Claude, First off, thanks for your response. I truly appreciate it. I would give an example but the code that I am working with is on my work machine. Your assumption about having a mechanism to retrieve users roles is valid. Your assumption about having a way to attach roles to triples as they go into the triple store is also true. Essentially what happens is I have datasourceA and datasourceB. When data is inserted into the triple store we attach the roles as a reified statement (Apologies for my semantic web vocab but I am still a newbie). So for example we get user address from one datasourceA so we create a triple
subject : http://myApp/username/JoeBlow predicate : pr:userName object : "Joe Blow" Then we take that triple and create a reified statement with roles (ROLEA, ROLEB, ROLEC). I tried what you said which is set "Second the method SecurityEvaluator.evaluate( Action.Read, "urn:graph-name:data-graph", SecTriple.ANY ) will be called. The SecurityEvaluator should return "false" to indicate that that there are restrictions on some triples in the data graph." The part I am struggling with is this portion of your comment. "Finally the method SecurityEvaluator.evaluate( Action.Read, "urn:graph-name:data-graph", <dbr:Ireland, dbo:capital, dbo:Dublin> ) will be called. The evaluator should then look up the rdf:Statement that covers the <dbr:Ireland, dbo:capital, dbo:Dublin> triple, retrieve the roles that have access, compare those with the roles that the user has and if there is an intersection return "true" otherwise return "false"." Inside of the SecurityEvaluator, how do I get to the reifiedstatements role? Question two, if I return false from evaluate(Resource r) <https://github.com/apache/jena/blob/master/jena-security/src/example/org/apache/jena/security/example/ExampleEvaluator.java#L64>, that was returning false for the entire model. So essentially what was happening for me is, if user can't see one triple they can't see any triples. Plus my other question is what is difference between Graph and Model. Ok, thanks so much for your help. On Thu, Jan 1, 2015 at 7:49 PM, Claude Warren <[email protected]> wrote: > Trevor, > > I saw your question on stackoverflow > http://stackoverflow.com/questions/27706124/jena-security-with-reification > and answered it there. I would have answered here first had I seen this > first. > > But it is possible and I provided what I hope is a detailed explanation of > how to do what you want to do. > > Claude > > On Wed, Dec 31, 2014 at 9:56 PM, Trevor Donaldson <[email protected]> > wrote: > > > Hi, > > > > I am currently in the process of upgrading a Semantic Web application > from > > RDB to TDB. Yes it is 2014 and yes I agree that the owners of said app > > should have upgraded a long time ago. With that out of the way I am > asking > > for some help. Currently the original developers of this application > wrote > > a custom assembler to create Adjudicating Graphs which would perform > > statement-level security adjudication. That is all well in good but there > > are multiple references to Reifier which has been removed in version > > 2.11.2, not to mention to follow some of the code you would have to be a > > semantic guru yourself. > > > > I researched and found that Jena Security now exist. It probably didn't > > when these guys first started writing this application. So now my > question, > > hopefully a simple one, how do I use jena security with reification? I > > haven't been able to figure it out and the examples on github aren't > quite > > exactly what I need. So given the following RDF (reified statement) > > > > _:statement rdf:type rdf:Statement . > > _:statement rdf:subject dbr:Ireland . > > _:statement rdf:predicate dbo:capital . > > _:statement rdf:object dbo:Dublin . > > _:statement ex:role "ROLEA", "ROLEB", "ROLEC" . > > > > _:statement rdf:type rdf:Statement . > > _:statement rdf:subject dbr:Canada. > > _:statement rdf:predicate dbo:capital . > > _:statement rdf:object dbo:Ottawa. > > _:statement ex:role "ROLEA" . > > > > > > Case I am trying to solve : > > 1. User A logs in and runs query with ROLEA > > 2. User queries for capitals > > 3. Jena Security filters out the Ireland statement and only returns > Ottawa > > statement because the user is only in ROLEA. The roles are "ands" > > > > I hope this help. I am a semantic web newbie and I am stuck. Thanks in > > advance. > > > > > > -- > I like: Like Like - The likeliest place on the web > <http://like-like.xenei.com> > LinkedIn: http://www.linkedin.com/in/claudewarren >
