Interface SecurityEvaluator
- All Known Implementing Classes:
CachedSecurityEvaluator
,ExampleEvaluator
,ReadOnlyEval
,ShiroExampleEvaluator
The security evaluator is the link between the graph security system and an external security system. This interface specifies the methods that are required by the graph security system. It is assumed that the implementation will handle tracking the current user and will query some underlying data source to determine what actions the user can and can not take.
All questions of white listing or black listing will be handled in the concrete implementation.
Implementations of this class should probably cache any evaluate calculations as the evaluate methods are called frequently. However, the underlying classes do cache results within a single method check.
- Secured operations
- The security system recognizes and secures each of the CRUD (Create, Read, Update and Delete) operations as represented by the Action enumeration.
- Levels of security
- The security interfaces operates at two (2) levels: graph (or Model) and
triple.
At the the graph level the security evaluator may restrict CRUD access to the graph or model as a whole. When evaluating the restriction, if the user it not permitted to perform the operation on the graph or model access is denied. If the user is permitted any triple restrictions are evaluated.
At the triple level the security evaluator may restrict CRUD access to specific triples. In order to skip potentially expensive triple security checks the system will generally ask if the user is permitted the CRUD action on any triple. This is represented by the SecTriple
(ANY, ANY, ANY)
.- If the system does not support triple level security the system should
always return
true
. - If the system does support triple level
security and is unable to verify that the user can execute the CRUD action
against any arbitrary triple the system should return
false
. - See
Node.ANY
,SecurityEvaluator.FUTURE
, andSecurityEvaluator.VARIABLE
for discussion of specifics of their respective usages.
- If the system does not support triple level security the system should
always return
-
Nested Class Summary
Nested ClassesModifier and TypeInterfaceDescriptionstatic enum
Identifies a specific CRUD actions.static class
A collection of utility functions for the SecurityEvaluator implementations. -
Field Summary
Fields -
Method Summary
Modifier and TypeMethodDescriptiondefault boolean
evaluate
(Object principal, Set<SecurityEvaluator.Action> actions, Node graphIRI) Determine if all actions are allowed on the graph.default boolean
Determine if all the actions are allowed on the triple within the graph.boolean
evaluate
(Object principal, SecurityEvaluator.Action action, Node graphIRI) Determine if the action is allowed on the graph.boolean
evaluate
(Object principal, SecurityEvaluator.Action action, Node graphIRI, Triple triple) Determine if the action is allowed on the triple within the graph.default boolean
evaluateAny
(Object principal, Set<SecurityEvaluator.Action> actions, Node graphIRI) Determine if any of the actions are allowed on the graph.default boolean
evaluateAny
(Object principal, Set<SecurityEvaluator.Action> actions, Node graphIRI, Triple triple) Determine if any of the actions are allowed on the triple within the graph.default boolean
evaluateUpdate
(Object principal, Node graphIRI, Triple from, Triple to) Determine if the user is allowed to update the "from" triple to the "to" triple.returns the current principal or null if there is no current principal.default boolean
Returns true if reads blocked by permissions should throw exceptions.boolean
isPrincipalAuthenticated
(Object principal) Returns true if the principal is recognized as an authenticated principal by the underlying authentication mechanism.
-
Field Details
-
VARIABLE
Indicates a variable in the triple.This differs from
ANY
in that the system is asking if there are any prohibitions not if the user may perform. Thus queries with the VARIABLE type node should returntrue
whereANY
returnsfalse
. In general this type is used in the query to determine if triple level filtering of results must be performed.(VARIABLE, X, Y )
- Asks if there are any prohibitions against the user seeing all subjects that have property X and object Y.
(X, VARIABLE, Y )
- Asks if there are any prohibitions against the user seeing all predicates that have subject X and object Y.
(X, Y, VARIABLE)
- Asks if there are any prohibitions against the user seeing all objects that have subject X and predicate Y.
VARIABLE
may occur multiple times and may occur with theANY
node. -
FUTURE
This is a blank (anonymous) node that will be created in the future.FUTURE is used to check that a blank node may be created in as specific position in a triple.
(FUTURE, X, Y )
- Asks if there the user may create a blank node that has property X and object Y.
(X, Y, FUTURE)
- Asks if there the user may create a blank node that has subject X and property Y.
FUTURE
may occur multiple times and may occur with theANY
node.
-
-
Method Details
-
evaluate
boolean evaluate(Object principal, SecurityEvaluator.Action action, Node graphIRI) throws AuthenticationRequiredException Determine if the action is allowed on the graph.- Parameters:
principal
- The principal that is attempting the action.action
- The action to performgraphIRI
- The IRI of the graph to check- Returns:
- true if the action is allowed, false otherwise.
- Throws:
AuthenticationRequiredException
- if user is not authenticated and is required to be.
