Examples of org.apache.jena.security.SecurityEvaluator

org.apache.jena.security.SecurityEvaluator
SecurityEvaluator.
The security evaluator is the link between the graph security system and an external security system. This interface specifies the methods that are required by the graph security system. It is assumed that the implementation will handle tracking the current user and will query some underlying data source to determine what actions the user can and can not take.
All questions of white listing or black listing will be handled in the concrete implementation.
Implementations of this class should probably cache any evaluate calculations as the evaluate methods are called frequently. However, the underlying classes do cache results within a single method check.

Secured operations

The security system recognizes and secures each of the CRUD (Create, Read, Update and Delete) operations as represented by the Action enumeration.
Levels of security
The security interfaces operates at two (2) levels: graph (or Model) and triple.
At the the graph level the security evaluator may restrict CRUD access to the graph or model as a whole. When evaluating the restriction, if the user it not permitted to perform the operation on the graph or model access is denied. If the user is permitted any triple restrictions are evaluated.
At the triple level the security evaluator may restrict CRUD access to specific triples. In order to skip potentially expensive triple security checks the system will generally ask if the user is permitted the CRUD action on any triple. This is represented by the SecTriple (ANY, ANY, ANY).
- If the system does not support triple level security the system should always return true.
- See SecNode.ANY, SecNode.FUTURE, and SecNode.VARIABLE for discussion of specifics of their respective usages.

    {
      Triple[] retval = triples;
      if (g instanceof SecuredGraphImpl)
      {
        final SecuredGraphImpl sg = (SecuredGraphImpl) g;
        final SecurityEvaluator evaluator = CachedSecurityEvaluator
            .getInstance(sg.getSecurityEvaluator(), runAs);
        if (evaluator.evaluateAny(perms, sg.getModelNode()))
        {
          if (!evaluator.evaluateAny(perms, sg.getModelNode(),
              SecuredItemImpl.convert(Triple.ANY)))
          {
            final List<Triple> list = wrapPermIterator(sg,
                Arrays.asList(triples).iterator(), perms)
                .toList();

View Full Code Here

    {
      Graph addGraph = added;
      if (g instanceof SecuredGraph)
      {
        final SecuredGraph sg = (SecuredGraph) g;
        final SecurityEvaluator evaluator = CachedSecurityEvaluator
            .getInstance(sg.getSecurityEvaluator(), runAs);
        if (evaluator.evaluateAny(SecuredGraphEventManager.ADD,
            sg.getModelNode()))
        {
          if (!evaluator.evaluateAny(SecuredGraphEventManager.ADD,
              sg.getModelNode(),
              SecuredItemImpl.convert(Triple.ANY)))
          {
            final List<Triple> lst = added.find(Triple.ANY)
                .toList();

View Full Code Here

    {


      if (g instanceof SecuredGraphImpl)
      {
        final SecuredGraphImpl sg = (SecuredGraphImpl) g;
        final SecurityEvaluator evaluator = CachedSecurityEvaluator
            .getInstance(sg.getSecurityEvaluator(), runAs);
        // only report if we can write to the graph
        if (evaluator.evaluateAny(SecuredGraphEventManager.ADD,
            sg.getModelNode()))
        {
          final ExtendedIterator<Triple> iter = wrapPermIterator(sg,
              it, SecuredGraphEventManager.ADD);
          try

View Full Code Here

    {
      List<Triple> list = triples;
      if (g instanceof SecuredGraphImpl)
      {
        final SecuredGraphImpl sg = (SecuredGraphImpl) g;
        final SecurityEvaluator evaluator = CachedSecurityEvaluator
            .getInstance(sg.getSecurityEvaluator(), runAs);
        if (evaluator.evaluateAny(SecuredGraphEventManager.ADD,
            sg.getModelNode()))
        {
          if (!evaluator.evaluateAny(SecuredGraphEventManager.ADD,
              sg.getModelNode(),
              SecuredItemImpl.convert(Triple.ANY)))
          {
            list = wrapPermIterator(sg, triples.iterator(),
                SecuredGraphEventManager.ADD).toList();

View Full Code Here

    {
      boolean notify = false;
      if (g instanceof SecuredGraph)
      {
        final SecuredGraph sg = (SecuredGraph) g;
        final SecurityEvaluator evaluator = CachedSecurityEvaluator
            .getInstance(sg.getSecurityEvaluator(), runAs);
        notify = evaluator.evaluateAny(SecuredGraphEventManager.ADD,
            sg.getModelNode());
        if (notify)
        {
          notify = evaluator.evaluateAny(
              SecuredGraphEventManager.ADD, sg.getModelNode(),
              SecuredItemImpl.convert(t));
        }
      }
      else

