Class ShiroExampleEvaluator

  • All Implemented Interfaces:
    SecurityEvaluator

    public class ShiroExampleEvaluator
    extends java.lang.Object
    implements SecurityEvaluator
    Class to use Shiro to provide credentials. An example evaluator that only provides access to messages in the graph that are from or to the principal.
    • Constructor Detail

      • ShiroExampleEvaluator

        public ShiroExampleEvaluator​(Model model)
        Parameters:
        model - The graph we are going to evaluate against.
    • Method Detail

      • evaluate

        public boolean evaluate​(java.lang.Object principal,
                                SecurityEvaluator.Action action,
                                Node graphIRI)
        We allow any action on the graph itself, so this is always true.
        Specified by:
        evaluate in interface SecurityEvaluator
        Parameters:
        principal - The principal that is attempting the action.
        action - The action to perform
        graphIRI - The IRI of the graph to check
        Returns:
        true if the action is allowed, false otherwise.
      • evaluate

        public boolean evaluate​(java.lang.Object principal,
                                SecurityEvaluator.Action action,
                                Node graphIRI,
                                Triple triple)
        As per our design, users can do anything with triples they have access to, so we just ignore the action parameter. If we were to implement rules restricted access based upon action this method would sort those out appropriately.
        Specified by:
        evaluate in interface SecurityEvaluator
        Parameters:
        principal - The principal that is attempting the action.
        action - The action to perform
        graphIRI - The IRI of the graph to the action is being taken upon. May be ANY.
        triple - The triple to check
        Returns:
        true if the action is allowed, false otherwise.
      • evaluate

        public boolean evaluate​(java.lang.Object principal,
                                java.util.Set<SecurityEvaluator.Action> actions,
                                Node graphIRI)
        As per our design, users can access any graph. If we were to implement rules that restricted user access to specific graphs, those checks would be here and we would return false if they were not allowed to access the graph. Note that this method is checking to see that the user may perform ALL the actions in the set on the graph.
        Specified by:
        evaluate in interface SecurityEvaluator
        Parameters:
        principal - The principal that is attempting the action.
        actions - The set of actions to perform
        graphIRI - The IRI of the graph to the action is being taken upon. May be ANY.
        Returns:
        true if all the actions are allowed, false otherwise.
      • evaluate

        public boolean evaluate​(java.lang.Object principal,
                                java.util.Set<SecurityEvaluator.Action> actions,
                                Node graphIRI,
                                Triple triple)
        As per our design, users can access any triple from a message that is from or to them. Since we don't have restrictions on actions this is no different then checking access for a single action.
        Specified by:
        evaluate in interface SecurityEvaluator
        actions - The actions to perform.
        graphIRI - The IRI of the graph to the action is being taken upon. May be ANY.
        triple - The triple to check
        Returns:
        true if all the actions are allowed, false otherwise.
      • evaluateAny

        public boolean evaluateAny​(java.lang.Object principal,
                                   java.util.Set<SecurityEvaluator.Action> actions,
                                   Node graphIRI)
        As per our design, users can access any graph. If we were to implement rules that restricted user access to specific graphs, those checks would be here and we would return false if they were not allowed to access the graph. Note that this method is checking to see that the user may perform ANY of the actions in the set on the graph.
        Specified by:
        evaluateAny in interface SecurityEvaluator
        Parameters:
        principal - The principal that is attempting the action.
        actions - The actions to perform
        graphIRI - The IRI of the graph to the action is being taken upon. May be ANY.
        Returns:
        true true if any the actions are allowed, false otherwise.
      • evaluateAny

        public boolean evaluateAny​(java.lang.Object principal,
                                   java.util.Set<SecurityEvaluator.Action> actions,
                                   Node graphIRI,
                                   Triple triple)
        As per our design, users can access any triple from a message that is from or to them. Since we don't have restrictions on actions this is no different then checking access for a single action.
        Specified by:
        evaluateAny in interface SecurityEvaluator
        Parameters:
        principal - The principal that is attempting the action.
        actions - The actions to check.
        graphIRI - The IRI of the graph to the action is being taken upon. May be ANY.
        triple - The triple to check
        Returns:
        true if any the actions are allowed, false otherwise.
      • evaluateUpdate

        public boolean evaluateUpdate​(java.lang.Object principal,
                                      Node graphIRI,
                                      Triple from,
                                      Triple to)
        As per our design, users can access any triple from a message that is from or to them. So for an update they can only change triples they have access to into other triples they have access to. (e.g. they can not remove themselves from the message).
        Specified by:
        evaluateUpdate in interface SecurityEvaluator
        Parameters:
        principal - The principal that is attempting the action.
        graphIRI - The IRI of the graph to the action is being taken upon. May be ANY.
        from - The triple to be changed
        to - The value to change it to.
        Returns:
        true if the user may make the change, false otherwise.
      • getPrincipal

        public java.lang.Object getPrincipal()
        Return the Shiro subject. This is the subject that Shiro currently has logged in.
        Specified by:
        getPrincipal in interface SecurityEvaluator
        Returns:
        The current principal
      • isPrincipalAuthenticated

        public boolean isPrincipalAuthenticated​(java.lang.Object principal)
        Verify the Shiro subject is authenticated.
        Specified by:
        isPrincipalAuthenticated in interface SecurityEvaluator
        Parameters:
        principal - The principal to check.
        Returns:
        true if authenticated, false if not.