormatException | NumberFormatException e ) + { + // expected + } + } + + @Test + public void testGetValue() + { + try + { + getSecuredLiteral().getValue(); + if (!securityEvaluator.evaluate(Action.Read)) + { + Assert.fail("Should have thrown AccessDenied Exception"); + } + } + catch (final AccessDeniedException e) + { + if (securityEvaluator.evaluate(Action.Read)) + { + Assert.fail(String + .format("Should not have thrown AccessDenied Exception: %s - %s", + e, e.getTriple())); + } + } + } + + @Test + public void testIsWellFormedXML() + { + try + { + getSecuredLiteral().isWellFormedXML(); + if (!securityEvaluator.evaluate(Action.Read)) + { + Assert.fail("Should have thrown AccessDenied Exception"); + } + } + catch (final AccessDeniedException e) + { + if (securityEvaluator.evaluate(Action.Read)) + { + Assert.fail(String + .format("Should not have thrown AccessDenied Exception: %s - %s", + e, e.getTriple())); + } + } + } +} http://git-wip-us.apache.org/repos/asf/jena/blob/c4b0113d/jena-permissions/src/test/java/org/apache/jena/permissions/model/SecuredModelDetailTest.java ---------------------------------------------------------------------- diff --git a/jena-permissions/src/test/java/org/apache/jena/permissions/model/SecuredModelDetailTest.java b/jena-permissions/src/test/java/org/apache/jena/permissions/model/SecuredModelDetailTest.java new file mode 100644 index 0000000..28b33ba --- /dev/null +++ b/jena-permissions/src/test/java/org/apache/jena/permissions/model/SecuredModelDetailTest.java @@ -0,0 +1,335 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package org.apache.jena.permissions.model; + +import java.net.URL; +import java.security.Principal; +import java.util.Set; + +import org.apache.http.auth.BasicUserPrincipal; +import org.apache.jena.graph.NodeFactory ; +import org.apache.jena.permissions.Factory; +import org.apache.jena.permissions.SecurityEvaluator; +import org.apache.jena.permissions.model.SecuredModel; +import org.apache.jena.rdf.model.* ; +import org.apache.jena.vocabulary.RDF ; +import org.junit.Assert; +import org.junit.Before; +import org.junit.Test; + +/** + * Tests secured model functions against graph where only partial data is + * available to the user. + * + */ +public class SecuredModelDetailTest { + + private static String NS_FMT = "http://example.com/%s";; + private Model baseModel; + private SecuredModel securedModel; + private DetailEvaluator secEval; + private Property pTo = ResourceFactory.createProperty("http://example.com/to";); + private Property pFrom = ResourceFactory + .createProperty( "http://example.com/from";); + + @Before + public void setup() + { + baseModel = ModelFactory.createDefaultModel(); + baseModel.removeAll(); + URL url = SecuredModelDetailTest.class.getClassLoader().getResource( "org/apache/jena/permissions/model/detail.ttl"); + baseModel.read( url.toExternalForm() ); + secEval = new DetailEvaluator( baseModel ); + securedModel = Factory.getInstance(secEval, + "http://example.com/detailModelTest";, baseModel); + } + + + @Test + public void testContains() + { + secEval.setPrincipal("darla"); + /* darla can only add values to msg4 + ex:msg4 rdf:type ex:msg; + ex:to "darla" ; + ex:from "bob" ; + ex:subj "bob to darla 1" + */ + + Resource s = ResourceFactory.createResource( String.format( NS_FMT, "msg3") ); + Assert.assertTrue( "should contain msg3", baseModel.contains( s, null )); + Assert.assertFalse( "should not see msg3", securedModel.contains( s, null )); + Assert.assertTrue( "Sould contain a resource msg3", baseModel.containsResource( s)); + Assert.assertFalse( "Should not contain a resource msg3'", securedModel.containsResource( s) ); + + s = ResourceFactory.createResource( String.format( NS_FMT, "msg4") ); + Assert.assertTrue( "should contain msg4", baseModel.contains( s, null )); + Assert.assertTrue( "should see msg4", securedModel.contains( s, null )); + Assert.assertTrue( "Sould contain a resource msg4", baseModel.containsResource( s)); + Assert.assertTrue( "Should contain a resource msg4'", securedModel.containsResource( s) ); + + Assert.assertTrue( "Sould contain a to 'bob'", baseModel.contains( null, pTo, "bob")); + Assert.assertFalse( "Should not see to 'bob'", securedModel.contains( null, pTo, "bob") ); + + Assert.assertTrue( "Sould contain a from 'bob'", baseModel.contains( null, pFrom, "bob")); + Assert.assertTrue( "Should see from 'bob'", securedModel.contains( null, pFrom, "bob") ); + + } + + @Test + public void testListObjects() + { + secEval.setPrincipal("darla"); + /* darla can only add values to msg4 + ex:msg4 rdf:type ex:msg; + ex:to "darla" ; + ex:from "bob" ; + ex:subj "bob to darla 1" + */ + + Assert.assertTrue( baseModel.listObjects().toList().size() > 4); + Assert.assertEquals( 4, securedModel.listObjects().toList().size()); + + Assert.assertTrue( baseModel.listObjectsOfProperty( pFrom ).toList().size() > 1); + Assert.assertEquals( 1, securedModel.listObjectsOfProperty( pFrom ).toList().size()); + + Resource s = ResourceFactory.createResource( String.format( NS_FMT, "msg3")); + Assert.assertEquals( 1, baseModel.listObjectsOfProperty( s, pFrom).toList().size()); + Assert.assertEquals( 0, securedModel.listObjectsOfProperty( s, pFrom ).toList().size()); + + s = ResourceFactory.createResource( String.format( NS_FMT, "msg4")); + Assert.assertEquals( 1, baseModel.listObjectsOfProperty( s, pFrom).toList().size()); + Assert.assertEquals( 1, securedModel.listObjectsOfProperty( s, pFrom ).toList().size()); + } + + @Test + public void testListResources() { + secEval.setPrincipal("darla"); + /* darla can only add values to msg4 + ex:msg4 rdf:type ex:msg; + ex:to "darla" ; + ex:from "bob" ; + ex:subj "bob to darla 1" + */ + Assert.assertEquals( 5, baseModel.listResourcesWithProperty( pFrom ).toList().size()); + Assert.assertEquals( 1, securedModel.listResourcesWithProperty( pFrom ).toList().size()); + + RDFNode o = ResourceFactory.createPlainLiteral("bob"); + Assert.assertEquals( 3, baseModel.listResourcesWithProperty( pFrom, o ).toList().size()); + Assert.assertEquals( 1, securedModel.listResourcesWithProperty( pFrom, o ).toList().size()); + Assert.assertEquals( 1, baseModel.listResourcesWithProperty( pTo, o ).toList().size()); + Assert.assertEquals( 0, securedModel.listResourcesWithProperty( pTo, o ).toList().size()); + + Assert.assertEquals( 4, baseModel.listResourcesWithProperty( null, o ).toList().size()); + Assert.assertEquals( 1, securedModel.listResourcesWithProperty( null, o ).toList().size()); + + o = ResourceFactory.createPlainLiteral("alice"); + Assert.assertEquals( 4, baseModel.listResourcesWithProperty( null, o ).toList().size()); + Assert.assertEquals( 0, securedModel.listResourcesWithProperty( null, o ).toList().size()); + } + + @Test + public void testListStatements() + { + secEval.setPrincipal("darla"); + /* darla can only add values to msg4 + ex:msg4 rdf:type ex:msg; + ex:to "darla" ; + ex:from "bob" ; + ex:subj "bob to darla 1" + */ + Assert.assertEquals( 20, baseModel.listStatements().toList().size()); + Assert.assertEquals( 4, securedModel.listStatements().toList().size()); + + RDFNode o = ResourceFactory.createPlainLiteral("bob"); + Assert.assertEquals( 1, baseModel.listStatements( null, pTo, o).toList().size()); + Assert.assertEquals( 0, securedModel.listStatements( null, pTo, o).toList().size()); + Assert.assertEquals( 