-
evaluate
boolean evaluate(Object principal, SecurityEvaluator.Action action, Node graphIRI, Triple triple) throws AuthenticationRequiredException Determine if the action is allowed on the triple within the graph.The evaluation should be performed in the following order:
- If the triple contains a
VARIABLE
then this method must returntrue
if there are any restrictions where the remaining nodes are either constants orANY
nodes. This will force the system to use subsequent checks to verify access by substituting the value of theVARIABLE
s. If the system can not quickly verify the solution it is always acceptable to returntrue
. - Except as specified in the above check, if the triple contains an
ANY
then this method must returnfalse
if there are any restrictions where the remaining nodes are held constant and the ANY node is allowed to vary. This checks is used to avoid subsequent explicit triple checks. If the system can not quickly verify the solution it is always acceptable to returnfalse
. - All other triples are explicit triples and the system must determine if
the user is permitted to perform the action on the triple. If the triple
contains a
FUTURE
node that node should be considered as an anonymous or blank node that is not yet created. It should only be used withCreate
actions and is asking if the user may create a blank node in that position in the triple.
- Parameters:
principal
- The principal that is attempting the action.action
- The action to performgraphIRI
- The IRI of the graph to the action is being taken upon. May beANY
.triple
- The triple to check- Returns:
- true if the action is allowed, false otherwise.
- Throws:
IllegalArgumentException
- if any argument is null.AuthenticationRequiredException
- if user is not authenticated and is required to be.
- If the triple contains a
-
evaluate
default boolean evaluate(Object principal, Set<SecurityEvaluator.Action> actions, Node graphIRI) throws AuthenticationRequiredException Determine if all actions are allowed on the graph.- Parameters:
principal
- The principal that is attempting the action.actions
- The set of actions to performgraphIRI
- The IRI of the graph to the action is being taken upon. May beANY
.- Returns:
- true if all the actions are allowed, false otherwise.
- Throws:
IllegalArgumentException
- if any argument is null.AuthenticationRequiredException
- if user is not authenticated and is required to be.
-
evaluate
default boolean evaluate(Object principal, Set<SecurityEvaluator.Action> actions, Node graphIRI, Triple triple) throws AuthenticationRequiredException Determine if all the actions are allowed on the triple within the graph.See evaluate( Action, Node, Triple ) for discussion of evaluation strategy.
- Parameters:
actions
- The actions to perform.graphIRI
- The IRI of the graph to the action is being taken upon. May beANY
.triple
- The triple to check- Returns:
- true if all the actions are allowed, false otherwise.
- Throws:
IllegalArgumentException
- if any argument is null.AuthenticationRequiredException
- if user is not authenticated and is required to be.
-
evaluateAny
default boolean evaluateAny(Object principal, Set<SecurityEvaluator.Action> actions, Node graphIRI) throws AuthenticationRequiredException Determine if any of the actions are allowed on the graph.- Parameters:
principal
- The principal that is attempting the action.actions
- The actions to performgraphIRI
- The IRI of the graph to the action is being taken upon. May beANY
.- Returns:
- true true if any the actions are allowed, false otherwise.
- Throws:
IllegalArgumentException
- if any argument is null.AuthenticationRequiredException
- if user is not authenticated and is required to be.
-
evaluateAny
default boolean evaluateAny(Object principal, Set<SecurityEvaluator.Action> actions, Node graphIRI, Triple triple) throws AuthenticationRequiredException Determine if any of the actions are allowed on the triple within the graph.See evaluate( Action, Node, Triple ) for discussion of evaluation strategy.
- Parameters:
principal
- The principal that is attempting the action.actions
- The actions to check.graphIRI
- The IRI of the graph to the action is being taken upon. May beANY
.triple
- The triple to check- Returns:
- true if any the actions are allowed, false otherwise.
- Throws:
IllegalArgumentException
- if any argument is null.AuthenticationRequiredException
- if user is not authenticated and is required to be.
-
evaluateUpdate
default boolean evaluateUpdate(Object principal, Node graphIRI, Triple from, Triple to) throws AuthenticationRequiredException Determine if the user is allowed to update the "from" triple to the "to" triple.Update is a special case since it modifies one triple to be another. So the user must have permissions to change the "from" triple into the "to" triple.
- Parameters:
principal
- The principal that is attempting the action.graphIRI
- The IRI of the graph to the action is being taken upon. May beANY
.from
- The triple to be changedto
- The value to change it to.- Returns:
- true if the user may make the change, false otherwise.
- Throws:
IllegalArgumentException
- if any argument is null.AuthenticationRequiredException
- if user is not authenticated and is required to be.
-
getPrincipal
Object getPrincipal()returns the current principal or null if there is no current principal. All security evaluation methods use this method to determine who the call is being executed as. This allows subsystems (like the listener system) to capture the current user and evaluate later calls in terms of that user.- Returns:
- The current principal
-
isPrincipalAuthenticated
Returns true if the principal is recognized as an authenticated principal by the underlying authentication mechanism. This is to handle the case where an authentication mechanism returns a non-null object to indicate a non-authenticated principal. (e.g. Shiro). The principal is guaranteed to have been the return value from an earlier getPrincipal() call.- Parameters:
principal
- The principal to check.- Returns:
- true if authenticated, false if not.
-
isHardReadError
default boolean isHardReadError()Returns true if reads blocked by permissions should throw exceptions. If set false then:- For iterators return empty iterators.
- For existential checks return false.
- For counts return 0.
- Returns:
- true if reads blocked by permissions should throw an exception.
-