Access (Eagle-I Repository Webapp 1.1-MS4.00 API)

Overview

Package

Class

Use

Tree

Deprecated

Index

Help

PREV CLASS NEXT CLASS

FRAMES NO FRAMES

SUMMARY: NESTED | ENUM CONSTANTS | FIELD | METHOD

DETAIL: ENUM CONSTANTS | FIELD | METHOD

org.eaglei.repository
Enum Access

java.lang.Object
  java.lang.Enum<Access>
      org.eaglei.repository.Access

All Implemented Interfaces:: java.io.Serializable, java.lang.Comparable<Access>

public enum Access
extends java.lang.Enum<Access>
extends java.lang.Enum<Access>

Access control for the repository. The Access class is two things: 1. Enumerated type describing the type of operation the user is allowed to do. These correspond to REPO constants (and maybe should move there?) 2. A collection of static utility methods to: a. Answer access-control questions b. Manage the records of access grants, including import/export Access permission is computed as follows: 1. Does current user have the Superuser role? If so, always "yes". 2. Is there a direct grant, e.g. :has___Access ? 3. Indirect role grant? e.g. :has___Access , and user asserts that role (i.e. :hasRole ) NOTES: - Roles are NOT hierarchical, each role is independent. - ALL users have :Role_Authenticated and :Role_Anonymous asserted invisibly (materialized but managed automatically) - A session without a logged-in user is identified as :Role_Anonymous Started April, 2010

Version:: $Id: $
Author:: Larry Stone

Enum Constant Summary
`ADD`
`ADMIN`
`READ` Types of access to be granted
`REMOVE`

Field Summary
`static java.lang.String`	`SUPERUSER_ROLE_NAME` Superuser role name in Java servlet container, i.e.

Method Summary
`static void`	`addGrant(javax.servlet.http.HttpServletRequest request, org.openrdf.model.URI instance, org.openrdf.model.URI agent, org.openrdf.model.URI access)` Add the specified grant to the instance.
`static void`	`addGrantAsAdministrator(javax.servlet.http.HttpServletRequest request, org.openrdf.model.URI instance, org.openrdf.model.URI agent, org.openrdf.model.URI access)` Add the specified grant to the instance, but WITHOUT cehcking for ADMIN access.
`static void`	`decacheAuthentication(javax.servlet.http.HttpServletRequest request, User u)` Invalidate the cached authenticated User if it matches the one that was modified by the User API.
`static void`	`doExportGrants(javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response, org.openrdf.rio.RDFFormat format, java.util.Set<java.lang.String> includes, java.util.Set<java.lang.String> excludes)` Export description of access grants as serialized RDF quads.
`static void`	`doImportGrants(javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response, org.openrdf.repository.RepositoryConnection content, java.util.Set<java.lang.String> includes, java.util.Set<java.lang.String> excludes, ImportExport.DuplicateArg duplicate, boolean transform, boolean ignoreACL)` Import description of access grants from serialized RDF quads.
`static java.lang.Iterable<org.openrdf.model.Statement>`	`exportGrants(org.openrdf.model.URI uri, java.lang.Iterable<AccessGrant> grants)` Translate internal grant objects into exportable statements on a given subject.
`static void`	`filterByPermission(javax.servlet.http.HttpServletRequest request, org.openrdf.model.URI aprincipal, java.lang.String name, java.lang.String results, java.lang.String patternGroup, Access pred, org.openrdf.query.Dataset dataset, org.openrdf.query.BindingSet bindings, org.openrdf.query.TupleQueryResultHandler handler)` Filters results of query by what the current user has indicated permission on..
`static java.lang.Iterable<AccessGrant.Term>`	`getAllAccesses(javax.servlet.http.HttpServletRequest request)` Get all access types described in the RDF - note this CAN be extended by each repository instance by adding statements but it is NOT likely since the practical implementation of access is hardcoded.
`static java.lang.String`	`getAuthenticatedUsername(javax.servlet.http.HttpServletRequest request)` Get the current authenticated username from container or other auth'n.
`static java.lang.Iterable<AccessGrant>`	`getGrants(javax.servlet.http.HttpServletRequest request, org.openrdf.model.URI uri)`
`static java.lang.Iterable<AccessGrant>`	`getGrants(org.openrdf.repository.RepositoryConnection rc, org.openrdf.model.URI uri)`
`static java.lang.Iterable<AccessGrant>`	`getMyGrants(javax.servlet.http.HttpServletRequest request, org.openrdf.model.URI uri)`
`static org.openrdf.model.URI`	`getPrincipalURI(javax.servlet.http.HttpServletRequest request)` Find (and create if necessary) the URI of the :Person object for the current authenticated user, if any.
`static User`	`getPrincipalUser(javax.servlet.http.HttpServletRequest request)` Find a User object for the current authenticated user, if one is available.
`org.openrdf.model.URI`	`getURI()` Get the URI referenced by this access type.
`static boolean`	`hasPermission(javax.servlet.http.HttpServletRequest request, org.openrdf.model.Resource subject, Access pred)` hasPermission - predicate, general permission test.
`static boolean`	`hasPermissionOnUser(javax.servlet.http.HttpServletRequest request, java.lang.String username)` Special case access predicate on User objects.
`static java.lang.Iterable<org.openrdf.model.Statement>`	`importGrants(javax.servlet.http.HttpServletRequest request, org.openrdf.repository.RepositoryConnection content, org.openrdf.model.URI oldURI, org.openrdf.model.URI newURI)` Get importable access grant statements for URI from import document.
`static boolean`	`isAccessPredicate(org.openrdf.model.URI uri)` Predicate testing whether a URI is a valid access grant property.
`static boolean`	`isSuperuser(javax.servlet.http.HttpServletRequest request)` isSuperuser
`static void`	`logout(javax.servlet.http.HttpServletRequest request)` Destroy current session and credentials (if possible) most web browsers cache the HTTP Basic creds so user needs to trash those explicitly right after running this.
`static boolean`	`removeGrant(javax.servlet.http.HttpServletRequest request, org.openrdf.model.URI instance, org.openrdf.model.URI agent, org.openrdf.model.URI access)` Remove specified grant of access from an instance.
`static boolean`	`removeGrantAsAdministrator(javax.servlet.http.HttpServletRequest request, org.openrdf.model.URI instance, org.openrdf.model.URI agent, org.openrdf.model.URI access)` Remove specified grant of access from a URI, but WITHOUT cehcking for ADMIN access.
`java.lang.String`	`toString()`
`static Access`	`valueOf(java.lang.String name)` Returns the enum constant of this type with the specified name.
`static Access[]`	`values()` Returns an array containing the constants of this enum type, in the order they are declared.