3, baseModel.listStatements( null, pFrom, o).toList().size()); + Assert.assertEquals( 1, securedModel.listStatements( null, pFrom, o).toList().size()); + + Resource s = ResourceFactory.createResource( String.format( NS_FMT, "msg3")); + Assert.assertEquals( 4, baseModel.listStatements( s, null, (RDFNode)null).toList().size()); + Assert.assertEquals( 0, securedModel.listStatements( s, null, (RDFNode)null).toList().size()); + + Assert.assertEquals( 1, baseModel.listStatements( s, pTo, (RDFNode)null).toList().size()); + Assert.assertEquals( 0, securedModel.listStatements( s, pTo, (RDFNode)null).toList().size()); + + Assert.assertEquals( 0, baseModel.listStatements( s, pTo, o).toList().size()); + Assert.assertEquals( 0, securedModel.listStatements( s, pTo, o).toList().size()); + o = ResourceFactory.createPlainLiteral("chuck"); + Assert.assertEquals( 1, baseModel.listStatements( s, pTo, o).toList().size()); + Assert.assertEquals( 0, securedModel.listStatements( s, pTo, o).toList().size()); + + + s = ResourceFactory.createResource( String.format( NS_FMT, "msg4")); + Assert.assertEquals( 4, baseModel.listStatements( s, null, (RDFNode)null).toList().size()); + Assert.assertEquals( 4, securedModel.listStatements( s, null, (RDFNode)null).toList().size()); + + Assert.assertEquals( 1, baseModel.listStatements( s, pTo, (RDFNode)null).toList().size()); + Assert.assertEquals( 1, securedModel.listStatements( s, pTo, (RDFNode)null).toList().size()); + + Assert.assertEquals( 0, baseModel.listStatements( s, pTo, o).toList().size()); + Assert.assertEquals( 0, securedModel.listStatements( s, pTo, o).toList().size()); + o = ResourceFactory.createPlainLiteral("darla"); + Assert.assertEquals( 1, baseModel.listStatements( s, pTo, o).toList().size()); + Assert.assertEquals( 1, securedModel.listStatements( s, pTo, o).toList().size()); + } + + @Test + public void testListSubjects() + { + secEval.setPrincipal("darla"); + /* darla can only add values to msg4 + ex:msg4 rdf:type ex:msg; + ex:to "darla" ; + ex:from "bob" ; + ex:subj "bob to darla 1" + */ + Assert.assertEquals( 5, baseModel.listSubjects().toList().size()); + Assert.assertEquals( 1, securedModel.listSubjects().toList().size()); + + Assert.assertEquals( 5, baseModel.listSubjectsWithProperty( pTo ).toList().size()); + Assert.assertEquals( 1, securedModel.listSubjectsWithProperty( pTo ).toList().size()); + + RDFNode o = ResourceFactory.createPlainLiteral("darla"); + Assert.assertEquals( 1, baseModel.listSubjectsWithProperty( pTo, o ).toList().size()); + Assert.assertEquals( 1, securedModel.listSubjectsWithProperty( pTo, o ).toList().size()); + + o = ResourceFactory.createPlainLiteral("bob"); + Assert.assertEquals( 1, baseModel.listSubjectsWithProperty( pTo, o ).toList().size()); + Assert.assertEquals( 0, securedModel.listSubjectsWithProperty( pTo, o ).toList().size()); + + Assert.assertEquals( 4, baseModel.listSubjectsWithProperty( null, o ).toList().size()); + Assert.assertEquals( 1, securedModel.listSubjectsWithProperty( null, o ).toList().size()); + + } + + /** + * An example evaluator that only provides access ot messages in the graph that + * are from or to the principal. + * + */ + private class DetailEvaluator implements SecurityEvaluator { + + private Principal principal; + private Model model; + private RDFNode msgType = ResourceFactory.createResource( "http://example.com/msg"; ); + private Property pTo = ResourceFactory.createProperty( "http://example.com/to"; ); + private Property pFrom = ResourceFactory.createProperty( "http://example.com/from"; ); + + /** + * + * @param model The graph we are going to evaluate against. + */ + public DetailEvaluator( Model model ) + { + this.model = model; + } + + @Override + public boolean evaluate(Object principal, Action action, SecNode graphIRI) { + // we allow any action on a graph. + return true; + } + + private boolean evaluate( Resource r ) + { + // a message is only available to sender or recipient + if (r.hasProperty( RDF.type, msgType )) + { + return r.hasProperty( pTo, ((Principal)principal).getName() ) || + r.hasProperty( pFrom, ((Principal)principal).getName()); + } + return true; + } + + private boolean evaluate( SecNode node ) + { + if (node.equals( SecNode.ANY )) { + return false; // all wild cards are false + } + + if (node.getType().equals( SecNode.Type.URI)) { + Resource r = model.createResource( node.getValue() ); + return evaluate( r ); + } + else if (node.getType().equals( SecNode.Type.Anonymous)) { + Resource r = model.getRDFNode( NodeFactory.createAnon( new AnonId( node.getValue()) ) ).asResource(); + return evaluate( r ); + } + else + { + return true; + } + + } + + private boolean evaluate( SecTriple triple ) { + return evaluate( triple.getSubject()) && + evaluate( triple.getObject()) && + evaluate( triple.getPredicate()); + } + + @Override + public boolean evaluate(Object principal, Action action, SecNode graphIRI, SecTriple triple) { + return evaluate( triple ); + } + + @Override + public boolean evaluate(Object principal, Set<Action> actions, SecNode graphIRI) { + return true; + } + + @Override + public boolean evaluate(Object principal, Set<Action> actions, SecNode graphIRI, + SecTriple triple) { + return evaluate( triple ); + } + + @Override + public boolean evaluateAny(Object principal, Set<Action> actions, SecNode graphIRI) { + return true; + } + + @Override + public boolean evaluateAny(Object principal, Set<Action> actions, SecNode graphIRI, + SecTriple triple) { + return evaluate( triple ); + } + + @Override + public boolean evaluateUpdate(Object principal, SecNode graphIRI, SecTriple from, SecTriple to) { + return evaluate( from ) && evaluate( to ); + } + + public void setPrincipal( String userName ) + { + if (userName == null) + { + principal = null; + } + principal = new BasicUserPrincipal( userName ); + } + @Override + public Principal getPrincipal() { + return principal; + } + + } + +} http://git-wip-us.apache.org/repos/asf/jena/blob/c4b0113d/jena-permissions/src/test/java/org/apache/jena/permissions/model/SecuredModelTest.java ---------------------------------------------------------------------- diff --git a/jena-permissions/src/test/java/org/apache/jena/permissions/model/SecuredModelTest.java b/jena-permissions/src/test/java/org/apache/jena/permissions/model/SecuredModelTest.java new file mode 100644 index 0000000..6280a33 --- /dev/null +++ b/jena-permissions/src/test/java/org/apache/jena/permissions/model/SecuredModelTest.java @@ -0,0 +1,2035 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package org.apache.jena.permissions.model; + +import java.io.* ; +import java.net.URL ; +import java.util.ArrayList ; +import java.util.List ; +import java.util.Set ; + +import org.apache.jena.datatypes.xsd.XSDDatatype ; +import org.apache.jena.graph.Graph ; +import org.apache.jena.graph.NodeFactory ; +import org.apache.jena.graph.Triple ; +import org.apache.jena.permissions.*; +import org.apache.jena.permissions.SecurityEvaluator.Action; +import org.apache.jena.permissions.graph.SecuredGraph; +import org.apache.jena.permissions.graph.SecuredPrefixMappingTest; +import org.apache.jena.permissions.model.SecuredModel; +import org.apache.jena.rdf.model.