Overview  Package   Class  Use  Tree  Deprecated  Index  Help 
 PREV CLASS   NEXT CLASS FRAMES    NO FRAMES    
SUMMARY: NESTED | ENUM CONSTANTS | FIELD | METHOD DETAIL: ENUM CONSTANTS | FIELD | METHOD

org.eaglei.repository
Enum Access

java.lang.Object
  extended by java.lang.Enum<Access>
      extended by org.eaglei.repository.Access
All Implemented Interfaces:
java.io.Serializable, java.lang.Comparable<Access>
public enum Access
extends java.lang.Enum<Access>

Access control for the repository. The Access class is two things: 1. Enumerated type describing the type of operation the user is allowed to do. These correspond to REPO constants (and maybe should move there?) 2. A collection of static utility methods to answer access control questions Started April, 2010

Version:
$Id: $
Author:
Larry Stone

Enum Constant Summary
ADD
           
ADMIN
           
READ
          Types of access to be granted
REMOVE
           
 
Field Summary
static java.lang.String SUPERUSER_ROLE_NAME
          Superuser role name, i.e.
 
Method Summary
static void addGrant(javax.servlet.http.HttpServletRequest request, org.openrdf.model.URI instance, org.openrdf.model.URI agent, org.openrdf.model.URI access)
          Add the specified grant to the instance.
static void decacheUser(javax.servlet.http.HttpServletRequest request, User u)
          invalidate the cache if the changed user is the same URI as cahced.
static void filterByPermission(javax.servlet.http.HttpServletRequest request, org.openrdf.model.URI aprincipal, java.lang.String name, java.lang.String patternGroup, Access pred, org.openrdf.query.TupleQueryResultHandler handler)
          Filters results of query by what the current user has indicated permission on..
static java.lang.Iterable<AccessGrant.Term> getAllAccesses(javax.servlet.http.HttpServletRequest request)
          Get all access types described in the RDF - note this CAN be extended by each repository instance by adding statements but it is NOT likely since the practical implementation of access is hardcoded.
static java.lang.Iterable<AccessGrant.Term> getAllRoles(javax.servlet.http.HttpServletRequest request)
          Get all roles described in the RDF - note this can be extended by each repository instance by adding statements.
static java.lang.Iterable<AccessGrant> getGrants(javax.servlet.http.HttpServletRequest request, org.openrdf.model.URI uri, boolean mine)
          Get list of access grants on this instance
static org.openrdf.model.URI getPrincipalURI(javax.servlet.http.HttpServletRequest request)
          Find (and create if necessary) the URI of the :Person object for the current authenticated user, if any.
static User getPrincipalUser(javax.servlet.http.HttpServletRequest request)
          Find (and create if necessary) a User object for the current authenticated user, if any.
 org.openrdf.model.URI getURI()
          Get the URI referenced by this access type.
static boolean hasPermission(javax.servlet.http.HttpServletRequest request, org.openrdf.model.Resource subject, Access pred)
          hasPermission - general permission test.
static boolean hasPermissionOnUser(javax.servlet.http.HttpServletRequest request, java.lang.String username)
          Does current authenticated user have permission to modify the User object associated with this username? True if it matches the current logged-in user, or we are superuser.
static boolean isSuperuser(javax.servlet.http.HttpServletRequest request)
          isSuperuser
static void logout(javax.servlet.http.HttpServletRequest request)
          Destroy current session and credentials (if possible) most web browsers cache the HTTP Basic creds so user needs to trash those explicitly right after running this.
static boolean removeGrant(javax.servlet.http.HttpServletRequest request, org.openrdf.model.URI instance, org.openrdf.model.URI agent, org.openrdf.model.URI access)
          Remove specified grant of access from an instance.
static Access valueOf(java.lang.String name)
          Returns the enum constant of this type with the specified name.
static Access[] values()
          Returns an array containing the constants of this enum type, in the order they are declared.
 
Methods inherited from class java.lang.Enum
clone, compareTo, equals, finalize, getDeclaringClass, hashCode, name, ordinal, toString, valueOf
 
Methods inherited from class java.lang.Object
getClass, notify, notifyAll, wait, wait, wait
 

Enum Constant Detail

READ

public static final Access READ
Types of access to be granted

ADD

public static final Access ADD

REMOVE

public static final Access REMOVE

ADMIN

public static final Access ADMIN
Field Detail

SUPERUSER_ROLE_NAME

public static final java.lang.String SUPERUSER_ROLE_NAME
Superuser role name, i.e. name of role that gets set by container authentication system

See Also:
Constant Field Values
Method Detail

values

public static Access[] values()
Returns an array containing the constants of this enum type, in the order they are declared. This method may be used to iterate over the constants as follows: 
for (Access c : Access.values())
    System.out.println(c);

Returns:
an array containing the constants of this enum type, in the order they are declared

valueOf

public static Access valueOf(java.lang.String name)
Returns the enum constant of this type with the specified name. The string must match exactly an identifier used to declare an enum constant in this type. (Extraneous whitespace characters are not permitted.)

Parameters:
name - the name of the enum constant to be returned.
Returns:
the enum constant with the specified name
Throws:
java.lang.IllegalArgumentException - if this enum type has no constant with the specified name
java.lang.NullPointerException - if the argument is null

getURI

public org.openrdf.model.URI getURI()
Get the URI referenced by this access type.

Returns:
a URI object.

hasPermission

public static boolean hasPermission(javax.servlet.http.HttpServletRequest request,
                                    org.openrdf.model.Resource subject,
                                    Access pred)

hasPermission - general permission test.

