From 095ec6d9a7e35d4e8a709654174c68f9c106fbeb Mon Sep 17 00:00:00 2001 From: j2blake Date: Fri, 13 May 2011 16:29:12 +0000 Subject: [PATCH] NIHVIVO-2299 Remove old unused policies: JenaNetidPolicy and SparqlPolicy --- .../webapp/auth/policy/JenaNetidPolicy.java | 428 ------------------ .../webapp/auth/policy/SparqlPolicy.java | 264 ----------- .../auth/policy/SparqlPolicyDecision.java | 61 --- .../policy/setup/JenaNetidPolicySetup.java | 55 --- .../auth/policy/JenaNetidPolicyTest.java | 228 ---------- .../auth/policy/resources/examplePolicy.xml | 43 -- 6 files changed, 1079 deletions(-) delete mode 100644 webapp/src/edu/cornell/mannlib/vitro/webapp/auth/policy/JenaNetidPolicy.java delete mode 100644 webapp/src/edu/cornell/mannlib/vitro/webapp/auth/policy/SparqlPolicy.java delete mode 100644 webapp/src/edu/cornell/mannlib/vitro/webapp/auth/policy/SparqlPolicyDecision.java delete mode 100644 webapp/src/edu/cornell/mannlib/vitro/webapp/auth/policy/setup/JenaNetidPolicySetup.java delete mode 100644 webapp/test/edu/cornell/mannlib/vitro/webapp/auth/policy/JenaNetidPolicyTest.java delete mode 100644 webapp/test/edu/cornell/mannlib/vitro/webapp/auth/policy/resources/examplePolicy.xml diff --git a/webapp/src/edu/cornell/mannlib/vitro/webapp/auth/policy/JenaNetidPolicy.java b/webapp/src/edu/cornell/mannlib/vitro/webapp/auth/policy/JenaNetidPolicy.java deleted file mode 100644 index d5da219e6..000000000 --- a/webapp/src/edu/cornell/mannlib/vitro/webapp/auth/policy/JenaNetidPolicy.java +++ /dev/null @@ -1,428 +0,0 @@ -/* $This file is distributed under the terms of the license in /doc/license.txt$ */ - -package edu.cornell.mannlib.vitro.webapp.auth.policy; - -import java.io.InputStream; -import java.util.ArrayList; -import java.util.HashMap; -import java.util.List; - -import javax.servlet.ServletContextEvent; -import javax.servlet.ServletContextListener; - -import org.apache.commons.logging.Log; -import org.apache.commons.logging.LogFactory; - -import com.hp.hpl.jena.query.Query; -import com.hp.hpl.jena.query.QueryExecution; -import com.hp.hpl.jena.query.QueryExecutionFactory; -import com.hp.hpl.jena.query.QueryFactory; -import com.hp.hpl.jena.query.QuerySolutionMap; -import com.hp.hpl.jena.rdf.model.Model; -import com.hp.hpl.jena.rdf.model.ModelFactory; -import com.thoughtworks.xstream.XStream; -import com.thoughtworks.xstream.io.xml.DomDriver; - -import edu.cornell.mannlib.vitro.webapp.auth.identifier.ActiveIdentifierBundleFactories; -import edu.cornell.mannlib.vitro.webapp.auth.identifier.Identifier; -import edu.cornell.mannlib.vitro.webapp.auth.identifier.IdentifierBundle; -import edu.cornell.mannlib.vitro.webapp.auth.identifier.SelfEditingIdentifierFactory; -import edu.cornell.mannlib.vitro.webapp.auth.identifier.SelfEditingIdentifierFactory.NetId; -import edu.cornell.mannlib.vitro.webapp.auth.policy.ifaces.Authorization; -import edu.cornell.mannlib.vitro.webapp.auth.policy.ifaces.DefaultInconclusivePolicy; -import edu.cornell.mannlib.vitro.webapp.auth.policy.ifaces.PolicyDecision; -import edu.cornell.mannlib.vitro.webapp.auth.policy.ifaces.PolicyIface; -import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.ifaces.RequestedAction; -import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.propstmt.AddDataPropStmt; -import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.propstmt.AddObjectPropStmt; -import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.propstmt.DropDataPropStmt; -import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.propstmt.DropObjectPropStmt; -import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.resource.AddResource; -import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.resource.DropResource; -import edu.cornell.mannlib.vitro.webapp.dao.VitroVocabulary; - -/** - * This policy looks for a netid in the IdentifierBundle and will use that netid - * as a anchor in SPARQL queries. These queries are intended to specify the relations - * that allow authorization. - * - * We could use things other than SPARQL. Other possibilities: - * Some java driven code that worked with the the jena Model - * Fresnel Selector Language (FSL) - * SWRL? - * - * example of how to set up the xml: - * - * - - Example Policy - PREFIX rdf: <http://www.w3.org/1999/02/22-rdf-syntax-ns#> -PREFIX rdfs: <http://www.w3.org/2000/01/rdf-schema#> -PREFIX vivoa: <http://vivo.library.cornell.edu/abox#> -PREFIX vivo: <http://vivo.library.cornell.edu/ns/0.1#> -PREFIX vitro: <http://lowe.mannlib.cornell.edu/ns/vitro/0.1/vitro.owl#> - - - - edu.cornell.mannlib.vitro.webapp.auth.requestedAction.DropDataPropStmt - - ASK WHERE { ?subject vitro:netid ?netid } - ASK WHERE { ?object vitro:netid ?netid } - - - - edu.cornell.mannlib.vitro.webapp.auth.requestedAction.DropObjectPropStmt - - ASK WHERE { ?subject vitro:netid ?netid } - ASK WHERE { ?object vitro:netid ?netid } - - - - edu.cornell.mannlib.vitro.webapp.auth.requestedAction.AddObjectPropStmt - - ASK WHERE { ?subject vitro:netid ?netid } - ASK WHERE { ?object vitro:netid ?netid } - - - - edu.cornell.mannlib.vitro.webapp.auth.requestedAction.AddDataPropStmt - - ASK WHERE { ?subject vitro:netid ?netid } - ASK WHERE { ?object vitro:netid ?netid } - - - - - - - * @author bdc34 - * - */ -public class JenaNetidPolicy