View Full Code Here

    {
      Triple[] deleted = triples;
      if (g instanceof SecuredGraphImpl)
      {
        final SecuredGraphImpl sg = (SecuredGraphImpl) g;
        final SecurityEvaluator evaluator = CachedSecurityEvaluator
            .getInstance(sg.getSecurityEvaluator(), runAs);
        if (evaluator.evaluateAny(SecuredGraphEventManager.DELETE,
            sg.getModelNode()))
        {
          if (!evaluator.evaluateAny(SecuredGraphEventManager.DELETE,
              sg.getModelNode(),
              SecuredItemImpl.convert(Triple.ANY)))
          {
            final List<Triple> list = wrapPermIterator(sg,
                Arrays.asList(triples).iterator(),

View Full Code Here

    public void notifyDeleteGraph( final Graph g, final Graph removed )
    {
      if (g instanceof SecuredGraphImpl)
      {
        final SecuredGraphImpl sg = (SecuredGraphImpl) g;
        final SecurityEvaluator evaluator = CachedSecurityEvaluator
            .getInstance(sg.getSecurityEvaluator(), runAs);
        if (evaluator.evaluateAny(SecuredGraphEventManager.DELETE,
            sg.getModelNode()))
        {
          Graph g2 = removed;
          if (!evaluator.evaluateAny(SecuredGraphEventManager.DELETE,
              sg.getModelNode(),
              SecuredItemImpl.convert(Triple.ANY)))
          {
            g2 = new CollectionGraph(
                removed.find(Triple.ANY)

View Full Code Here

    {
      Iterator<Triple> iter = it;
      if (g instanceof SecuredGraphImpl)
      {
        final SecuredGraphImpl sg = (SecuredGraphImpl) g;
        final SecurityEvaluator evaluator = CachedSecurityEvaluator
            .getInstance(sg.getSecurityEvaluator(), runAs);
        if (evaluator.evaluateAny(SecuredGraphEventManager.DELETE,
            sg.getModelNode()))
        {


          if (!evaluator.evaluateAny(SecuredGraphEventManager.DELETE,
              sg.getModelNode(),
              SecuredItemImpl.convert(Triple.ANY)))
          {
            iter = WrappedIterator.create(it).filterKeep(
                new PermTripleFilter(

View Full Code Here

    {
      List<Triple> list = triples;
      if (g instanceof SecuredGraphImpl)
      {
        final SecuredGraphImpl sg = (SecuredGraphImpl) g;
        final SecurityEvaluator evaluator = CachedSecurityEvaluator
            .getInstance(sg.getSecurityEvaluator(), runAs);
        if (evaluator.evaluateAny(SecuredGraphEventManager.DELETE,
            sg.getModelNode()))
        {
          if (!evaluator.evaluateAny(SecuredGraphEventManager.DELETE,
              sg.getModelNode(),
              SecuredItemImpl.convert(Triple.ANY)))
          {
            list = WrappedIterator
                .create(triples.iterator())

View Full Code Here

    {
      boolean notify = false;
      if (g instanceof SecuredGraph)
      {
        final SecuredGraph sg = (SecuredGraph) g;
        final SecurityEvaluator evaluator = CachedSecurityEvaluator
            .getInstance(sg.getSecurityEvaluator(), runAs);
        notify = evaluator.evaluateAny(SecuredGraphEventManager.DELETE,
            sg.getModelNode());
        if (notify)
        {
          notify = evaluator.evaluateAny(
              SecuredGraphEventManager.DELETE, sg.getModelNode(),
              SecuredItemImpl.convert(t));
        }
      }
      else

View Full Code Here

0 1 2

TOP

Related Classes of org.apache.jena.security.SecurityEvaluator

org.apache.commons.lang.builder.HashCodeBuilder

org.apache.jena.security.graph.SecuredGraphEventManager$SecuredGraphListener

org.apache.jena.security.query.QueryEngineTest

org.apache.jena.security.query.rewriter.OpRewriterTest

org.apache.jena.security.query.SecuredQueryEngine

All source code are property of their respective owners. Java is a trademark of Sun Microsystems, Inc and owned by ORACLE Inc. Contact coftware#gmail.com.