Parameters:
request - a HttpServletRequest object.
subject - the object being tested for access
pred - the type of access
Returns:
a boolean, true if access was granted.

hasPermissionOnUser

public static boolean hasPermissionOnUser(javax.servlet.http.HttpServletRequest request,
                                          java.lang.String username)
Does current authenticated user have permission to modify the User object associated with this username? True if it matches the current logged-in user, or we are superuser.

Parameters:
request - a HttpServletRequest object.
username - principal (i.e. RDBMS username, value of :hasPrincipal), a String object.
Returns:
a boolean, true if permission is gratned.

filterByPermission

public static void filterByPermission(javax.servlet.http.HttpServletRequest request,
                                      org.openrdf.model.URI aprincipal,
                                      java.lang.String name,
                                      java.lang.String patternGroup,
                                      Access pred,
                                      org.openrdf.query.TupleQueryResultHandler handler)
Filters results of query by what the current user has indicated permission on.. Resource (URI) expected to be in variable named "?{name}" so this SPARQL pattern group fragment (in "{ }") can be combined with the rest of the query. See hasPermission() for algorithm to figure permission. The only difference is that this does NOT work for superuser. (It could be added if there is a need.) Results are returned by calling tuple query handler. DO NOT call this if you are superuser! do test that outside of call.

Parameters:
request - a HttpServletRequest object.
principal - URI of user or role being checked for permission
name - name of the variable in query, a String object.
patternGroup - query fragment
pred - type of access being tested, a Access object.
handler - a TupleQueryResultHandler object.

getPrincipalURI

public static org.openrdf.model.URI getPrincipalURI(javax.servlet.http.HttpServletRequest request)
Find (and create if necessary) the URI of the :Person object for the current authenticated user, if any. Returns the anonymous user when not authenticated.

Parameters:
request - a HttpServletRequest object.
Returns:
the :Person object of current authenticated user, as a URI object.

decacheUser

public static void decacheUser(javax.servlet.http.HttpServletRequest request,
                               User u)
invalidate the cache if the changed user is the same URI as cahced.

Parameters:
request - a HttpServletRequest object.
u - user to decache, a User object.

getPrincipalUser

public static User getPrincipalUser(javax.servlet.http.HttpServletRequest request)
Find (and create if necessary) a User object for the current authenticated user, if any. Returns null when not authenticated. This has to be synchronized because it is effectively performing a test-and-set operation on the RDF database; if the user doesn't exist it creates a new one, so another request at the same time would create another :Person for the same user.

Parameters:
request - a HttpServletRequest object.
Returns:
a User object or null if no authenticated user

isSuperuser

public static boolean isSuperuser(javax.servlet.http.HttpServletRequest request)

isSuperuser

Predicate, true if current auth'd user has superuser role either in RDF assertion or in the container's authz.

Parameters:
request - a HttpServletRequest object.
Returns:
a boolean, true if current authenticated user has Superuser (Admin) privilege.

logout

public static void logout(javax.servlet.http.HttpServletRequest request)
Destroy current session and credentials (if possible) most web browsers cache the HTTP Basic creds so user needs to trash those explicitly right after running this.

Parameters:
request - a HttpServletRequest object.

removeGrant

public static boolean removeGrant(javax.servlet.http.HttpServletRequest request,
                                  org.openrdf.model.URI instance,
                                  org.openrdf.model.URI agent,
                                  org.openrdf.model.URI access)
Remove specified grant of access from an instance. Returns true if grant was there, false if not. WARNING: You will need to commit() these changes to the repo connection! XXX does NOT check if access URI is really an access URI..

Parameters:
request - a HttpServletRequest object.
instance - subject from which to remove access grant a URI object.
agent - principal to whom the access was granted, a URI object.
access - type of access, a URI object.
Returns:
a boolean, true if there was a grant to be removed.

addGrant

public static void addGrant(javax.servlet.http.HttpServletRequest request,
                            org.openrdf.model.URI instance,
                            org.openrdf.model.URI agent,
                            org.openrdf.model.URI access)
Add the specified grant to the instance. Requires ADMIN access. WARNING: You will need to commit() these changes to the repo connection! XXX FIXME: does NOT check if access URI is really an access URI..

Parameters:
request - a HttpServletRequest object.
instance - subject from which to add access grant a URI object.
agent - principal to whom the access was granted, a URI object.
access - type of access, a URI object.

getGrants

public static java.lang.Iterable<AccessGrant> getGrants(javax.servlet.http.HttpServletRequest request,
                                                        org.openrdf.model.URI uri,
                                                        boolean mine)
Get list of access grants on this instance

Parameters:
request - a HttpServletRequest object.
uri - subject on which to find grants, a URI object.
mine - when true, only return grants affecting current user
Returns:
all grants in a Iterable object, possibly empty.

getAllRoles

public static java.lang.Iterable<AccessGrant.Term> getAllRoles(javax.servlet.http.HttpServletRequest request)
Get all roles described in the RDF - note this can be extended by each repository instance by adding statements.

Parameters:
request - a HttpServletRequest object.
Returns:
all roles in a Iterable object.

getAllAccesses

public static java.lang.Iterable<AccessGrant.Term> getAllAccesses(javax.servlet.http.HttpServletRequest request)
Get all access types described in the RDF - note this CAN be extended by each repository instance by adding statements but it is NOT likely since the practical implementation of access is hardcoded.

Parameters:
request - a HttpServletRequest object.
Returns:
all access types in a Iterable object.
Overview  Package   Class  Use  Tree  Deprecated  Index  Help 
 PREV CLASS   NEXT CLASS FRAMES    NO FRAMES    
SUMMARY: NESTED | ENUM CONSTANTS | FIELD | METHOD DETAIL: ENUM CONSTANTS | FIELD | METHOD
Copyright © 2009-2010 Eagle-I. All Rights Reserved.