extends DefaultInconclusivePolicy implements PolicyIface { - - - protected transient Model model = ModelFactory.createDefaultModel(); - private transient HashMap queryStrToQuery = new HashMap(); - - /** human readable name for this policy */ - protected String name="Unnamed Policy"; - - /** prefixes for SPARQL queries. */ - protected String prefixes = DEFAULT_PREFIXES; - - /** Specifies the type of Authorization returned when the SPARQL query succeeds. This allows us to - * create a JenaNetidPolicy that returns UNAUTHORIZED when the some set of conditions are meet. */ - protected Authorization authForSuccessfulQuery = Authorization.AUTHORIZED; - - /** The SPARQL queries. They should all be of the type ASK and - * they should all have the variable ?netid */ - protected HashMap> actionToQueryStr = new HashMap>(); - - /* *************************** Constructors ******************************* */ - - /** - * See JenaNetidPolicy.setupDefault() for the sparql queries that will - * be used by the default JenaNetidPolicy. - */ - public JenaNetidPolicy(Model model){ - if( model == null ){ - this.model = ModelFactory.createDefaultModel(); - }else{ - this.model = model; - } - setupDefault(); - } - - /** - * Loads sparql statements for policy from a JSON text file. - * - * @param model - * @param sparqlStmts - */ - public JenaNetidPolicy(Model model, InputStream policySpec){ - this(model, policySpec, Authorization.AUTHORIZED); - } - - /* - * Load xml policy files with this.getClass().getResourceAsStream() - * Notice that / is the path seperator and strings that lack - * a leading slash are relative to the package of the this.getClass(). - */ - public JenaNetidPolicy(Model model, String resource){ - this(model, JenaNetidPolicy.class.getResourceAsStream(resource)); - } - - public JenaNetidPolicy(Model model, InputStream policySpec, Authorization authForSuccessfulQuery){ - this.authForSuccessfulQuery = authForSuccessfulQuery; - XStream x = new XStream(new DomDriver()); - //XStream x = new XStream(); - JenaNetidPolicy jnip =(JenaNetidPolicy) x.fromXML( policySpec ); - this.actionToQueryStr = jnip.actionToQueryStr; - this.prefixes = jnip.prefixes; - this.name = jnip.name; - this.model = model; - } - - /* *********************** Methods ************************************ */ - @Override - public PolicyDecision isAuthorized(IdentifierBundle whoToAuth, - RequestedAction whatToAuth) { - BasicPolicyDecision pd = new BasicPolicyDecision(Authorization.INCONCLUSIVE,"not yet set"); - if( whoToAuth == null ) - return pd.setMessage("whoToAuth was null"); - if(whatToAuth == null) - return pd.setMessage("whatToAuth was null"); - - String netid = getNetid(whoToAuth); - if (netid == null) - return pd.setMessage("Unable to get netid from IdBundle"); - - if (whatToAuth instanceof AddResource) { - return visit(whoToAuth, (AddResource) whatToAuth); - } else if (whatToAuth instanceof DropResource) { - return visit(whoToAuth, (DropResource) whatToAuth); - } else if (whatToAuth instanceof AddObjectPropStmt) { - return visit(whoToAuth, (AddObjectPropStmt) whatToAuth); - } else if (whatToAuth instanceof DropObjectPropStmt) { - return visit(whoToAuth, (DropObjectPropStmt) whatToAuth); - } else if (whatToAuth instanceof AddDataPropStmt) { - return visit(whoToAuth, (AddDataPropStmt) whatToAuth); - } else if (whatToAuth instanceof DropDataPropStmt) { - return visit(whoToAuth, (DropDataPropStmt) whatToAuth); - } else { - return UNAUTH; - } - } - - /* ************************* visit methods ************************** */ - private PolicyDecision visit(IdentifierBundle ids, AddResource action) { - log.debug("doing AddResource"); - - List queryStrs = actionToQueryStr.get(action.getClass().getName()); - if( queryStrs == null || queryStrs.size() ==0 ) - return new BasicPolicyDecision(Authorization.INCONCLUSIVE, - "no queryies found for action" + action.getClass().getName()); - - QuerySolutionMap parameters = new QuerySolutionMap(); - parameters.add("netid", model.createLiteral( getNetid(ids) )); - parameters.add("subject",model.createResource( action.getSubjectUri() )); - - return doQueries(queryStrs,parameters,action); - } - - private PolicyDecision visit(IdentifierBundle ids, DropResource action) { - log.debug("doing DropResource"); - - List queryStrs = actionToQueryStr.get(action.getClass().getName()); - if( queryStrs == null || queryStrs.size() ==0 ) - return new BasicPolicyDecision(Authorization.INCONCLUSIVE, - "no queryies found for action" + action.getClass().getName()); - - QuerySolutionMap parameters = new QuerySolutionMap(); - parameters.add("netid", model.createLiteral( getNetid(ids) )); - parameters.add("subject",model.createResource( action.getSubjectUri() )); - - return doQueries(queryStrs,parameters,action); - } - - private PolicyDecision visit(IdentifierBundle ids, AddObjectPropStmt action) { - log.debug("doing AddObjectPropStmt in visit()"); - - List queryStrs = actionToQueryStr.get(action.getClass().getName()); - if( queryStrs == null || queryStrs.size() ==0 ) - return new BasicPolicyDecision(Authorization.INCONCLUSIVE, - "no queryies found for action" + action.getClass().getName()); - - QuerySolutionMap parameters = new