Methods inherited from class java.lang.Enum
`clone, compareTo, equals, finalize, getDeclaringClass, hashCode, name, ordinal, valueOf`

Methods inherited from class java.lang.Object
`getClass, notify, notifyAll, wait, wait, wait`

Enum Constant Detail

READ

public static final Access READ

Types of access to be granted

ADD

public static final Access ADD

REMOVE

public static final Access REMOVE

ADMIN

public static final Access ADMIN

Field Detail

SUPERUSER_ROLE_NAME

public static final java.lang.String SUPERUSER_ROLE_NAME

Superuser role name in Java servlet container, i.e. name of role that gets set by container authentication system

See Also:: Constant Field Values

Method Detail

values

public static Access[] values()

Returns an array containing the constants of this enum type, in the order they are declared. This method may be used to iterate over the constants as follows:

for (Access c : Access.values())
    System.out.println(c);

Returns:: an array containing the constants of this enum type, in the order they are declared

valueOf

public static Access valueOf(java.lang.String name)

Returns the enum constant of this type with the specified name. The string must match exactly an identifier used to declare an enum constant in this type. (Extraneous whitespace characters are not permitted.)

Parameters:: name - the name of the enum constant to be returned.
Returns:: the enum constant with the specified name
Throws:: java.lang.IllegalArgumentException - if this enum type has no constant with the specified name; java.lang.NullPointerException - if the argument is null

isAccessPredicate

public static boolean isAccessPredicate(org.openrdf.model.URI uri)

Predicate testing whether a URI is a valid access grant property.

Parameters:: uri - the uri to test
Returns:: true if uri is the URI value of an access grant keyword.

getURI

public org.openrdf.model.URI getURI()

Get the URI referenced by this access type.

Returns:: a URI object.

toString

public java.lang.String toString()

Overrides:: toString in class java.lang.Enum<Access>

hasPermission

public static boolean hasPermission(javax.servlet.http.HttpServletRequest request,
                                    org.openrdf.model.Resource subject,
                                    Access pred)

hasPermission - predicate, general permission test.

Does current user have the indicated permission on this resource? See the general formula and rules for computing access in comments at the head of this class.

Parameters:: request - a HttpServletRequest object.; subject - the object being tested for access; pred - the type of access
Returns:: a boolean, true if access was granted.

hasPermissionOnUser

public static boolean hasPermissionOnUser(javax.servlet.http.HttpServletRequest request,
                                          java.lang.String username)

Special case access predicate on User objects. Does CURRENT AUTHENTICATED user have permission TO MODIFY the User object associated with this username? True if it matches the current logged-in user, or we are superuser.

