org.apache.jena.permissions.example

Class ExampleEvaluator

java.lang.Object

org.apache.jena.permissions.example.ExampleEvaluator

All Implemented Interfaces:

SecurityEvaluator

public class ExampleEvaluator
extends Object
implements SecurityEvaluator

An example evaluator that only provides access to messages in the graph that are from or to the principal.

Nested Class Summary

Nested classes/interfaces inherited from interface org.apache.jena.permissions.SecurityEvaluator

SecurityEvaluator.Action, SecurityEvaluator.Util

Field Summary

Fields inherited from interface org.apache.jena.permissions.SecurityEvaluator

FUTURE, VARIABLE

Constructor Summary

Constructors

Constructor and Description
ExampleEvaluator(Model model)

Method Summary

Modifier and Type	Method and Description
boolean	evaluate(Object principal, SecurityEvaluator.Action action, Node graphIRI) Determine if the action is allowed on the graph.
boolean	evaluate(Object principal, SecurityEvaluator.Action action, Node graphIRI, Triple triple) Determine if the action is allowed on the triple within the graph.
boolean	evaluate(Object principal, Set<SecurityEvaluator.Action> actions, Node graphIRI) Determine if all actions are allowed on the graph.
boolean	evaluate(Object principal, Set<SecurityEvaluator.Action> actions, Node graphIRI, Triple triple) Determine if all the actions are allowed on the triple within the graph.
boolean	evaluateAny(Object principal, Set<SecurityEvaluator.Action> actions, Node graphIRI) Determine if any of the actions are allowed on the graph.
boolean	evaluateAny(Object principal, Set<SecurityEvaluator.Action> actions, Node graphIRI, Triple triple) Determine if any of the actions are allowed on the triple within the graph.
boolean	evaluateUpdate(Object principal, Node graphIRI, Triple from, Triple to) Determine if the user is allowed to update the "from" triple to the "to" triple.
Principal	getPrincipal() returns the current principal or null if there is no current principal.
boolean	isPrincipalAuthenticated(Object principal) Returns true if the principal is recognized as an authenticated principal by the underlying authentication mechanism.
void	setPrincipal(String userName)

Methods inherited from class java.lang.Object

equals, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Detail

ExampleEvaluator

public ExampleEvaluator(Model model)

Parameters:

model - The graph we are going to evaluate against.

Method Detail

evaluate

public boolean evaluate(Object principal,
                        SecurityEvaluator.Action action,
                        Node graphIRI)

Description copied from interface: SecurityEvaluator

Determine if the action is allowed on the graph.

Specified by:

evaluate in interface SecurityEvaluator

Parameters:

principal - The principal that is attempting the action.

action - The action to perform

graphIRI - The IRI of the graph to check

Returns:

true if the action is allowed, false otherwise.

evaluate

public boolean evaluate(Object principal,
                        SecurityEvaluator.Action action,
                        Node graphIRI,
                        Triple triple)

Description copied from interface: SecurityEvaluator

Determine if the action is allowed on the triple within the graph.

The evaluation should be performed in the following order:

1. If the triple contains a VARIABLE then this method must return true if there are any restrictions where the remaining nodes are either constants or ANY nodes. This will force the system to use subsequent checks to verify access by substituting the value of the VARIABLEs. If the system can not quickly verify the solution it is always acceptable to return true.
2. Except as specified in the above check, if the triple contains an ANY then this method must return false if there are any restrictions where the remaining nodes are held constant and the ANY node is allowed to vary. This checks is used to avoid subsequent explicit triple checks. If the system can not quickly verify the solution it is always acceptable to return false.
3. All other triples are explict triples and the system must determine if the user is permitted to perform the action on the triple. If the triple contains a FUTURE node that node should be considered as an anonymous or blank node that is not yet created. It should only be used with Create actions and is asking if the user may create a blank node in that position in the triple.