QuerySolutionMap(); - parameters.add("netid", model.createLiteral( getNetid(ids) )); - parameters.add("subject",model.createResource( action.getUriOfSubject() )) ; - parameters.add("object", model.createResource( action.getUriOfObject() )) ; - parameters.add("predicate", model.createResource( action.getUriOfPredicate() )) ; - - return doQueries(queryStrs,parameters,action); - } - - private PolicyDecision visit(IdentifierBundle ids, DropObjectPropStmt action) { - log.debug("doing DropObjectPropStmt"); - - List queryStrs = actionToQueryStr.get(action.getClass().getName()); - if( queryStrs == null || queryStrs.size() ==0 ) - return new BasicPolicyDecision(Authorization.INCONCLUSIVE, - "no queryies found for action" + action.getClass().getName()); - - QuerySolutionMap parameters = new QuerySolutionMap(); - parameters.add("netid", model.createLiteral( getNetid(ids) )); - parameters.add("subject",model.createResource( action.getUriOfSubject() )) ; - parameters.add("object", model.createResource( action.getUriOfObject() )) ; - parameters.add("predicate", model.createResource( action.getUriOfPredicate() )) ; - - return doQueries(queryStrs,parameters,action); - } - - private PolicyDecision visit(IdentifierBundle ids, AddDataPropStmt action) { - log.debug("doing AddDataPropStmt"); - - List queryStrs = actionToQueryStr.get(action.getClass().getName()); - if( queryStrs == null || queryStrs.size() ==0 ) - return new BasicPolicyDecision(Authorization.INCONCLUSIVE, - "no queryies found for action" + action.getClass().getName()); - - QuerySolutionMap parameters = new QuerySolutionMap(); - parameters.add("netid", model.createLiteral( getNetid(ids) )); - parameters.add("subject",model.createResource( action.getSubjectUri() )) ; - parameters.add("predicate", model.createResource( action.getPredicateUri() )) ; - parameters.add("literalValue", model.createLiteral(action.getData() )); - return doQueries(queryStrs,parameters,action); - } - - private PolicyDecision visit(IdentifierBundle ids, DropDataPropStmt action) { - log.debug("doing DropDataPropStmt"); - - List queryStrs = actionToQueryStr.get(action.getClass().getName()); - if( queryStrs == null || queryStrs.size() ==0 ) - return new BasicPolicyDecision(Authorization.INCONCLUSIVE, - "no queries found for action" + action.getClass().getName()); - - QuerySolutionMap parameters = new QuerySolutionMap(); - parameters.add("netid", model.createLiteral( getNetid(ids) )); - parameters.add("subject",model.createResource( action.getSubjectUri() )) ; - parameters.add("predicate", model.createResource( action.getPredicateUri() )) ; - parameters.add("literalValue", model.createLiteral(action.data() )); // caution: will always do untyped things - return doQueries(queryStrs,parameters,action); - } - - - /* ******************************** utilities ****************************** */ - private PolicyDecision doQueries(ListqueryStrs, QuerySolutionMap parameters, RequestedAction action){ - SparqlPolicyDecision pd = new SparqlPolicyDecision(Authorization.INCONCLUSIVE,""); - for(String quStr : queryStrs){ - - Query query = getQueryForQueryStr(quStr); - pd.setQuery(query); - QueryExecution qexec = QueryExecutionFactory.create(query, model, parameters); - pd.setQexec(qexec); - - boolean pathFound = qexec.execAsk(); - if( pathFound ){ - pd.setAuthorized(authForSuccessfulQuery); - pd.setMessage(action.getClass().getName() + " permited by " + quStr); - if( log.isDebugEnabled()){ - log.debug(action.getClass().getName() + " permited by " + quStr); - log.debug(query); - } - break; - } else { - if( log.isDebugEnabled()){ - log.debug(action.getClass().getName() + " no results for " + query); - log.debug(query); - } - } - } - return pd; - } - - private Query getQueryForQueryStr(String queryStr){ - Query q = queryStrToQuery.get(queryStr); - if( q == null ){ - q = QueryFactory.create(prefixes + queryStr); - queryStrToQuery.put(queryStr, q); - } - return q; - } - - private String getNetid(IdentifierBundle whoToAuth) { - String netidStr = null; - for(Identifier id : whoToAuth){ - if (id instanceof NetId) { - NetId netid = (NetId) id; - netidStr = netid.getValue(); - break; - } - } - if( log.isDebugEnabled() ) - log.debug("netid was " + (netidStr!=null?netidStr:"null") ); - return netidStr; - } - - /** - * An inner class used to setup everything that's needed for - * a JenaNetidPolicy. This setups the JenaNetidPolicy and a - * SelfEditingIdentifierFactory. - * - * @author bdc34 - * - */ - public static class ContextSetup implements ServletContextListener { - @Override - public void contextInitialized(ServletContextEvent sce) { - try{ - log.trace("Setting up JenaNetidPolicy"); - - Model model = (Model) sce.getServletContext().getAttribute("jenaOntModel"); - if( model == null ){ - log.error("could not get jenaOntModel from JenaBaseDao, JenaNetidPolicy will not work"); - } - - ServletPolicyList.addPolicy(sce.getServletContext(), new JenaNetidPolicy(model)); - - ActiveIdentifierBundleFactories.addFactory(sce, new SelfEditingIdentifierFactory()); - }catch(Exception e){ - log.error("could not create AuthorizationFactory: " + e); - e.printStackTrace(); - } - } - @Override - public void contextDestroyed(ServletContextEvent sce) { /*nothing*/ } - - } - - private void setupDefault(){ - // --- AddObjectPropStmt --- - // may have 4 parameters: netid, object, predicate, and subject. - ArrayList queries = new ArrayList(); - queries.add( "ASK WHERE { ?subject vitro:netid ?netid }"); - queries.add( "ASK WHERE { ?object vitro:netid ?netid }"); - actionToQueryStr.put( AddObjectPropStmt.class.getName(), queries); - // --- DropObjectPropStmt --- - queries = new ArrayList(); - queries.add( "ASK WHERE { ?subject vitro:netid ?netid }"); - queries.add( "ASK WHERE { ?object vitro:netid ?netid }"); - actionToQueryStr.put( DropObjectPropStmt.class.getName(), queries); - - // --- DropDataPropStmt --- - queries = new ArrayList(); - queries.add( "ASK WHERE { ?subject vitro:netid ?netid }"); - queries.add( "ASK WHERE { ?object vitro:netid ?netid }"); - actionToQueryStr.put( DropDataPropStmt.class.getName(), queries); - // --- AddDataPropStmt --- - queries = new ArrayList(); - queries.add( "ASK WHERE { ?subject vitro:netid ?netid }"); - queries.add( "ASK WHERE { ?object vitro:netid ?netid }"); - actionToQueryStr.put( AddDataPropStmt.class.getName(), queries); - - // --- DropResource --- - queries = new ArrayList(); - queries.add( "ASK WHERE { ?subject vitro:netid ?netid }"); - queries.add( "ASK WHERE { ?object vitro:netid ?netid }"); - actionToQueryStr.put( DropObjectPropStmt.class.getName(), queries); - // --- AddResource --- - queries = new ArrayList(); - queries.add( "ASK WHERE { ?subject vitro:netid ?netid }"); - queries.add( "ASK WHERE { ?object vitro:netid ?netid }"); - actionToQueryStr.put( DropObjectPropStmt.class.getName(), queries); - } - - public final static String netIdPropUri = VitroVocabulary.vitroURI+ "netid"; - private static final Log log = LogFactory.getLog(JenaNetidPolicy.class.getName()); - public final static String DEFAULT_PREFIXES = - "PREFIX rdf: \n"+ - "PREFIX rdfs: \n"+ - "PREFIX vivoa: \n"+ - "PREFIX vivo: \n"+ - "PREFIX vitro: <"+ VitroVocabulary.vitroURI+">\n"; - - private final PolicyDecision UNAUTH = new BasicPolicyDecision( - Authorization.UNAUTHORIZED, - "JenaNetidPolicy doesn't authorize admin or onto editing actions"); - -} diff --git a/webapp/src/edu/cornell/mannlib/vitro/webapp/auth/policy/SparqlPolicy.java b/webapp/src/edu/cornell/mannlib/vitro/webapp/auth/policy/SparqlPolicy.java deleted file mode 100644 index 6184f671a..000000000 --- a/webapp/src/edu/cornell/mannlib/vitro/webapp/auth/policy/SparqlPolicy.java +++ /dev/null @@ -1,264 +0,0 @@ -/* $This file is distributed under the terms of the license in /doc/license.txt$ */ - -package edu.cornell.mannlib.vitro.webapp.auth.policy; - -import java.io.InputStream; -import java.util.HashMap; -import java.util.List; - -import org.apache.commons.logging.Log; -import org.apache.commons.logging.LogFactory; - -import com.hp.hpl.jena.query.Query; -import com.hp.hpl.jena.query.QueryExecution; -import com.hp.hpl.jena.query.QueryExecutionFactory; -import com.hp.hpl.jena.query.QueryFactory; -import com.hp.hpl.jena.query.QuerySolutionMap; -import com.hp.hpl.jena.rdf.model.Model; -import com.hp.hpl.jena.rdf.model.ModelFactory; -import com.thoughtworks.xstream.XStream; -import com.thoughtworks.xstream.io.xml.DomDriver; - -import edu.cornell.mannlib.vitro.webapp.auth.identifier.IdentifierBundle; -import edu.cornell.mannlib.vitro.webapp.auth.policy.ifaces.Authorization; -import edu.cornell.mannlib.vitro.webapp.auth.policy.ifaces.DefaultInconclusivePolicy; -import edu.cornell.mannlib.vitro.webapp.auth.policy.ifaces.PolicyDecision; -import edu.cornell.mannlib.vitro.webapp.auth.policy.ifaces.PolicyIface; -import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.admin.UploadFile; -import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.ifaces.RequestedAction; -import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.propstmt.AddDataPropStmt; -import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.propstmt.AddObjectPropStmt; -import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.propstmt.DropDataPropStmt; -import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.propstmt.DropObjectPropStmt; -import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.propstmt.EditDataPropStmt; -import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.propstmt.EditObjPropStmt; -import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.resource.AddResource; -import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.resource.DropResource; - -/** - * This policy maps strings in the IdentifierBundle to a QuerySolutioinMap in order - * to bind identifiers with unbound variables in SPARQL queries. - * These queries are intended to specify the relations that allow authorization. - * If the query return no rows will be interpreted as unauthorized and a - * query returning one or more rows will be interpreted as authorized. - * - * @author bdc34 - * - */ -public class SparqlPolicy extends DefaultInconclusivePolicy implements PolicyIface{ - protected Model model = ModelFactory.createDefaultModel(); - private HashMap queryStrToQuery = new HashMap(); - - /** human readable name for this policy */ - protected String name="Unnamed Policy"; - - /** prefixes for SPARQL queries. */ - protected String prefixes = ""; - - /** The SPARQL queries. They should all be of the type ASK */ - protected HashMap> actionToQueryStr = new HashMap>(); - - /** Function to