Parameters:: request - a HttpServletRequest object.; username - principal (i.e. RDBMS username, value of :hasPrincipal), a String object.
Returns:: a boolean, true if permission is gratned.

filterByPermission

public static void filterByPermission(javax.servlet.http.HttpServletRequest request,
                                      org.openrdf.model.URI aprincipal,
                                      java.lang.String name,
                                      java.lang.String results,
                                      java.lang.String patternGroup,
                                      Access pred,
                                      org.openrdf.query.Dataset dataset,
                                      org.openrdf.query.BindingSet bindings,
                                      org.openrdf.query.TupleQueryResultHandler handler)

Filters results of query by what the current user has indicated permission on.. Resource (URI) expected to be in variable named "?{name}" so this SPARQL pattern group fragment (in "{ }") can be combined with the rest of the query. See hasPermission() for algorithm to figure permission. The only difference is that this does NOT work for superuser. (It could be added if there is a need.) Results are returned by calling tuple query handler. ***** WARNING ***** DO NOT call this if you are superuser! It will not work. Test for superuser before calling this filter and use alternate query.

Parameters:: request - a HttpServletRequest object.; principal - URI of user or role being checked for permission; name - bare name of the variable in query containing URI to test for access. NOTE: 'name' MUST be a variable in 'results' list; results - query results clause, i.e. SELECT WHERE ...; patternGroup - query fragment; pred - type of access being tested, a Access object.; dataset - the dataset on whcih to operate, MUST not be null; handler - a TupleQueryResultHandler object.

getPrincipalURI

public static org.openrdf.model.URI getPrincipalURI(javax.servlet.http.HttpServletRequest request)

Find (and create if necessary) the URI of the :Person object for the current authenticated user, if any. Returns the anonymous user when not authenticated.

Parameters:: request - a HttpServletRequest object.
Returns:: the :Person object of current authenticated user, as a URI object.

decacheAuthentication

public static void decacheAuthentication(javax.servlet.http.HttpServletRequest request,
                                         User u)

Invalidate the cached authenticated User if it matches the one that was modified by the User API.

Parameters:: request - a HttpServletRequest object.; u - user to decache, a User object.

getAuthenticatedUsername

public static java.lang.String getAuthenticatedUsername(javax.servlet.http.HttpServletRequest request)

Get the current authenticated username from container or other auth'n.

Returns:: the username or null if not auth'nd

getPrincipalUser

public static User getPrincipalUser(javax.servlet.http.HttpServletRequest request)

Find a User object for the current authenticated user, if one is available. Note that there MIGHT NOT be a User object if the authencated user has no RDF metadata; in this case it returns null. It also returns null when there is no authenticated user so this is not a good test for auth'n.

Parameters:: request - a HttpServletRequest object.
Returns:: a User object or null if not auth'n or no there is no RDF metadata for auth'n user

isSuperuser

public static boolean isSuperuser(javax.servlet.http.HttpServletRequest request)

isSuperuser

Predicate, true if current auth'd user has superuser role either in RDF assertion or in the container's authz.

Parameters:: request - a HttpServletRequest object.
Returns:: a boolean, true if current authenticated user has Superuser (Admin) privilege.

logout

public static void logout(javax.servlet.http.HttpServletRequest request)

Destroy current session and credentials (if possible) most web browsers cache the HTTP Basic creds so user needs to trash those explicitly right after running this.

Parameters:: request - a HttpServletRequest object.

removeGrant

public static boolean removeGrant(javax.servlet.http.HttpServletRequest request,
                                  org.openrdf.model.URI instance,
                                  org.openrdf.model.URI agent,
                                  org.openrdf.model.URI access)

Remove specified grant of access from an instance. Returns true if grant was there, false if not. WARNING: You will need to commit() these changes to the repo connection!

Parameters:: request - a HttpServletRequest object.; instance - subject from which to remove access grant a URI object.; agent - principal to whom the access was granted, a URI object.; access - type of access, a URI object.
Returns:: a boolean, true if there was a grant to be removed.

removeGrantAsAdministrator

public static boolean removeGrantAsAdministrator(javax.servlet.http.HttpServletRequest request,
                                                 org.openrdf.model.URI instance,
                                                 org.openrdf.model.URI agent,
                                                 org.openrdf.model.URI access)

Remove specified grant of access from a URI, but WITHOUT cehcking for ADMIN access. This is meant for INTERNAL user where the program logic mediates access, e.g. workflow. Returns true if grant was there, false if not. WARNING: You will need to commit() these changes to the repo connection!

Parameters:: request - a HttpServletRequest object.; instance - subject from which to remove access grant a URI object.; agent - principal to whom the access was granted, a URI object.; access - type of access, a URI object.
Returns:: a boolean, true if there was a grant to be removed.

addGrant

public static void addGrant(javax.servlet.http.HttpServletRequest request,
                            org.openrdf.model.URI instance,
                            org.openrdf.model.URI agent,
                            org.openrdf.model.URI access)

Add the specified grant to the instance. Requires ADMIN access. WARNING: You will need to commit() these changes to the repo connection!