* ; +import org.junit.Assert ; +import org.junit.Before ; +import org.junit.Test ; +import org.junit.runner.RunWith ; + +@RunWith( value = SecurityEvaluatorParameters.class ) +public class SecuredModelTest +{ + protected final MockSecurityEvaluator securityEvaluator; + protected SecuredModel securedModel; + protected Model baseModel; + protected Resource s; + protected Property p; + protected Resource o; + + public SecuredModelTest( final MockSecurityEvaluator securityEvaluator ) + { + this.securityEvaluator = securityEvaluator; + } + + /** + * create an unsecured securedModel. + * + * @return + */ + protected Model createModel() + { + return ModelFactory.createDefaultModel(); + } + + @Before + public void setup() + { + baseModel = createModel(); + baseModel.removeAll(); + securedModel = Factory.getInstance(securityEvaluator, + "http://example.com/securedGraph";, baseModel); + s = ResourceFactory.createResource("http://example.com/graph/s";); + p = ResourceFactory.createProperty("http://example.com/graph/p";); + o = ResourceFactory.createResource("http://example.com/graph/o";); + baseModel.add(s, p, o); + } + + @Test + public void testAdd() throws Exception + { + final List<Statement> stmt = baseModel.listStatements().toList(); + final Set<Action> createAndUpdate = SecurityEvaluator.Util + .asSet(new Action[] { Action.Update, Action.Create }); + try + { + securedModel.add(stmt); + if (!securityEvaluator.evaluate(createAndUpdate)) + { + Assert.fail("Should have thrown AccessDenied Exception"); + } + } + catch (final AccessDeniedException e) + { + if (securityEvaluator.evaluate(createAndUpdate)) + { + Assert.fail(String + .format("Should not have thrown AccessDenied Exception: %s - %s", + e, e.getTriple())); + } + } + try + { + securedModel.add(baseModel); + if (!securityEvaluator.evaluate(createAndUpdate)) + { + Assert.fail("Should have thrown AccessDenied Exception"); + } + } + catch (final AccessDeniedException e) + { + if (securityEvaluator.evaluate(createAndUpdate)) + { + Assert.fail(String + .format("Should not have thrown AccessDenied Exception: %s - %s", + e, e.getTriple())); + } + } + try + { + securedModel.add(stmt.get(0)); + if (!securityEvaluator.evaluate(createAndUpdate)) + { + Assert.fail("Should have thrown AccessDenied Exception"); + } + } + catch (final AccessDeniedException e) + { + if (securityEvaluator.evaluate(createAndUpdate)) + { + Assert.fail(String + .format("Should not have thrown AccessDenied Exception: %s - %s", + e, e.getTriple())); + } + } + try + { + + securedModel.add(stmt.toArray(new Statement[stmt.size()])); + if (!securityEvaluator.evaluate(createAndUpdate)) + { + Assert.fail("Should have thrown AccessDenied Exception"); + } + } + catch (final AccessDeniedException e) + { + if (securityEvaluator.evaluate(createAndUpdate)) + { + Assert.fail(String + .format("Should not have thrown AccessDenied Exception: %s - %s", + e, e.getTriple())); + } + } + try + { + securedModel.add(baseModel.listStatements()); + if (!securityEvaluator.evaluate(createAndUpdate)) + { + Assert.fail("Should have thrown AccessDenied Exception"); + } + } + catch (final AccessDeniedException e) + { + if (securityEvaluator.evaluate(createAndUpdate)) + { + Assert.fail(String + .format("Should not have thrown AccessDenied Exception: %s - %s", + e, e.getTriple())); + } + } + try + { + securedModel.add(baseModel); + if (!securityEvaluator.evaluate(createAndUpdate)) + { + Assert.fail("Should have thrown AccessDenied Exception"); + } + } + catch (final AccessDeniedException e) + { + if (securityEvaluator.evaluate(createAndUpdate)) + { + Assert.fail(String + .format("Should not have thrown AccessDenied Exception: %s - %s", + e, e.getTriple())); + } + } + try + { + securedModel.add(s, p, o); + if (!securityEvaluator.evaluate(createAndUpdate)) + { + Assert.fail("Should have thrown AccessDenied Exception"); + } + } + catch (final AccessDeniedException e) + { + if (securityEvaluator.evaluate(createAndUpdate)) + { + Assert.fail(String + .format("Should not have thrown AccessDenied Exception: %s - %s", + e, e.getTriple())); + } + } + try + { + securedModel.add(s, p, "foo"); + if (!securityEvaluator.evaluate(createAndUpdate)) + { + Assert.fail("Should have thrown AccessDenied Exception"); + } + } + catch (final AccessDeniedException e) + { + if (securityEvaluator.evaluate(createAndUpdate)) + { + Assert.fail(String + .format("Should not have thrown AccessDenied Exception: %s - %s", + e, e.getTriple())); + } + } + try + { + securedModel.add(s, p, "foo", false); + if (!securityEvaluator.evaluate(createAndUpdate)) + { + Assert.fail("Should have thrown AccessDenied Exception"); + } + } + catch (final AccessDeniedException e) + { + if (securityEvaluator.evaluate(createAndUpdate)) + { + Assert.fail(String + .format("Should not have thrown AccessDenied Exception: %s - %s", + e, e.getTriple())); + } + } + try + { + securedModel.add(s, p, "foo", XSDDatatype.XSDstring); + if (!securityEvaluator.evaluate(createAndUpdate)) + { + Assert.fail("Should have thrown AccessDenied Exception"); + } + } + catch (final AccessDeniedException e) + { + if (securityEvaluator.evaluate(createAndUpdate)) + { + Assert.fail(String + .format("Should not have thrown AccessDenied Exception: %s - %s", + e, e.getTriple())); + } + } + try + { + securedModel.add(s, p, "foo", "en"); + if (!securityEvaluator.evaluate(createAndUpdate)) + { + Assert.fail("Should have thrown AccessDenied Exception"); + } + } + catch (final AccessDeniedException e) + { + if (securityEvaluator.evaluate(createAndUpdate)) + { + Assert.fail(String + .format("Should not have thrown AccessDenied Exception: %s - %s", + e, e.getTriple())); + } + } + + } + + @Test + public void testAnonymousInModel() + { + // test anonymous + final RDFNode rdfNode = ResourceFactory.createResource(); + final RDFNode rdfNode2 = rdfNode.inModel(securedModel); + Assert.assertEquals( + "Should have placed RDFNode in secured securedModel", + securedModel, rdfNode2.getModel()); + } + + @Test + public void testAsRDFNode() throws Exception + { + securedModel.asRDFNode(NodeFactory.createURI("http://example.com/rdfNode";)); + } + + @Test + public void testAsStatement() + { + final Triple t = new Triple(s.asNode(), p.asNode(), o.asNode()); + try + { + securedModel.asStatement(t); + if (!securityEvaluator.evaluate(Action.Read)) + { + Assert.fail("Should have thrown AccessDenied Exception"); + } + } + catch (final AccessDeniedException e) + { + if (securityEvaluator.evaluate(Action.Read)) + { + Assert.fail(String + .format("Should not have thrown AccessDenied Exception: %s - %s", + e, e.getTriple())); + } + } + } + + @Test + public void testContains() throws Exception + { + final Statement stmt = baseModel.listStatements().next(); + try + { + securedModel.contains(stmt); + if (!securityEvaluator.evaluate(Action.Read)) + { + Assert.fail("Should have thrown AccessDenied Exception"); + } + } + catch (final AccessDeniedException e) + { + if (securityEvaluator.evaluate(Action.Read)) + { + Assert.fail(String + .format("Should not have thrown AccessDenied Exception: %s - %s", + e, e.getTriple())); + } + } + + try + { + securedModel.contains(s, p); + if (!securityEvaluator.evaluate(Action.Read)) + { + Assert.fail("Should have thrown AccessDenied Exception"); + } + } + catch (final AccessDeniedException e) + { + if (securityEvaluator.evaluate(Action.Read)) + { + Assert.fail(String + .format("Should not have thrown AccessDenied Exception: %s - %s", + e, e.getTriple())); + } + } + try + { + securedModel.contains(s, p, o); + if (!securityEvaluator.evaluate(Action.Read)) + { + Assert.fail("Should have thrown AccessDenied Exception"); + } + } + catch (final AccessDeniedException e) + { + if (securityEvaluator.evaluate(Action.Read)) + { + Assert.fail(String + .format("Should not have thrown AccessDenied Exception: %s - %s", + e, e.getTriple())); + } + } + try + { + securedModel.contains(s, p, "foo"); + if (!securityEvaluator.evaluate(Action.Read)) + { + Assert.fail("Should have thrown AccessDenied Exception"); + } + } + catch (final AccessDeniedException e) + { + if (securityEvaluator.evaluate(Action.Read)) + { + Assert.fail(String + .format("Should not have thrown AccessDenied Exception: %s - %s", + e, e.getTriple())); + } + } + try + { + securedModel.contains(s, p, "foo", "en"); + if (!securityEvaluator.evaluate(Action.Read)) + { + Assert.fail("Should have thrown AccessDenied Exception"); + } + } + catch (final AccessDeniedException e) + { + if (securityEvaluator.evaluate(Action.Read)) + { + Assert.fail(String + .format("Should not have thrown AccessDenied Exception: %s - %s", + e, e.getTriple())); + } + } + + } + + @Test + public void testContainsAll() throws Exception + { + try + { + securedModel.containsAll(baseModel); + if (!securityEvaluator.evaluate(Action.Read)) + { + Assert.fail("Should have thrown AccessDenied Exception"); + } + } + catch (final AccessDeniedException e) + { + if (securityEvaluator.evaluate(Action.Read)) + { + Assert.fail(String + .format("Should not have thrown AccessDenied Exception: %s - %s", + e, e.getTriple())); + } + } + try + { + securedModel.containsAll(baseModel.listStatements()); + if (!securityEvaluator.evaluate(Action.Read)) + { + Assert.fail("Should have thrown AccessDenied Exception"); + } + } + catch (final AccessDeniedException e) + { + if (securityEvaluator.evaluate(Action.Read)) + { + Assert.fail(String + .format("Should not have thrown AccessDenied Exception: %s - %s", + e, e.getTriple())); + } + } + } + + @Test + public void testCreateAlt() throws Exception + { + final Set<Action> CU = SecurityEvaluator.Util.asSet(new Action[] { + Action.Create, Action.Update }); + try + { + securedModel.createAlt(); + if (!securityEvaluator.evaluate(CU)) + { + Assert.fail("Should have thrown AccessDenied Exception"); + } + } + catch (final AccessDeniedException e) + { + if (securityEvaluator.evaluate(CU)) + { + Assert.fail(String + .format("Should not have thrown AccessDenied Exception: %s - %s", + e, e.getTriple())); + } + } + try + { + securedModel.createAlt("foo"); + if (!securityEvaluator.evaluate(CU)) + { + Assert.fail("Should have thrown AccessDenied Exception"); + } + } + catch (final AccessDeniedException e) + { + if (securityEvaluator.evaluate(CU)) + { + Assert.fail(String + .format("Should not have thrown AccessDenied Exception: %s - %s", + e, e.getTriple())); + } + } + } + + @Test + public void testCreateBag() throws Exception + { + final Set<Action> CU = SecurityEvaluator.Util.asSet(new Action[] { + Action.Create, Action.Update }); + try + { + securedModel.createBag(); + if (!securityEvaluator.evaluate(CU)) + { + Assert.fail("Should have thrown AccessDenied Exception"); + } + } + catch (final AccessDeniedException e) + { + if (securityEvaluator.evaluate(CU)) + { + Assert.fail(String + .format("Should not have thrown AccessDenied Exception: %s - %s", + e, e.getTriple())); + } + } + try + { + securedModel.createBag("foo"); + if (!securityEvaluator.evaluate(CU)) + { + Assert.fail("Should have thrown AccessDenied Exception"); + } + } + catch (final AccessDeniedException e) + { + if (securityEvaluator.evaluate(CU)) + { + Assert.fail(String + .format("Should not have thrown AccessDenied Exception: %s - %s", + e, e.getTriple())); + } + } + } + + @Test + public void testCreateList() throws Exception + { + final Set<Action> CU = SecurityEvaluator.Util.asSet(new Action[] { + Action.Update, Action.Create }); + + final List<RDFNode> nodeList = new ArrayList<RDFNode>(); + try + { + securedModel.createList(); + if (!securityEvaluator.evaluate(Action.Update)) + { + Assert.fail("Should have thrown AccessDenied Exception"); + } + } + catch (final AccessDeniedException e) + { + if (securityEvaluator.evaluate(Action.Update)) + { + Assert.fail(String + .format("Should not have thrown AccessDenied Exception: %s - %s", + e, e.getTriple())); + } + } + baseModel.removeAll(); + + try + { + securedModel.createList(nodeList.iterator()); + if (!securityEvaluator.evaluate(CU)) + { + Assert.fail("Should have thrown AccessDenied Exception"); + } + } + catch (final AccessDeniedException e) + { + if (securityEvaluator.evaluate(CU)) + { + Assert.fail(String + .format("Should not have thrown AccessDenied Exception: %s - %s", + e, e.getTriple())); + } + } + baseModel.removeAll(); + + try + { + final RDFNode[] list = new RDFNode[] { + ResourceFactory.createResource(), + ResourceFactory.createResource(), + ResourceFactory.createResource(), + ResourceFactory.createResource(), }; + + securedModel.createList(list); + if (!securityEvaluator.evaluate(CU)) + { + Assert.fail("Should have thrown AccessDenied Exception"); + } + } + catch (final AccessDeniedException e) + { + if (securityEvaluator.evaluate(CU)) + { + Assert.fail(String + .format("Should not have thrown AccessDenied Exception: %s - %s", + e, e.getTriple())); + } + } + baseModel.removeAll(); + + } + + @Test + public void testCreateLiteral() throws Exception + { + securedModel.createLiteral("foo"); + securedModel.createLiteral("foo", false); + } + + @Test + public void testCreateLiteralBoolean() throws Exception + { + final Set<Action> CU = SecurityEvaluator.Util.asSet(new Action[] { + Action.Create, Action.Update }); + + try + { + securedModel.createLiteralStatement(s, p, true); + if (!securityEvaluator.evaluate(CU)) + { + Assert.fail("Should have thrown AccessDenied Exception"); + } + } + catch (final AccessDeniedException e) + { + if (securityEvaluator.evaluate(CU)) + { + Assert.fail(String + .format("Should not have thrown AccessDenied Exception: %s - %s", + e, e.getTriple())); + } + } + } + + @Test + public void testCreateLiteralChar() throws Exception + { + final Set<Action> CU = SecurityEvaluator.Util.asSet(new Action[] { + Action.Create, Action.Update }); + try + { + securedModel.createLiteralStatement(s, p, 'a'); + if (!securityEvaluator.evaluate(CU)) + { + Assert.fail("Should have thrown AccessDenied Exception"); + } + } + catch (final AccessDeniedException e) + { + if (securityEvaluator.evaluate(CU)) + { + Assert.fail(String + .format("Should not have thrown AccessDenied Exception: %s - %s", + e, e.getTriple())); + } + } + } + + @Test + public void testCreateLiteralDouble() throws Exception + { + final Set<Action> CU = SecurityEvaluator.Util.asSet(new Action[] { + Action.Create, Action.Update }); + + try + { + securedModel.createLiteralStatement(s, p, 1.0d); + if (!securityEvaluator.evaluate(CU)) + { + Assert.fail("Should have thrown AccessDenied Exception"); + } + } + catch (final AccessDeniedException e) + { + if (securityEvaluator.evaluate(CU)) + { + Assert.fail(String + .format("Should not have thrown AccessDenied Exception: %s - %s", + e, e.getTriple())); + } + } + } + + @Test + public void testCreateLiteralFloat() throws Exception + { + final Set<Action> CU = SecurityEvaluator.Util.asSet(new