transform identifiers into a QuerySolutionMap */ - private Ids2QueryBindings binder; - - private String resource = null; - - /** - * Load XML policy files with this.getClass().getResourceAsStream() - * Notice that / is the path separator and strings that lack - * a leading slash are relative to the package of the this.getClass(). - */ - public SparqlPolicy(Model model, Ids2QueryBindings binder, String resource){ - if( model == null ) - throw new IllegalArgumentException("model must not be null."); - if( binder == null ) - throw new IllegalArgumentException("binder must not be null."); - if( resource == null ) - throw new IllegalArgumentException("resource must not be null."); - - this.model = model; - this.binder = binder; - this.resource = resource; - loadPolicy(); - } - - public void loadPolicy(){ - InputStream policySpec = SparqlPolicy.class.getResourceAsStream(resource); - XStream x = new XStream(new DomDriver()); - SparqlPolicy jnip =(SparqlPolicy) x.fromXML( policySpec ); - this.actionToQueryStr = jnip.actionToQueryStr; - this.prefixes = jnip.prefixes; - this.name = jnip.name; - try{ - policySpec.close(); - }catch(Throwable th){/*ignore it?*/} - } - - /* *********************** Methods ************************************ */ - @Override - public PolicyDecision isAuthorized(IdentifierBundle whoToAuth, - RequestedAction whatToAuth) { - if( whoToAuth == null ) - return new BasicPolicyDecision(Authorization.INCONCLUSIVE,"whoToAuth was null"); - if(whatToAuth == null) - return new BasicPolicyDecision(Authorization.INCONCLUSIVE,"whatToAuth was null"); - List queryStrs = actionToQueryStr.get(whatToAuth.getClass().getName()); - if( queryStrs == null || queryStrs.size() ==0 ) - return new BasicPolicyDecision(Authorization.INCONCLUSIVE, - "no queryies found for action" + whatToAuth.getClass().getName()); - - if (whatToAuth instanceof AddObjectPropStmt) { - return visit(whoToAuth, (AddObjectPropStmt) whatToAuth); - } else if (whatToAuth instanceof DropResource) { - return visit(whoToAuth, (DropResource) whatToAuth); - } else if (whatToAuth instanceof DropDataPropStmt) { - return visit(whoToAuth, (DropDataPropStmt) whatToAuth); - } else if (whatToAuth instanceof DropObjectPropStmt) { - return visit(whoToAuth, (DropObjectPropStmt) whatToAuth); - } else if (whatToAuth instanceof AddResource) { - return visit(whoToAuth, (AddResource) whatToAuth); - } else if (whatToAuth instanceof AddDataPropStmt) { - return visit(whoToAuth, (AddDataPropStmt) whatToAuth); - } else if (whatToAuth instanceof UploadFile) { - return visit(whoToAuth, (UploadFile) whatToAuth); - } else if (whatToAuth instanceof EditDataPropStmt) { - return visit(whoToAuth, (EditDataPropStmt) whatToAuth); - } else if (whatToAuth instanceof EditObjPropStmt) { - return visit(whoToAuth, (EditObjPropStmt) whatToAuth); - } else { - return UNAUTH; - } - } - - private PolicyDecision doQueries(ListqueryStrs, IdentifierBundle ids, RequestedAction action){ - SparqlPolicyDecision pd = new SparqlPolicyDecision(Authorization.INCONCLUSIVE,""); - List bindings = binder.makeScopeBinding(ids, action); - for( QuerySolutionMap scope: bindings ){ - for(String quStr : queryStrs){ - Query query = getQueryForQueryStr(quStr); - pd.setQuery(query); - QueryExecution qexec = QueryExecutionFactory.create(query, model, scope); - pd.setQexec(qexec); - boolean pathFound = qexec.execAsk(); - if( pathFound ){ - pd.setAuthorized(Authorization.AUTHORIZED); - pd.setMessage(action.getClass().getName() + " permited by " + quStr); - if( log.isDebugEnabled()){ - log.debug(action.getClass().getName() + " permited by " + quStr); - log.debug(query); - } - return pd; - } else { - if( log.isDebugEnabled()){ - log.debug(action.getClass().getName() + " no results for " + query); - log.debug(query); - } - } - } - } - return pd; - } - - private Query getQueryForQueryStr(String queryStr){ - //memoize queries - Query q = queryStrToQuery.get(queryStr); - if( q == null ){ - q = QueryFactory.create(prefixes + queryStr); - queryStrToQuery.put(queryStr, q); - } - return q; - } - - /* ***************** Visit methods ********************** */ - private final String pkg = "edu.cornell.mannlib.vitro.webapp.auth.requestedAction."; - - private PolicyDecision visit(IdentifierBundle ids, AddObjectPropStmt action) { - return doQueries(actionToQueryStr.get(pkg +"AddObjectPropStmt"),ids,action); - } - - private PolicyDecision visit(IdentifierBundle ids, DropResource action) { - return doQueries(actionToQueryStr.get(pkg +"DropResource"),ids,action); - } - - private PolicyDecision visit(IdentifierBundle ids, DropDataPropStmt action) { - return doQueries(actionToQueryStr.get(pkg +"DropDataPropStmt"),ids,action); - } - - private PolicyDecision visit(IdentifierBundle ids, DropObjectPropStmt action) { - return doQueries(actionToQueryStr.get(pkg +"DropObjectPropStmt"),ids,action); - } - - private PolicyDecision visit(IdentifierBundle ids, AddResource action) { - return doQueries(actionToQueryStr.get(pkg +"AddResource"),ids,action); - } - - private PolicyDecision visit(IdentifierBundle ids, AddDataPropStmt action) { - return doQueries(actionToQueryStr.get(pkg +"AddDataPropStmt"),ids,action); - } - - private PolicyDecision visit(IdentifierBundle ids, UploadFile action) { - return