Apache Jena - Security Permissions 4.10.0
JenaSecurity is a SecurityEvaluator interface and a set of dynamic proxies that apply that interface to Jena Graphs, Models, and associated methods and classes.
The SecurityEvaluator class must be implemented. This class provides
the interface to the authentication results (e.g.
) and the authorization system.
- Create a SecuredGraph by calling
Factory.getInstance( SecurityEvaluator, String, Graph );
- Create a SecuredModel by calling
Factory.getInstance( SecurityEvaluator, String, Model )
- It is not recommended that you use the Jena
ModelFactory.createModelForGraph( SecuredGraph )See Differences Between Graph and Model below for reasons.
- See SecurityEvaluator documentation for description of cascading security checks
- Secured methods are annotated with: @sec.graph for permissions required on the graph to execute the method. @sec.triple for permissions required on the associated triples (if any) to execute the method.
- It is possible to implement a SecurityEvaluator that does not enforce security at the triple level. See SecurityEvaluator documentation for details
The Graph interface does not have the concept of "update". Thus all
updates are implemented as a delete and an insert. The Model interface
does have the concept of update as evidenced by the
method in the
class. This difference means that a
created by calling
ModelFactory.createModelForGraph( SecuredGraph )
will yield a model that evaluates
actions differently from one created with
Factory.getInstance( SecurityEvaluator, modelIRI, model)
- Models created by the Jena ModelFactory will require that the user have both delete and create permissions on the underlying graph to perform the update. And will delete the existing triple before attempting to create the new one. Since the graph interface does not have visibility to the model's request for update these are, to the graph, separate events. It is possible that the delete may succeed while the create fails.
- Models created by the JenaSecurity Factory will require that the user have update permissions on the underlying model to perform the update. As long as the user has the update permission on the graph, and the triple where required, the update is performed as a single event.
This is the well documented case of differences between the two secured
model creation methods. For this reason it is recommended that the
model be created with the