Package org.apache.jena.permissions.example.readonly

Class ReadOnlyEval

java.lang.Object
org.apache.jena.permissions.example.readonly.ReadOnlyEval
All Implemented Interfaces:
SecurityEvaluator
public class ReadOnlyEval extends Object implements SecurityEvaluator
An example of a security evaluator that creates read-only graphs and models. This evaluator does this by only allowing the Action.READ action, all others are denied.

  • Constructor Details

    • ReadOnlyEval

      public ReadOnlyEval()

  • Method Details

    • evaluate

      public boolean evaluate(Object principal, SecurityEvaluator.Action action, Node graphIRI) throws AuthenticationRequiredException
      Description copied from interface: SecurityEvaluator
      Determine if the action is allowed on the graph.
      Specified by:
      evaluate in interface SecurityEvaluator
      Parameters:
      principal - The principal that is attempting the action.
      action - The action to perform
      graphIRI - The IRI of the graph to check
      Returns:
      true if the action is allowed, false otherwise.
      Throws:
      AuthenticationRequiredException - if user is not authenticated and is required to be.

    • evaluate

      public boolean evaluate(Object principal, SecurityEvaluator.Action action, Node graphIRI, Triple triple) throws AuthenticationRequiredException
      Description copied from interface: SecurityEvaluator
      Determine if the action is allowed on the triple within the graph.

      The evaluation should be performed in the following order:

      1. If the triple contains a VARIABLE then this method must return true if there are any restrictions where the remaining nodes are either constants or ANY nodes. This will force the system to use subsequent checks to verify access by substituting the value of the VARIABLEs. If the system can not quickly verify the solution it is always acceptable to return true.
      2. Except as specified in the above check, if the triple contains an ANY then this method must return false if there are any restrictions where the remaining nodes are held constant and the ANY node is allowed to vary. This checks is used to avoid subsequent explicit triple checks. If the system can not quickly verify the solution it is always acceptable to return false.
      3. All other triples are explicit triples and the system must determine if the user is permitted to perform the action on the triple. If the triple contains a FUTURE node that node should be considered as an anonymous or blank node that is not yet created. It should only be used with Create actions and is asking if the user may create a blank node in that position in the triple.
      Specified by:
      evaluate in interface SecurityEvaluator
      Parameters:
      principal - The principal that is attempting the action.
      action - The action to perform
      graphIRI - The IRI of the graph to the action is being taken upon. May be ANY.
      triple - The triple to check
      Returns:
      true if the action is allowed, false otherwise.
      Throws:
      AuthenticationRequiredException - if user is not authenticated and is required to be.

    • evaluate

      public boolean evaluate(Object principal, Set<SecurityEvaluator.Action> actions, Node graphIRI) throws AuthenticationRequiredException
      Description copied from interface: SecurityEvaluator
      Determine if all actions are allowed on the graph.
      Specified by:
      evaluate in interface SecurityEvaluator
      Parameters:
      principal - The principal that is attempting the action.
      actions - The set of actions to perform
      graphIRI - The IRI of the graph to the action is being taken upon. May be ANY.
      Returns:
      true if all the actions are allowed, false otherwise.
      Throws:
      AuthenticationRequiredException - if user is not authenticated and is required to be.

    • evaluate

      public boolean evaluate(Object principal, Set<SecurityEvaluator.Action> actions, Node graphIRI, Triple triple) throws AuthenticationRequiredException
      Description copied from interface: SecurityEvaluator
      Determine if all the actions are allowed on the triple within the graph.

      See evaluate( Action, Node, Triple ) for discussion of evaluation strategy.

      Specified by:
      evaluate in interface SecurityEvaluator
      actions - The actions to perform.
      graphIRI - The IRI of the graph to the action is being taken upon. May be ANY.
      triple - The triple to check
      Returns:
      true if all the actions are allowed, false otherwise.
      Throws:
      AuthenticationRequiredException - if user is not authenticated and is required to be.

    • evaluateAny

      public boolean evaluateAny(Object principal, Set<SecurityEvaluator.Action> actions, Node graphIRI) throws AuthenticationRequiredException
      Description copied from interface: SecurityEvaluator
      Determine if any of the actions are allowed on the graph.
      Specified by:
      evaluateAny in interface SecurityEvaluator
      Parameters:
      principal - The principal that is attempting the action.
      actions - The actions to perform
      graphIRI - The IRI of the graph to the action is being taken upon. May be ANY.
      Returns:
      true true if any the actions are allowed, false otherwise.
      Throws:
      AuthenticationRequiredException - if user is not authenticated and is required to be.

    • evaluateAny

      public boolean evaluateAny(Object principal, Set<SecurityEvaluator.Action> actions, Node graphIRI, Triple triple) throws AuthenticationRequiredException
      Description copied from interface: SecurityEvaluator
      Determine if any of the actions are allowed on the triple within the graph.

      See evaluate( Action, Node, Triple ) for discussion of evaluation strategy.

      Specified by:
      evaluateAny in interface SecurityEvaluator
      Parameters:
      principal - The principal that is attempting the action.
      actions - The actions to check.
      graphIRI - The IRI of the graph to the action is being taken upon. May be ANY.
      triple - The triple to check
      Returns:
      true if any the actions are allowed, false otherwise.
      Throws:
      AuthenticationRequiredException - if user is not authenticated and is required to be.

    • evaluateUpdate

      public boolean evaluateUpdate(Object principal, Node graphIRI, Triple from, Triple to) throws AuthenticationRequiredException
      No updated are allowed.
      Specified by:
      evaluateUpdate in interface SecurityEvaluator
      Parameters:
      principal - The principal that is attempting the action.
      graphIRI - The IRI of the graph to the action is being taken upon. May be ANY.
      from - The triple to be changed
      to - The value to change it to.
      Returns:
      true if the user may make the change, false otherwise.
      Throws:
      AuthenticationRequiredException - if user is not authenticated and is required to be.

    • getPrincipal

      public Object getPrincipal()
      We really don't need a system principal so we just create a dummy one.
      Specified by:
      getPrincipal in interface SecurityEvaluator
      Returns:
      The current principal

    • isPrincipalAuthenticated

      public boolean isPrincipalAuthenticated(Object principal)
      Our dummy principal is never authenticated.
      Specified by:
      isPrincipalAuthenticated in interface SecurityEvaluator
      Parameters:
      principal - The principal to check.
      Returns:
      true if authenticated, false if not.