Action[] { + Action.Create, Action.Update }); + + try + { + securedModel.createLiteralStatement(s, p, 1.0f); + if (!securityEvaluator.evaluate(CU)) + { + Assert.fail("Should have thrown AccessDenied Exception"); + } + } + catch (final AccessDeniedException e) + { + if (securityEvaluator.evaluate(CU)) + { + Assert.fail(String + .format("Should not have thrown AccessDenied Exception: %s - %s", + e, e.getTriple())); + } + } + } + + @Test + public void testCreateLiteralInt() throws Exception + { + final Set<Action> CU = SecurityEvaluator.Util.asSet(new Action[] { + Action.Create, Action.Update }); + + try + { + securedModel.createLiteralStatement(s, p, 1); + if (!securityEvaluator.evaluate(CU)) + { + Assert.fail("Should have thrown AccessDenied Exception"); + } + } + catch (final AccessDeniedException e) + { + if (securityEvaluator.evaluate(CU)) + { + Assert.fail(String + .format("Should not have thrown AccessDenied Exception: %s - %s", + e, e.getTriple())); + } + } + + } + + @Test + public void testCreateLiteralLong() throws Exception + { + final Set<Action> CU = SecurityEvaluator.Util.asSet(new Action[] { + Action.Create, Action.Update }); + + try + { + securedModel.createLiteralStatement(s, p, 1L); + if (!securityEvaluator.evaluate(CU)) + { + Assert.fail("Should have thrown AccessDenied Exception"); + } + } + catch (final AccessDeniedException e) + { + if (securityEvaluator.evaluate(CU)) + { + Assert.fail(String + .format("Should not have thrown AccessDenied Exception: %s - %s", + e, e.getTriple())); + } + } + } + + @Test + public void testCreateLiteralObject() throws Exception + { + final Set<Action> CU = SecurityEvaluator.Util.asSet(new Action[] { + Action.Create, Action.Update }); + + try + { + securedModel.createLiteralStatement(s, p, new URL( "http://example.com/testing/URIType";)); + if (!securityEvaluator.evaluate(CU)) + { + Assert.fail("Should have thrown AccessDenied Exception"); + } + } + catch (final AccessDeniedException e) + { + if (securityEvaluator.evaluate(CU)) + { + e.printStackTrace(); + Assert.fail(String + .format("Should not have thrown AccessDenied Exception: %s - %s", + e, e.getTriple())); + } + } + } + + @Test + public void testDifference() throws Exception + { + try + { + securedModel.difference(baseModel); + if (!securityEvaluator.evaluate(Action.Read)) + { + Assert.fail("Should have thrown AccessDenied Exception"); + } + } + catch (final AccessDeniedException e) + { + if (securityEvaluator.evaluate(Action.Read)) + { + Assert.fail(String + .format("Should not have thrown AccessDenied Exception: %s - %s", + e, e.getTriple())); + } + } + } + + @Test + public void testEquals() throws Exception + { + securedModel.equals(baseModel); + baseModel.equals(securedModel); + } + + @Test + public void testExpandPrefix() throws Exception + { + try + { + securedModel.expandPrefix("foo"); + if (!securityEvaluator.evaluate(Action.Read)) + { + Assert.fail("Should have thrown AccessDenied Exception"); + } + } + catch (final AccessDeniedException e) + { + if (securityEvaluator.evaluate(Action.Read)) + { + Assert.fail(String + .format("Should not have thrown AccessDenied Exception: %s - %s", + e, e.getTriple())); + } + } + } + + @Test + public void testGetAlt() throws Exception + { + final Resource a = baseModel + .createAlt("http://example.com/securedModel/alt";); + try + { + + securedModel.getAlt(a); + if (!securityEvaluator.evaluate(Action.Read)) + { + Assert.fail("Should have thrown AccessDenied Exception"); + } + } + catch (final AccessDeniedException e) + { + if (securityEvaluator.evaluate(Action.Read)) + { + Assert.fail(String + .format("Should not have thrown AccessDenied Exception: %s - %s", + e, e.getTriple())); + } + } + + try + { + securedModel.getAlt("http://example.com/securedModel/alt";); + if (!securityEvaluator.evaluate(Action.Read)) + { + Assert.fail("Should have thrown AccessDenied Exception"); + } + } + catch (final AccessDeniedException e) + { + if (securityEvaluator.evaluate(Action.Read)) + { + Assert.fail(String + .format("Should not have thrown AccessDenied Exception: %s - %s", + e, e.getTriple())); + } + } + } + + @Test + public void testGetAnyReifiedStmt() + { + // first with create. + final Set<Action> UCR = SecurityEvaluator.Util.asSet(new Action[] { + Action.Update, Action.Create, Action.Read }); + try + { + securedModel.getAnyReifiedStatement(baseModel.listStatements() + .next()); + if (!securityEvaluator.evaluate(UCR)) + { + Assert.fail("Should have thrown AccessDenied Exception"); + } + } + catch (final AccessDeniedException e) + { + if (securityEvaluator.evaluate(UCR)) + { + e.printStackTrace(); + Assert.fail(String + .format("Should not have thrown AccessDenied Exception: %s - %s", + e, e.getTriple())); + } + } + + final Statement st = baseModel.listStatements().next(); + baseModel.createReifiedStatement(st); + // now it is there so try with read + try + { + securedModel.getAnyReifiedStatement(st); + if (!securityEvaluator.evaluate(Action.Read)) + { + Assert.fail("Should have thrown AccessDenied Exception"); + } + } + catch (final AccessDeniedException e) + { + if (securityEvaluator.evaluate(Action.Read)) + { + Assert.fail(String + .format("Should not have thrown AccessDenied Exception: %s - %s", + e, e.getTriple())); + } + } + } + + @Test + public void testGetBag() + { + final Resource b = baseModel + .createBag("http://example.com/securedModel/bag";); + try + { + securedModel.getBag(b); + if (!securityEvaluator.evaluate(Action.Read)) + { + Assert.fail("Should have thrown AccessDenied Exception"); + } + } + catch (final AccessDeniedException e) + { + if (securityEvaluator.evaluate(Action.Read)) + { + Assert.fail(String + .format("Should not have thrown AccessDenied Exception: %s - %s", + e, e.getTriple())); + } + } + + try + { + securedModel.getBag("http://example.com/securedModel/bag";); + if (!securityEvaluator.evaluate(Action.Read)) + { + Assert.fail("Should have thrown AccessDenied Exception"); + } + } + catch (final AccessDeniedException e) + { + if (securityEvaluator.evaluate(Action.Read)) + { + Assert.fail(String + .format("Should not have thrown AccessDenied Exception: %s - %s", + e, e.getTriple())); + } + } + } + + @Test + public void testGetGraph() throws Exception + { + final Graph g = securedModel.getGraph(); + Assert.assertTrue(g instanceof SecuredGraph); + EqualityTester.testInequality("getGraph test", g, baseModel.getGraph()); + } + + @Test + public void testGetLock() + { + securedModel.getLock(); + } + + @Test + public void testGetProperty() + { + + try + { + securedModel.getProperty("foo"); + if (!securityEvaluator.evaluate(Action.Read)) + { + Assert.fail("Should have thrown AccessDenied Exception"); + } + } + catch (final AccessDeniedException e) + { + if (securityEvaluator.evaluate(Action.Read)) + { + Assert.fail(String + .format("Should not have thrown AccessDenied Exception: %s - %s", + e, e.getTriple())); + } + } + try + { + securedModel.getProperty(s, p); + if (!securityEvaluator.evaluate(Action.Read)) + { + Assert.fail("Should have thrown AccessDenied Exception"); + } + } + catch (final AccessDeniedException e) + { + if (securityEvaluator.evaluate(Action.Read)) + { + Assert.fail(String + .format("Should not have thrown AccessDenied Exception: %s - %s", + e, e.getTriple())); + } + } + try + { + securedModel.getProperty("fooNS", "foo"); + if (!securityEvaluator.evaluate(Action.Read)) + { + Assert.fail("Should have thrown AccessDenied Exception"); + } + } + catch (final AccessDeniedException e) + { + if (securityEvaluator.evaluate(Action.Read)) + { + Assert.fail(String + .format("Should not have thrown AccessDenied Exception: %s - %s", + e, e.getTriple())); + } + } + } + + @Test + public void testGetQNameFor() throws Exception + { + try + { + securedModel.qnameFor("foo"); + if (!securityEvaluator.evaluate(Action.Read)) + { + Assert.fail("Should have thrown AccessDenied Exception"); + } + } + catch (final AccessDeniedException e) + { + if (securityEvaluator.evaluate(Action.Read)) + { + Assert.fail(String + .format("Should not have thrown AccessDenied Exception: %s - %s", + e, e.getTriple())); + } + } + } + + @Test + public void testgetRDFNode() + { + + try + { + securedModel.getRDFNode(NodeFactory.createURI("foo")); + if (!securityEvaluator.evaluate(Action.Update)) + { + Assert.fail("Should have thrown AccessDenied Exception"); + } + } + catch (final AccessDeniedException e) + { + if (securityEvaluator.evaluate(Action.Update)) + { + Assert.fail(String + .format("Should not have thrown AccessDenied Exception: %s - %s", + e, e.getTriple())); + } + } + } + + @Test + public void testGetReader() + { + securedModel.getReader(); + securedModel.getReader("TURTLE"); + } + + @Test + public void testGetResource() + { + securedModel.getResource("foo"); + } + + @Test + public void testGetSeq() + { + final Resource s = baseModel + .createSeq("http://example.com/securedModel/seq";); + try + { + securedModel.getSeq(s); + if (!securityEvaluator.evaluate(Action.Read)) + { + Assert.fail("Should have thrown AccessDenied Exception"); + } + } + catch (final AccessDeniedException e) + { + if (securityEvaluator.evaluate(Action.Read)) + { + Assert.fail(String + .format("Should not have thrown AccessDenied Exception: %s - %s", + e, e.getTriple())); + } + } + try + { + securedModel.getSeq("http://example.com/securedModel/seq";); + if (!securityEvaluator.evaluate(Action.Read)) + { + Assert.fail("Should have thrown AccessDenied Exception"); + } + } + catch (final AccessDeniedException e) + { + if (securityEvaluator.evaluate(Action.Read)) + { + Assert.fail(String + .format("Should not have thrown AccessDenied Exception: %s - %s", + e, e.getTriple())); + } + } + } + + @Test + public void testGetWriter() + { + securedModel.getWriter(); + securedModel.getWriter("TURTLE"); + } + + @Test + public void testIndependent() throws Exception + { + Assert.assertFalse(securedModel.independent()); + } + + @Test + public void testIntersection() throws Exception + { + try + { + securedModel.intersection(baseModel); + if (!securityEvaluator.evaluate(Action.Read)) + { + Assert.fail("Should have thrown AccessDenied Exception"); + } + } + catch (final AccessDeniedException e) + { + if (securityEvaluator.evaluate(Action.Read)) + { + Assert.fail(String + .format("Should not have thrown AccessDenied Exception: %s - %s", + e, e.getTriple())); + } + } + } + + @Test + public void testIsClosed() throws Exception + { + securedModel.isClosed(); + } + + @Test + public void testIsEmpty() throws Exception + { + try + { + securedModel.isEmpty(); + if (!securityEvaluator.evaluate(Action.Read)) + { + Assert.fail("Should have thrown AccessDenied Exception"); + } + } + catch (final AccessDeniedException e) + { + if (securityEvaluator.evaluate(Action.Read)) + { + Assert.fail(String + .format("Should not have thrown AccessDenied Exception: %s - %s", + e, e.getTriple())); + } + } + } + + @Test + public void testIsIsomorphicWith() + { + try + { + securedModel.isIsomorphicWith(baseModel); + if (!securityEvaluator.evaluate(Action.Read)) + { + Assert.fail("Should have thrown AccessDenied Exception"); + } + } + catch (final AccessDeniedException e) + { + if (securityEvaluator.evaluate(Action.Read)) + { + Assert.fail(String + .format("Should not have thrown AccessDenied Exception: %s - %s", + e, e.getTriple())); + } + } + + try + { + baseModel.isIsomorphicWith(securedModel); + if (!securityEvaluator.evaluate(Action.Read)) + { + Assert.fail("Should have thrown AccessDenied Exception"); + } + } + catch (final AccessDeniedException e) + { + if (securityEvaluator.evaluate(Action.Read)) + { + Assert.fail(String + .format("Should not have thrown AccessDenied Exception: %s - %s", + e, e.getTriple())); + } + } + } + + @Test + public void testIsReified() + { + try + { + securedModel.isReified(baseModel.listStatements().next()); + if (!securityEvaluator.evaluate(Action.Read)) + { + Assert.fail("Should have thrown AccessDenied Exception"); + } + } + catch (final AccessDeniedException e) + { + if (securityEvaluator.evaluate(Action.Read)) + { + Assert.fail(String + .format("Should not have thrown AccessDenied Exception: %s - %s", + e, e.getTriple())); + } + } + + } + + @Test + public void testListLiteralStatements() throws Exception + { + try + { + securedModel.listLiteralStatements(s, p, true); + if (!securityEvaluator.evaluate(Action.Read)) + { + Assert.fail("Should have thrown AccessDenied Exception"); + } + } + catch (final AccessDeniedException e) + { + if (securityEvaluator.evaluate(Action.Read)) + { + Assert.fail(String + .format("Should not have thrown AccessDenied Exception: %s - %s", + e, e.getTriple())); + } + } + try + { + securedModel.listLiteralStatements(s, p, '0'); + if (!securityEvaluator.evaluate(Action.Read)) + { + Assert.fail("Should have thrown AccessDenied Exception"); + } + } + catch (final AccessDeniedException e) + { + if (securityEvaluator.evaluate(Action.Read)) + { + Assert.fail(String + .format("Should not have thrown AccessDenied Exception: %s - %s", + e, e.getTriple())); + } + } + try + { + securedModel.listLiteralStatements(s, p, 2.0d); + if (!securityEvaluator.evaluate(Action.Read)) + { + Assert.fail("Should have thrown AccessDenied Exception"); + } + } + catch (final AccessDeniedException e) + { + if (securityEvaluator.evaluate(Action.Read)) + { + Assert.fail(String + .format("Should not have thrown AccessDenied Exception: %s - %s", + e, e.getTriple())); + } + } + try + { + securedModel.listLiteralStatements(s, p, 2.0f); + if (!securityEvaluator.evaluate(Action.Read)) + { + Assert.fail("Should have thrown AccessDenied Exception"); + } + } + catch (final AccessDeniedException e) + { + if (securityEvaluator.evaluate(Action.Read)) + { + Assert.fail(String + .format("Should not have thrown AccessDenied Exception: %s - %s", + e, e.getTriple())); + } + } + try + { + securedModel.listLiteralStatements(s, p, 1); + if (!securityEvaluator.evaluate(Action.Read)) + { + Assert.fail("Should have thrown AccessDenied Exception"); + } + } + catch (final AccessDeniedException e) + { + if (securityEvaluator.evaluate(Action.Read)) + { + Assert.fail(String + .format("Should not have thrown AccessDenied Exception: %s - %s", + e, e.getTriple())); + } + } + } + + @Test + public void testLock() throws Exception + { + try + { + securedModel.lock(); + if (!securityEvaluator.evaluate(Action.Update)) + { + Assert.fail("Should have thrown AccessDenied Exception"); + } + } + catch (final AccessDeniedException e) + { + if (securityEvaluator.evaluate(Action.Update)) + { + Assert.fail(String + .format("Should not have thrown AccessDenied Exception: %s - %s", + e, e.getTriple())); + } + } + } + + @Test + public