Parameters:: request - a HttpServletRequest object.; instance - subject from which to add access grant a URI object.; agent - principal to whom the access was granted, a URI object.; access - type of access, a URI object.

addGrantAsAdministrator

public static void addGrantAsAdministrator(javax.servlet.http.HttpServletRequest request,
                                           org.openrdf.model.URI instance,
                                           org.openrdf.model.URI agent,
                                           org.openrdf.model.URI access)

Add the specified grant to the instance, but WITHOUT cehcking for ADMIN access. This is meant for INTERNAL user where the program logic mediates access, e.g. workflow. WARNING: You will need to commit() these changes to the repo connection!

Parameters:: request - a HttpServletRequest object.; instance - subject from which to add access grant a URI object.; agent - principal to whom the access was granted, a URI object.; access - type of access, a URI object.

getGrants

public static java.lang.Iterable<AccessGrant> getGrants(javax.servlet.http.HttpServletRequest request,
                                                        org.openrdf.model.URI uri)

getGrants

public static java.lang.Iterable<AccessGrant> getGrants(org.openrdf.repository.RepositoryConnection rc,
                                                        org.openrdf.model.URI uri)

getMyGrants

public static java.lang.Iterable<AccessGrant> getMyGrants(javax.servlet.http.HttpServletRequest request,
                                                          org.openrdf.model.URI uri)

exportGrants

public static java.lang.Iterable<org.openrdf.model.Statement> exportGrants(org.openrdf.model.URI uri,
                                                                           java.lang.Iterable<AccessGrant> grants)

Translate internal grant objects into exportable statements on a given subject.

Parameters:: uri - - the subject; grants - - grant objects
Returns:: iterable list of Sesame Statement objects

importGrants

public static java.lang.Iterable<org.openrdf.model.Statement> importGrants(javax.servlet.http.HttpServletRequest request,
                                                                           org.openrdf.repository.RepositoryConnection content,
                                                                           org.openrdf.model.URI oldURI,
                                                                           org.openrdf.model.URI newURI)

Get importable access grant statements for URI from import document. NOTE that it looks up grants on oldURI, but puts newURI in the new grant statements; this is in case subject URI got transformed on the import. Also note that source grants come from 'content' (could be a memory repo) but we need still the regular repo to compute ACL query the first time.

getAllAccesses

public static java.lang.Iterable<AccessGrant.Term> getAllAccesses(javax.servlet.http.HttpServletRequest request)

Get all access types described in the RDF - note this CAN be extended by each repository instance by adding statements but it is NOT likely since the practical implementation of access is hardcoded.

Parameters:: request - a HttpServletRequest object.
Returns:: all access types in a Iterable object.

doExportGrants

public static void doExportGrants(javax.servlet.http.HttpServletRequest request,
                                  javax.servlet.http.HttpServletResponse response,
                                  org.openrdf.rio.RDFFormat format,
                                  java.util.Set<java.lang.String> includes,
                                  java.util.Set<java.lang.String> excludes)
                           throws javax.servlet.ServletException,
                                  java.io.IOException

Export description of access grants as serialized RDF quads. Handler for the ImportExport servlet.

Throws:: javax.servlet.ServletException; java.io.IOException

doImportGrants

public static void doImportGrants(javax.servlet.http.HttpServletRequest request,
                                  javax.servlet.http.HttpServletResponse response,
                                  org.openrdf.repository.RepositoryConnection content,
                                  java.util.Set<java.lang.String> includes,
                                  java.util.Set<java.lang.String> excludes,
                                  ImportExport.DuplicateArg duplicate,
                                  boolean transform,
                                  boolean ignoreACL)
                           throws javax.servlet.ServletException,
                                  java.io.IOException

Import description of access grants from serialized RDF quads. Handler for the ImportExport servlet.

Throws:: javax.servlet.ServletException; java.io.IOException

Overview

Package

Class

Use

Tree

Deprecated

Index

Help

PREV CLASS NEXT CLASS

FRAMES NO FRAMES

SUMMARY: NESTED | ENUM CONSTANTS | FIELD | METHOD

DETAIL: ENUM CONSTANTS | FIELD | METHOD

org.eaglei.repository Enum Access

READ

ADD

REMOVE

ADMIN

SUPERUSER_ROLE_NAME

values

valueOf

isAccessPredicate

getURI

toString

hasPermission

hasPermissionOnUser

filterByPermission

getPrincipalURI

decacheAuthentication

getAuthenticatedUsername

getPrincipalUser

isSuperuser

logout

removeGrant

removeGrantAsAdministrator

addGrant

addGrantAsAdministrator

getGrants

getGrants

getMyGrants

exportGrants

importGrants

getAllAccesses

doExportGrants

doImportGrants

org.eaglei.repository
Enum Access