doQueries(actionToQueryStr.get(pkg +"UploadFile"),ids,action); - } - - private PolicyDecision visit(IdentifierBundle ids, EditDataPropStmt action) { - return doQueries(actionToQueryStr.get(pkg +"EditDataPropStmt"),ids,action); - } - - private PolicyDecision visit(IdentifierBundle ids, EditObjPropStmt action) { - return doQueries(actionToQueryStr.get(pkg +"EditObjPropStmt"),ids,action); - } - - private static final Log log = LogFactory.getLog(SparqlPolicy.class.getName()); - - private final PolicyDecision UNAUTH = new BasicPolicyDecision( - Authorization.UNAUTHORIZED, - name + " SparqlPolicy doesn't authorize admin or onto editing actions"); - -/* - * example of how to set up the xml: - * - * - - - Example Policy - PREFIX rdf: <http://www.w3.org/1999/02/22-rdf-syntax-ns#> -PREFIX rdfs: <http://www.w3.org/2000/01/rdf-schema#> -PREFIX vivoa: <http://vivo.library.cornell.edu/abox#> -PREFIX vivo: <http://vivo.library.cornell.edu/ns/0.1#> -PREFIX vitro: <http://lowe.mannlib.cornell.edu/ns/vitro/0.1/vitro.owl#> - - - - edu.cornell.mannlib.vitro.webapp.auth.requestedAction.DropDataPropStmt - - ASK WHERE { ?subject vitro:netid ?netid } - ASK WHERE { ?object vitro:netid ?netid } - - - - edu.cornell.mannlib.vitro.webapp.auth.requestedAction.DropObjectPropStmt - - ASK WHERE { ?subject vitro:netid ?netid } - ASK WHERE { ?object vitro:netid ?netid } - - - - edu.cornell.mannlib.vitro.webapp.auth.requestedAction.AddObjectPropStmt - - ASK WHERE { ?subject vitro:netid ?netid } - ASK WHERE { ?object vitro:netid ?netid } - - - - edu.cornell.mannlib.vitro.webapp.auth.requestedAction.AddDataPropStmt - - ASK WHERE { ?subject vitro:netid ?netid } - ASK WHERE { ?object vitro:netid ?netid } - - - - - - - */ -} diff --git a/webapp/src/edu/cornell/mannlib/vitro/webapp/auth/policy/SparqlPolicyDecision.java b/webapp/src/edu/cornell/mannlib/vitro/webapp/auth/policy/SparqlPolicyDecision.java deleted file mode 100644 index 05abf69b2..000000000 --- a/webapp/src/edu/cornell/mannlib/vitro/webapp/auth/policy/SparqlPolicyDecision.java +++ /dev/null @@ -1,61 +0,0 @@ -/* $This file is distributed under the terms of the license in /doc/license.txt$ */ - -package edu.cornell.mannlib.vitro.webapp.auth.policy; - -import com.hp.hpl.jena.query.Query; -import com.hp.hpl.jena.query.QueryExecution; - -import edu.cornell.mannlib.vitro.webapp.auth.policy.ifaces.Authorization; - -/** - * Extends the BasicPolicyDecision with additional debugging information about the - * sparql queries that were run to create the decision. - * - * @author bdc34 - * - */ -public class SparqlPolicyDecision extends BasicPolicyDecision { - Query query = null; - QueryExecution qexec = null; - - public SparqlPolicyDecision(Authorization authorized, String message) { - super(authorized, message); - } - - public QueryExecution getQexec() { - return qexec; - } - - public void setQexec(QueryExecution qexec) { - this.qexec = qexec; - } - - public Query getQuery() { - return query; - } - - public void setQuery(Query query) { - this.query = query; - } - - @Override - public String getDebuggingInfo() { - String msg = ""; - if( super.getDebuggingInfo() != null && super.getDebuggingInfo().length() > 0) - msg = super.getDebuggingInfo() + '\n'; - - if( query != null ) - msg= msg + "query: \n" + query.toString() + '\n'; - else - msg = msg + " query was null \n"; - - if( qexec != null ) - msg = msg + "query exec: \n" + qexec.toString(); - else - msg = msg + " query exec was null \n"; - - return msg; - } - - -} diff --git a/webapp/src/edu/cornell/mannlib/vitro/webapp/auth/policy/setup/JenaNetidPolicySetup.java b/webapp/src/edu/cornell/mannlib/vitro/webapp/auth/policy/setup/JenaNetidPolicySetup.java deleted file mode 100644 index 29810e6de..000000000 --- a/webapp/src/edu/cornell/mannlib/vitro/webapp/auth/policy/setup/JenaNetidPolicySetup.java +++ /dev/null @@ -1,55 +0,0 @@ -/* $This file is distributed under the terms of the license in /doc/license.txt$ */ - -package edu.cornell.mannlib.vitro.webapp.auth.policy.setup; - -import javax.servlet.ServletContextEvent; -import javax.servlet.ServletContextListener; - -import org.apache.commons.logging.Log; -import org.apache.commons.logging.LogFactory; - -import com.hp.hpl.jena.ontology.OntModel; - -import edu.cornell.mannlib.vitro.webapp.auth.identifier.ActiveIdentifierBundleFactories; -import edu.cornell.mannlib.vitro.webapp.auth.identifier.SelfEditingIdentifierFactory; -import edu.cornell.mannlib.vitro.webapp.auth.policy.JenaNetidPolicy; -import edu.cornell.mannlib.vitro.webapp.auth.policy.ServletPolicyList; - -/** - * Class used to setup a JenaNetidPolicy using the default. - * This setups the JenaNetidPolicy and a SelfEditingIdentifierFactory. - * - * See JenaNetidPolicy.setupDefault() for the sparql queries that will - * be used by the default JenaNetidPolicy. - * - * @author bdc34 - * - */ -public class JenaNetidPolicySetup implements ServletContextListener { - - private static final Log log = LogFactory.getLog(JenaNetidPolicySetup.class.getName()); - - @Override - public void contextInitialized(ServletContextEvent sce) { - try{ - log.debug("Setting up JenaNetidPolicy"); - - JenaNetidPolicy jnip = new JenaNetidPolicy((OntModel) sce.getServletContext().getAttribute("jenaOntModel")); - ServletPolicyList.addPolicy(sce.getServletContext(), jnip); - - SelfEditingIdentifierFactory