Specified by:

evaluate in interface SecurityEvaluator

Parameters:

principal - The principal that is attempting the action.

action - The action to perform

graphIRI - The IRI of the graph to the action is being taken upon. May be ANY.

triple - The triple to check

Returns:

true if the action is allowed, false otherwise.

evaluate

public boolean evaluate(Object principal,
                        Set<SecurityEvaluator.Action> actions,
                        Node graphIRI)

Description copied from interface: SecurityEvaluator

Determine if all actions are allowed on the graph.

Specified by:

evaluate in interface SecurityEvaluator

Parameters:

principal - The principal that is attempting the action.

actions - The set of actions to perform

graphIRI - The IRI of the graph to the action is being taken upon. May be ANY.

Returns:

true if all the actions are allowed, false otherwise.

evaluate

public boolean evaluate(Object principal,
                        Set<SecurityEvaluator.Action> actions,
                        Node graphIRI,
                        Triple triple)

Description copied from interface: SecurityEvaluator

Determine if all the actions are allowed on the triple within the graph.

See evaluate( Action, Node, Triple ) for discussion of evaluation strategy.

Specified by:

evaluate in interface SecurityEvaluator

actions - The actions to perform.

graphIRI - The IRI of the graph to the action is being taken upon. May be ANY.

triple - The triple to check

Returns:

true if all the actions are allowed, false otherwise.

evaluateAny

public boolean evaluateAny(Object principal,
                           Set<SecurityEvaluator.Action> actions,
                           Node graphIRI)

Description copied from interface: SecurityEvaluator

Determine if any of the actions are allowed on the graph.

Specified by:

evaluateAny in interface SecurityEvaluator

Parameters:

principal - The principal that is attempting the action.

actions - The actions to perform

graphIRI - The IRI of the graph to the action is being taken upon. May be ANY.

Returns:

true true if any the actions are allowed, false otherwise.

evaluateAny

public boolean evaluateAny(Object principal,
                           Set<SecurityEvaluator.Action> actions,
                           Node graphIRI,
                           Triple triple)

Description copied from interface: SecurityEvaluator

Determine if any of the actions are allowed on the triple within the graph.

See evaluate( Action, Node, Triple ) for discussion of evaluation strategy.

Specified by:

evaluateAny in interface SecurityEvaluator

Parameters:

principal - The principal that is attempting the action.

actions - The actions to check.

graphIRI - The IRI of the graph to the action is being taken upon. May be ANY.

triple - The triple to check

Returns:

true if any the actions are allowed, false otherwise.

evaluateUpdate

public boolean evaluateUpdate(Object principal,
                              Node graphIRI,
                              Triple from,
                              Triple to)

Description copied from interface: SecurityEvaluator

Determine if the user is allowed to update the "from" triple to the "to" triple.

Update is a special case since it modifies one triple to be another. So the user must have permissions to change the "from" triple into the "to" triple.

Specified by:

evaluateUpdate in interface SecurityEvaluator

Parameters:

principal - The principal that is attempting the action.

graphIRI - The IRI of the graph to the action is being taken upon. May be ANY.

from - The triple to be changed

to - The value to change it to.

Returns:

true if the user may make the change, false otherwise.

setPrincipal

public void setPrincipal(String userName)

getPrincipal

public Principal getPrincipal()

Description copied from interface: SecurityEvaluator

returns the current principal or null if there is no current principal. All security evaluation methods use this method to determine who the call is being executed as. This allows subsystems (like the listener system) to capture the current user and evaluate later calls in terms of that user.

Specified by:

getPrincipal in interface SecurityEvaluator

Returns:

The current principal

isPrincipalAuthenticated

public boolean isPrincipalAuthenticated(Object principal)

Description copied from interface: SecurityEvaluator

Returns true if the principal is recognized as an authenticated principal by the underlying authentication mechanism. This is to handle the case where an authentication mechanism returns a non-null object to indicate a non-authenticated principal. (e.g. Shiro). The principal is guaranteed to have been the return value from an earlier getPrincipal() call.

Specified by:

isPrincipalAuthenticated in interface SecurityEvaluator

Parameters:

principal - The principal to check.

Returns:

true if authenticated, false if not.