void testPrefixMapping() throws Exception + { + SecuredPrefixMappingTest.runTests(securityEvaluator, securedModel); + } + + @Test + public void testQuery() throws Exception + { + final Selector s = new SimpleSelector(); + try + { + securedModel.query(s); + if (!securityEvaluator.evaluate(Action.Read)) + { + Assert.fail("Should have thrown AccessDenied Exception"); + } + } + catch (final AccessDeniedException e) + { + if (securityEvaluator.evaluate(Action.Read)) + { + Assert.fail(String + .format("Should not have thrown AccessDenied Exception: %s - %s", + e, e.getTriple())); + } + } + } + + @Test + public void testRDFNodeInModel() + { + // test uri + final RDFNode rdfNode = ResourceFactory + .createResource("http://exmple.com/testInModel";); + final RDFNode rdfNode2 = rdfNode.inModel(securedModel); + Assert.assertEquals( + "Should have placed RDFNode in secured securedModel", + securedModel, rdfNode2.getModel()); + } + + @Test + public void testReadEmpty() throws Exception + { + final Set<Action> createAndUpdate = SecurityEvaluator.Util + .asSet(new Action[] { Action.Update, Action.Create }); + + final String XML_INPUT = "<rdf:RDF" + + " xmlns:rdf='http://www.w3.org/1999/02/22-rdf-syntax-ns#' " + + " xmlns:rt='http://example.com/readTest#' " + + " xmlns:j.0='http://example.com/readTest#3' > " + + " <rdf:Description rdf:about='http://example.com/readTest#1'> " + + " <rdf:type rdf:resource='http://example.com/readTest#3'/>" + + " </rdf:Description>" + "</rdf:RDF>"; + final String TTL_INPUT = "@prefix rt: <http://example.com/readTest#> . rt:1 a rt:3 ."; + final String base = "http://example.com/test";; + final String lang = "TURTLE"; + try + { + final URL url = SecuredModelTest.class.getResource("./test.xml"); + securedModel.read(url.toString()); + if (!securityEvaluator.evaluate(createAndUpdate)) + { + Assert.fail("Should have thrown AccessDenied Exception"); + } + } + catch (final AccessDeniedException e) + { + if (securityEvaluator.evaluate(createAndUpdate)) + { + Assert.fail(String + .format("Should not have thrown AccessDenied Exception: %s - %s", + e, e.getTriple())); + } + } + finally + { + baseModel.removeAll(); + } + + try + { + final InputStream in = new ByteArrayInputStream( + XML_INPUT.getBytes()); + securedModel.read(in, base); + if (!securityEvaluator.evaluate(createAndUpdate)) + { + Assert.fail("Should have thrown AccessDenied Exception"); + } + } + catch (final AccessDeniedException e) + { + if (securityEvaluator.evaluate(createAndUpdate)) + { + Assert.fail(String + .format("Should not have thrown AccessDenied Exception: %s - %s", + e, e.getTriple())); + } + } + finally + { + baseModel.removeAll(); + } + + try + { + final Reader reader = new StringReader(XML_INPUT); + securedModel.read(reader, base); + if (!securityEvaluator.evaluate(createAndUpdate)) + { + Assert.fail("Should have thrown AccessDenied Exception"); + } + } + catch (final AccessDeniedException e) + { + if (securityEvaluator.evaluate(createAndUpdate)) + { + Assert.fail(String + .format("Should not have thrown AccessDenied Exception: %s - %s", + e, e.getTriple())); + } + } + finally + { + baseModel.removeAll(); + } + + try + { + final URL url = SecuredModelTest.class.getResource("./test.ttl"); + securedModel.read(url.toString(), lang); + if (!securityEvaluator.evaluate(createAndUpdate)) + { + Assert.fail("Should have thrown AccessDenied Exception"); + } + } + catch (final AccessDeniedException e) + { + if (securityEvaluator.evaluate(createAndUpdate)) + { + Assert.fail(String + .format("Should not have thrown AccessDenied Exception: %s - %s", + e, e.getTriple())); + } + } + finally + { + baseModel.removeAll(); + } + + try + { + final InputStream in = new ByteArrayInputStream( + TTL_INPUT.getBytes()); + securedModel.read(in, base, lang); + if (!securityEvaluator.evaluate(createAndUpdate)) + { + Assert.fail("Should have thrown AccessDenied Exception"); + } + } + catch (final AccessDeniedException e) + { + if (securityEvaluator.evaluate(createAndUpdate)) + { + Assert.fail(String + .format("Should not have thrown AccessDenied Exception: %s - %s", + e, e.getTriple())); + } + } + finally + { + baseModel.removeAll(); + } + + try + { + final Reader reader = new StringReader(TTL_INPUT); + securedModel.read(reader, base, lang); + if (!securityEvaluator.evaluate(createAndUpdate)) + { + Assert.fail("Should have thrown AccessDenied Exception"); + } + } + catch (final AccessDeniedException e) + { + if (securityEvaluator.evaluate(createAndUpdate)) + { + Assert.fail(String + .format("Should not have thrown AccessDenied Exception: %s - %s", + e, e.getTriple())); + } + } + finally + { + baseModel.removeAll(); + } + + try + { + final URL url = SecuredModelTest.class.getResource("./test.ttl"); + securedModel.read(url.toString(), base, lang); + if (!securityEvaluator.evaluate(createAndUpdate)) + { + Assert.fail("Should have thrown AccessDenied Exception"); + } + } + catch (final AccessDeniedException e) + { + if (securityEvaluator.evaluate(createAndUpdate)) + { + Assert.fail(String + .format("Should not have thrown AccessDenied Exception: %s - %s", + e, e.getTriple())); + } + } + finally + { + baseModel.removeAll(); + } + + } + + @Test + public void testRemove() throws Exception + { + final Set<Action> DU = SecurityEvaluator.Util.asSet(new Action[] { + Action.Delete, Action.Update }); + + final List<Statement> stmt = baseModel.listStatements().toList(); + try + { + securedModel.remove(baseModel.listStatements().toList()); + if (!securityEvaluator.evaluate(DU)) + { + Assert.fail("Should have thrown AccessDenied Exception"); + } + } + catch (final AccessDeniedException e) + { + if (securityEvaluator.evaluate(DU)) + { + Assert.fail(String + .format("Should not have thrown AccessDenied Exception: %s - %s", + e, e.getTriple())); + } + } + + try + { + securedModel.remove(baseModel); + if (!securityEvaluator.evaluate(DU)) + { + Assert.fail("Should have thrown AccessDenied Exception"); + } + } + catch (final AccessDeniedException e) + { + if (securityEvaluator.evaluate(DU)) + { + Assert.fail(String + .format("Should not have thrown AccessDenied Exception: %s - %s", + e, e.getTriple())); + } + } + try + { + securedModel.remove(stmt.get(0)); + if (!securityEvaluator.evaluate(DU)) + { + Assert.fail("Should have thrown AccessDenied Exception"); + } + } + catch (final AccessDeniedException e) + { + if (securityEvaluator.evaluate(DU)) + { + Assert.fail(String + .format("Should not have thrown AccessDenied Exception: %s - %s", + e, e.getTriple())); + } + } + + try + { + securedModel.remove(stmt.toArray(new Statement[stmt.size()])); + if (!securityEvaluator.evaluate(DU)) + { + Assert.fail("Should have thrown AccessDenied Exception"); + } + } + catch (final AccessDeniedException e) + { + if (securityEvaluator.evaluate(DU)) + { + Assert.fail(String + .format("Should not have thrown AccessDenied Exception: %s - %s", + e, e.getTriple())); + } + } + + try + { + securedModel.remove(baseModel.listStatements()); + if (!securityEvaluator.evaluate(DU)) + { + Assert.fail("Should have thrown AccessDenied Exception"); + } + } + catch (final AccessDeniedException e) + { + if (securityEvaluator.evaluate(DU)) + { + Assert.fail(String + .format("Should not have thrown AccessDenied Exception: %s - %s", + e, e.getTriple())); + } + } + + try + { + securedModel.remove(baseModel); + if (!securityEvaluator.evaluate(DU)) + { + Assert.fail("Should have thrown AccessDenied Exception"); + } + } + catch (final AccessDeniedException e) + { + if (securityEvaluator.evaluate(DU)) + { + Assert.fail(String + .format("Should not have thrown AccessDenied Exception: %s - %s", + e, e.getTriple())); + } + } + + try + { + securedModel.remove(s, p, o); + if (!securityEvaluator.evaluate(DU)) + { + Assert.fail("Should have thrown AccessDenied Exception"); + } + } + catch (final AccessDeniedException e) + { + if (securityEvaluator.evaluate(DU)) + { + Assert.fail(String + .format("Should not have thrown AccessDenied Exception: %s - %s", + e, e.getTriple())); + } + } + + } + + @Test + public void testRemoveAll() throws Exception + { + final Set<Action> DU = SecurityEvaluator.Util.asSet(new Action[] { + Action.Delete, Action.Update }); + + try + { + securedModel.removeAll(); + if (!securityEvaluator.evaluate(DU)) + { + Assert.fail("Should have thrown AccessDenied Exception"); + } + } + catch (final AccessDeniedException e) + { + if (securityEvaluator.evaluate(DU)) + { + Assert.fail(String + .format("Should not have thrown AccessDenied Exception: %s - %s", + e, e.getTriple())); + } + } + + // put some data back + baseModel.add(s, p, o); + try + { + securedModel.removeAll(s, p, o); + if (!securityEvaluator.evaluate(DU)) + { + Assert.fail("Should have thrown AccessDenied Exception"); + } + } + catch (final AccessDeniedException e) + { + if (securityEvaluator.evaluate(DU)) + { + Assert.fail(String + .format("Should not have thrown AccessDenied Exception: %s - %s", + e, e.getTriple())); + } + } + } + + @Test + public void testRemoveAllReifications() + { + final Set<Action> DU = SecurityEvaluator.Util.asSet(new Action[] { + Action.Delete, Action.Update }); + + final List<Statement> stmt = baseModel.listStatements().toList(); + baseModel.createReifiedStatement(stmt.get(0)); + + try + { + securedModel.removeAllReifications(stmt.get(0)); + if (!securityEvaluator.evaluate(DU)) + { + Assert.fail("Should have thrown AccessDenied Exception"); + } + } + catch (final AccessDeniedException e) + { + if (securityEvaluator.evaluate(DU)) + { + Assert.fail(String + .format("Should not have thrown AccessDenied Exception: %s - %s", + e, e.getTriple())); + } + } + } + + @Test + public void testRequiredProperty() + { + + try + { + securedModel.getRequiredProperty(s, p); + if (!securityEvaluator.evaluate(Action.Read)) + { + Assert.fail("Should have thrown AccessDenied Exception"); + } + } + catch (final AccessDeniedException e) + { + if (securityEvaluator.evaluate(Action.Read)) + { + Assert.fail(String + .format("Should not have thrown AccessDenied Exception: %s - %s", + e, e.getTriple())); + } + } + } + + @Test + public void testSize() throws Exception + { + try + { + securedModel.size(); + if (!securityEvaluator.evaluate(Action.Read)) + { + Assert.fail("Should have thrown AccessDenied Exception"); + } + } + catch (final AccessDeniedException e) + { + if (securityEvaluator.evaluate(Action.Read)) + { + Assert.fail(String + .format("Should not have thrown AccessDenied Exception: %s - %s", + e, e.getTriple())); + } + } + } + + @Test + public void testUnion() throws Exception + { + try + { + securedModel.union(baseModel); + if (!securityEvaluator.evaluate(Action.Read)) + { + Assert.fail("Should have thrown AccessDenied Exception"); + } + } + catch (final AccessDeniedException e) + { + if (securityEvaluator.evaluate(Action.Read)) + { + Assert.fail(String + .format("Should not have thrown AccessDenied Exception: %s - %s", + e, e.getTriple())); + } + } + + try + { + baseModel.union(securedModel); + if (!securityEvaluator.evaluate(Action.Read)) + { + Assert.fail("Should have thrown AccessDenied Exception"); + } + } + catch (final AccessDeniedException e) + { + if (securityEvaluator.evaluate(Action.Read)) + { + Assert.fail(String + .format("Should not have thrown AccessDenied Exception: %s - %s", + e, e.getTriple())); + } + } + } + + @Test + public void testVariableInModel() + { + try + { + final RDFNode rdfNode = ResourceFactory + .createTypedLiteral("yeehaw"); + final RDFNode rdfNode2 = rdfNode.inModel(securedModel); + if (!securityEvaluator.evaluate(Action.Update)) + { + Assert.fail("Should have thrown AccessDenied Exception"); + } + Assert.assertEquals( + "Should have placed RDFNode in secured securedModel", + securedModel, rdfNode2.getModel()); + + } + catch (final AccessDeniedException e) + { + if (securityEvaluator.evaluate(Action.Update)) + { + Assert.fail(String + .format("Should not have thrown AccessDenied Exception: %s - %s", + e, e.getTriple())); + } + } + } + + @Test + public void testWrapAsResource() throws Exception + { + securedModel.wrapAsResource(NodeFactory.createURI("http://example.com/rdfNode";)); + } + + @Test + public void testWrite() throws Exception + { + final OutputStream out = new ByteArrayOutputStream(); + final Writer writer = new CharArrayWriter(); + final String lang = "TURTLE"; + try + { + securedModel.write(out); + if (!securityEvaluator.evaluate(Action.Read)) + { + Assert.fail("Should have thrown AccessDenied Exception"); + } + } + catch (final AccessDeniedException e) + { + if (securityEvaluator.evaluate(Action.Read)) + { + Assert.fail(String + .format("Should not have thrown AccessDenied Exception: %s - %s", + e, e.getTriple())); + } + } + try + { + securedModel.write(writer); + if (!securityEvaluator.evaluate(Action.Read)) + { + Assert.fail("Should have thrown AccessDenied Exception"); + } + } + catch (final AccessDeniedException e) + { + if (securityEvaluator.evaluate(Action.Read)) + { + Assert.fail(String + .format("Should not have thrown AccessDenied Exception: %s - %s", + e, e.getTriple())); + } + } + try + { + securedModel.write(out, lang); + if (!securityEvaluator.evaluate(Action.Read)) + { + Assert.fail("Should have thrown AccessDenied Exception"); + } + } + catch (final AccessDeniedException e) + { + if (securityEvaluator.evaluate(Action.Read)) + { + Assert.fail(String + .format("Should not have thrown AccessDenied Exception: %s - %s", + e, e.getTriple())); + } + } + try + { + securedModel.write(writer, lang); + if (!securityEvaluator.evaluate(Action.Read)) + { + Assert.fail("Should have thrown AccessDenied Exception"); + } + } + catch (final AccessDeniedException e) + { + if (securityEvaluator.evaluate(Action.Read)) + { + Assert.fail(String + .format("Should not have thrown AccessDenied Exception: %s - %s", + e, e.getTriple())); + } + } + try + { + securedModel.write(out, lang, "http://example.com/securedGraph";); + if (!securityEvaluator.evaluate(Action.Read)) + { + Assert.fail("Should have thrown AccessDenied Exception"); + } + } + catch (final AccessDeniedException e) + { + if (securityEvaluator.evaluate(Action.Read)) + { + Assert.fail(String + .format("Should not have thrown AccessDenied Exception: %s - %s", + e, e.getTriple())); + } + } + try + { + securedModel.write(writer, lang, "http://example.com/securedGraph";); + if (!securityEvaluator.evaluate(Action.Read)) + { + Assert.fail("Should have thrown AccessDenied Exception"); + } + } + catch (final AccessDeniedException e) + { + if (securityEvaluator.evaluate(Action.Read)) + { + Assert.fail(String + .format("Should not have thrown AccessDenied Exception: %s - %s", + e, e.getTriple())); + } + } + + } +} \ No newline at end of file