niif =new SelfEditingIdentifierFactory(); - ActiveIdentifierBundleFactories.addFactory(sce, niif); - - }catch(Exception e){ - log.error("could not create AuthorizationFactory: " + e); - e.printStackTrace(); - } - } - - @Override - public void contextDestroyed(ServletContextEvent sce) { - /*nothing*/ - } - -} - diff --git a/webapp/test/edu/cornell/mannlib/vitro/webapp/auth/policy/JenaNetidPolicyTest.java b/webapp/test/edu/cornell/mannlib/vitro/webapp/auth/policy/JenaNetidPolicyTest.java deleted file mode 100644 index 0f6827722..000000000 --- a/webapp/test/edu/cornell/mannlib/vitro/webapp/auth/policy/JenaNetidPolicyTest.java +++ /dev/null @@ -1,228 +0,0 @@ -/* $This file is distributed under the terms of the license in /doc/license.txt$ */ - -package edu.cornell.mannlib.vitro.webapp.auth.policy; - -import static org.junit.Assert.assertEquals; -import static org.junit.Assert.assertNotNull; -import static org.junit.Assert.assertTrue; - -import java.io.InputStream; - -import org.apache.log4j.Level; -import org.junit.BeforeClass; -import org.junit.Test; - -import com.hp.hpl.jena.ontology.OntModel; -import com.hp.hpl.jena.ontology.OntModelSpec; -import com.hp.hpl.jena.rdf.model.Model; -import com.hp.hpl.jena.rdf.model.ModelFactory; -import com.hp.hpl.jena.rdf.model.impl.RDFDefaultErrorHandler; - -import edu.cornell.mannlib.vitro.testing.AbstractTestClass; -import edu.cornell.mannlib.vitro.webapp.auth.identifier.ArrayIdentifierBundle; -import edu.cornell.mannlib.vitro.webapp.auth.identifier.IdentifierBundle; -import edu.cornell.mannlib.vitro.webapp.auth.identifier.SelfEditingIdentifierFactory; -import edu.cornell.mannlib.vitro.webapp.auth.policy.ifaces.Authorization; -import edu.cornell.mannlib.vitro.webapp.auth.policy.ifaces.PolicyDecision; -import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.ifaces.RequestedAction; -import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.propstmt.AddDataPropStmt; -import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.propstmt.AddObjectPropStmt; -import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.propstmt.DropDataPropStmt; -import edu.cornell.mannlib.vitro.webapp.beans.DataPropertyStatementImpl; - -/** - * Simple test of JenaNetidPolicyTest that uses the ExamplePolicy.xml - * It expects that the model will have the resource - * will have - * the datatype property vitro:netid of "bdc34". - * - * @author bdc34 - * - */ - -public class JenaNetidPolicyTest extends AbstractTestClass { - static transient JenaNetidPolicy jniPolicy; - static transient JenaNetidPolicy unAuthPolicy; - static transient Model model; - static IdentifierBundle idb; - - static String onts[] ={ - "/testontologies/smallVivo-20070809.owl", - "/testontologies/vitro1.owl", - "/testontologies/vivo-users.owl" - }; - - - /* - * Loading files with this.getClass().getResourceAsStream() - * Notice that / is the path seperator and strings that lack - * a leading slash are relative to the package of the this.getClass(). - */ - @BeforeClass - public static void setUpForClass() throws Exception { - // Suppress warnings from creating default model. - setLoggerLevel(RDFDefaultErrorHandler.class, Level.OFF); - model = ModelFactory.createDefaultModel(); - - for( String ont : onts){ - InputStream in = JenaNetidPolicyTest.class.getResourceAsStream(ont); - model.read(in,null); - in.close(); - } - OntModel ontModel = ModelFactory.createOntologyModel(ONT_MODEL_SPEC,model); - ontModel.prepare(); - - InputStream in = JenaNetidPolicyTest.class.getResourceAsStream("resources/examplePolicy.xml"); - jniPolicy = new JenaNetidPolicy(model,in); - in.close(); - - in = JenaNetidPolicyTest.class.getResourceAsStream("resources/examplePolicy.xml"); - unAuthPolicy = new JenaNetidPolicy(model,in, Authorization.UNAUTHORIZED); - in.close(); - - idb = new ArrayIdentifierBundle(); - idb.add(new SelfEditingIdentifierFactory.NetId("bdc34")); - } - - @Test public void testOfSetupFromXml(){ - assertNotNull(model); - JenaNetidPolicy j = jniPolicy; - assertNotNull(j); - assertNotNull(j.model); - assertNotNull(j.prefixes); - assertNotNull( j.actionToQueryStr ); - assertNotNull(j.name); - assertEquals(j.name, "Example Policy"); - assertTrue(j.prefixes.length() > 0); - assertTrue( j.actionToQueryStr.size() > 0); - } - - @Test public void testAddDataProps(){ - RequestedAction act; PolicyDecision pd; - - act = new AddDataPropStmt( - "http://some.non.existing.resource", - "http://some.non.existing.dataproperty", - "bogus value", null, null); - pd = jniPolicy.isAuthorized(idb, act); - assertNotNull(pd); - assertTrue( "authorization was " + pd.getAuthorized() + - '\n' + pd.getDebuggingInfo(), - pd.getAuthorized() == Authorization.INCONCLUSIVE); - - pd = unAuthPolicy.isAuthorized(idb, act); - assertNotNull(pd); - assertTrue( "authorization was " + pd.getAuthorized() + - '\n' + pd.getDebuggingInfo(), - pd.getAuthorized() == Authorization.INCONCLUSIVE); - } - - @Test public void testAddDataProps2(){ - RequestedAction act; PolicyDecision pd; - - act = new AddDataPropStmt( - "http://vivo.library.cornell.edu/abox#entity11821", - "vitro:description", - "a description of some kind.", null, null); - pd = jniPolicy.isAuthorized(idb, act); - assertNotNull(pd); - assertTrue("authorization was " + pd.getAuthorized() + - '\n' + pd.getDebuggingInfo(), - pd.getAuthorized() == Authorization.AUTHORIZED); - - pd = unAuthPolicy.isAuthorized(idb, act); - assertNotNull(pd); - assertTrue( "authorization was " + pd.getAuthorized() + - '\n' + pd.getDebuggingInfo(), - pd.getAuthorized() == Authorization.UNAUTHORIZED); - } - - @Test public void testDropDataProps1(){ - RequestedAction act; PolicyDecision pd; - - DataPropertyStatementImpl dp = new DataPropertyStatementImpl(); - dp.setIndividualURI("http://vivo.library.cornell.edu/abox#entity11821"); - dp.setData("a description of some kind."); - dp.setDatapropURI("vitro:description"); - act = new DropDataPropStmt( dp ); - - pd = jniPolicy.isAuthorized(idb, act); - assertNotNull(pd); - assertTrue("authorization was " + pd.getAuthorized() + - '\n' + pd.getDebuggingInfo(), - pd.getAuthorized() == Authorization.AUTHORIZED); - - pd = unAuthPolicy.isAuthorized(idb, act); - assertNotNull(pd); - assertTrue( "authorization was " + pd.getAuthorized() + - '\n' + pd.getDebuggingInfo(), - pd.getAuthorized() == Authorization.UNAUTHORIZED); - } - - @Test public void testDropDataProps2(){ - RequestedAction act; PolicyDecision pd; - - DataPropertyStatementImpl dp = new DataPropertyStatementImpl(); - dp.setIndividualURI("http://mannlib.cornell.edu/non.existing.resource"); - dp.setData("a description of some kind."); - dp.setDatapropURI("vitro:description"); - act = new DropDataPropStmt( dp ); - - pd = jniPolicy.isAuthorized(idb, act); - assertNotNull(pd); - assertTrue("authorization was " + pd.getAuthorized() + - '\n' + pd.getDebuggingInfo(), - pd.getAuthorized() == Authorization.INCONCLUSIVE); - - pd = unAuthPolicy.isAuthorized(idb, act); - assertNotNull(pd); - assertTrue( "authorization was " + pd.getAuthorized() + - '\n' + pd.getDebuggingInfo(), - pd.getAuthorized() == Authorization.INCONCLUSIVE); - - } - - @Test public void testObjectProps(){ - RequestedAction act = new AddObjectPropStmt( - "http://vivo.library.cornell.edu/abox#entity11821", - "vitro:headOf", - "http://vivo.library.cornell.edu/abox#entity1"); - PolicyDecision pd = jniPolicy.isAuthorized(idb, act); - assertNotNull(pd); - assertTrue("authorization was " + pd.getAuthorized(), - pd.getAuthorized() == Authorization.AUTHORIZED); - - pd = unAuthPolicy.isAuthorized(idb, act); - assertNotNull(pd); - assertTrue( "authorization was " + pd.getAuthorized() + - '\n' + pd.getDebuggingInfo(), - pd.getAuthorized() == Authorization.UNAUTHORIZED); - - act = new AddObjectPropStmt( - "http://vivo.library.cornell.edu/abox#entity123", - "vitro:headOf", - "http://vivo.library.cornell.edu/abox#entity1"); - pd = jniPolicy.isAuthorized(idb, act); - assertNotNull(pd); - assertTrue("authorization was " + pd.getAuthorized(), - pd.getAuthorized() == Authorization.INCONCLUSIVE); - - pd = unAuthPolicy.isAuthorized(idb, act); - assertNotNull(pd); - assertTrue( "authorization was " + pd.getAuthorized() + - '\n' + pd.getDebuggingInfo(), - pd.getAuthorized() == Authorization.INCONCLUSIVE); - } - -// static String ONTOLOGY_ADDR = "http://caruso.mannlib.cornell.edu/xml/rdf/smallVivo-20070809.owl"; -// static String VITRO_ADDR = "http://ivy.mannlib.cornell.edu/ontologies/vitro/vitro1.owl"; -// static String USERS_ADDR = "http://ivy.mannlib.cornell.edu/ontologies/vivo/vivo-users.owl"; - //String ONTOLOGY_ADDR = "http://lowe.mannlib.cornell.edu/ontologies/fao/geopolitical_Ontology_v_0_2.owl"; - //String ONTOLOGY_ADDR = "http://lowe.mannlib.cornell.edu/ontologies/fao/languagecode.owl"; - //String ONTOLOGY_ADDR = "http://localhost/~bjl23/ontologies/VitroFacultyReporting.0.2.owl"; - - static OntModelSpec ONT_MODEL_SPEC = OntModelSpec.OWL_DL_MEM; // no additional entailment reasoning - //OntModelSpec ONT_MODEL_SPEC = OntModelSpec.OWL_MEM_MICRO_RULE_INF; // some additional OWL entailment reasoning - //OntModelSpec ONT_MODEL_SPEC = OntModelSpec.RDFS_MEM_RDFS_INF; - -} diff --git a/webapp/test/edu/cornell/mannlib/vitro/webapp/auth/policy/resources/examplePolicy.xml b/webapp/test/edu/cornell/mannlib/vitro/webapp/auth/policy/resources/examplePolicy.xml deleted file mode 100644 index 506c124d4..000000000 --- a/webapp/test/edu/cornell/mannlib/vitro/webapp/auth/policy/resources/examplePolicy.xml +++ /dev/null @@ -1,43 +0,0 @@ - - - - - Example Policy - PREFIX rdf: <http://www.w3.org/1999/02/22-rdf-syntax-ns#> -PREFIX rdfs: <http://www.w3.org/2000/01/rdf-schema#> -PREFIX vivoa: <http://vivo.library.cornell.edu/abox#> -PREFIX vivo: <http://vivo.library.cornell.edu/ns/0.1#> -PREFIX vitro: <http://lowe.mannlib.cornell.edu/ns/vitro/0.1/vitro.owl#> - - - - - edu.cornell.mannlib.vitro.webapp.auth.requestedAction.propstmt.DropObjectPropStmt - - ASK WHERE { ?subject vitro:netid ?netid } - ASK WHERE { ?object vitro:netid ?netid } - - - - edu.cornell.mannlib.vitro.webapp.auth.requestedAction.propstmt.AddObjectPropStmt - - ASK WHERE { ?subject vitro:netid ?netid } - ASK WHERE { ?object vitro:netid ?netid } - - - - - edu.cornell.mannlib.vitro.webapp.auth.requestedAction.propstmt.AddDataPropStmt - - ASK WHERE { ?subject vitro:netid ?netid } - - - - edu.cornell.mannlib.vitro.webapp.auth.requestedAction.propstmt.DropDataPropStmt - - ASK WHERE { ?subject vitro:netid ?netid } - - - - -