litvinovg/vitro
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

NIHVIVO-2299 Remove old unused policies: JenaNetidPolicy and SparqlPolicy

Browse source
This commit is contained in:
j2blake 2011-05-13 16:29:12 +00:00
parent d83382ab73
commit 095ec6d9a7
6 changed files with 0 additions and 1079 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

428
webapp/src/edu/cornell/mannlib/vitro/webapp/auth/policy/JenaNetidPolicy.java
View file

@ -1,428 +0,0 @@
/* $This file is distributed under the terms of the license in /doc/license.txt$ */
package edu.cornell.mannlib.vitro.webapp.auth.policy;
import java.io.InputStream;
import java.util.ArrayList;
import java.util.HashMap;
import java.util.List;
import javax.servlet.ServletContextEvent;
import javax.servlet.ServletContextListener;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import com.hp.hpl.jena.query.Query;
import com.hp.hpl.jena.query.QueryExecution;
import com.hp.hpl.jena.query.QueryExecutionFactory;
import com.hp.hpl.jena.query.QueryFactory;
import com.hp.hpl.jena.query.QuerySolutionMap;
import com.hp.hpl.jena.rdf.model.Model;
import com.hp.hpl.jena.rdf.model.ModelFactory;
import com.thoughtworks.xstream.XStream;
import com.thoughtworks.xstream.io.xml.DomDriver;
import edu.cornell.mannlib.vitro.webapp.auth.identifier.ActiveIdentifierBundleFactories;
import edu.cornell.mannlib.vitro.webapp.auth.identifier.Identifier;
import edu.cornell.mannlib.vitro.webapp.auth.identifier.IdentifierBundle;
import edu.cornell.mannlib.vitro.webapp.auth.identifier.SelfEditingIdentifierFactory;
import edu.cornell.mannlib.vitro.webapp.auth.identifier.SelfEditingIdentifierFactory.NetId;
import edu.cornell.mannlib.vitro.webapp.auth.policy.ifaces.Authorization;
import edu.cornell.mannlib.vitro.webapp.auth.policy.ifaces.DefaultInconclusivePolicy;
import edu.cornell.mannlib.vitro.webapp.auth.policy.ifaces.PolicyDecision;
import edu.cornell.mannlib.vitro.webapp.auth.policy.ifaces.PolicyIface;
import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.ifaces.RequestedAction;
import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.propstmt.AddDataPropStmt;
import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.propstmt.AddObjectPropStmt;
import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.propstmt.DropDataPropStmt;
import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.propstmt.DropObjectPropStmt;
import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.resource.AddResource;
import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.resource.DropResource;
import edu.cornell.mannlib.vitro.webapp.dao.VitroVocabulary;
/**
* This policy looks for a netid in the IdentifierBundle and will use that netid
* as a anchor in SPARQL queries. These queries are intended to specify the relations
* that allow authorization.
*
* We could use things other than SPARQL. Other possibilities:
* Some java driven code that worked with the the jena Model
* Fresnel Selector Language (FSL)
* SWRL?
*
* example of how to set up the xml:
*
* <code>
<edu.cornell.mannlib.vitro.webapp.auth.policy.JenaNetidPolicy>
<name>Example Policy</name>
<prefixes>PREFIX rdf: &lt;http://www.w3.org/1999/02/22-rdf-syntax-ns#&gt;
PREFIX rdfs: &lt;http://www.w3.org/2000/01/rdf-schema#&gt;
PREFIX vivoa: &lt;http://vivo.library.cornell.edu/abox#&gt;
PREFIX vivo: &lt;http://vivo.library.cornell.edu/ns/0.1#&gt;
PREFIX vitro: &lt;http://lowe.mannlib.cornell.edu/ns/vitro/0.1/vitro.owl#&gt;
</prefixes>
<actionToQueryStr>
<entry>
<string>edu.cornell.mannlib.vitro.webapp.auth.requestedAction.DropDataPropStmt</string>
<list>
<string>ASK WHERE { ?subject vitro:netid ?netid }</string>
<string>ASK WHERE { ?object vitro:netid ?netid }</string>
</list>
</entry>
<entry>
<string>edu.cornell.mannlib.vitro.webapp.auth.requestedAction.DropObjectPropStmt</string>
<list>
<string>ASK WHERE { ?subject vitro:netid ?netid }</string>
<string>ASK WHERE { ?object vitro:netid ?netid }</string>
</list>
</entry>
<entry>
<string>edu.cornell.mannlib.vitro.webapp.auth.requestedAction.AddObjectPropStmt</string>
<list>
<string>ASK WHERE { ?subject vitro:netid ?netid }</string>
<string>ASK WHERE { ?object vitro:netid ?netid }</string>
</list>
</entry>
<entry>
<string>edu.cornell.mannlib.vitro.webapp.auth.requestedAction.AddDataPropStmt</string>
<list>
<string>ASK WHERE { ?subject vitro:netid ?netid }</string>
<string>ASK WHERE { ?object vitro:netid ?netid }</string>
</list>
</entry>
</actionToQueryStr>
</edu.cornell.mannlib.vitro.webapp.auth.policy.JenaNetidPolicy>
</code>
* @author bdc34
*
*/
public class JenaNetidPolicy extends DefaultInconclusivePolicy implements PolicyIface {
protected transient Model model = ModelFactory.createDefaultModel();
private transient HashMap<String,Query> queryStrToQuery = new HashMap<String,Query>();
/** human readable name for this policy */
protected String name="Unnamed Policy";
/** prefixes for SPARQL queries. */
protected String prefixes = DEFAULT_PREFIXES;
/** Specifies the type of Authorization returned when the SPARQL query succeeds. This allows us to
* create a JenaNetidPolicy that returns UNAUTHORIZED when the some set of conditions are meet. */
protected Authorization authForSuccessfulQuery = Authorization.AUTHORIZED;
/** The SPARQL queries. They should all be of the type ASK and
* they should all have the variable ?netid */
protected HashMap<String,List<String>> actionToQueryStr = new HashMap<String,List<String>>();
/* *************************** Constructors ******************************* */
/**
* See JenaNetidPolicy.setupDefault() for the sparql queries that will
* be used by the default JenaNetidPolicy.
*/
public JenaNetidPolicy(Model model){
if( model == null ){
this.model = ModelFactory.createDefaultModel();
}else{
this.model = model;
}
setupDefault();
}
/**
* Loads sparql statements for policy from a JSON text file.
*
* @param model
* @param sparqlStmts
*/
public JenaNetidPolicy(Model model, InputStream policySpec){
this(model, policySpec, Authorization.AUTHORIZED);
}
/*
* Load xml policy files with this.getClass().getResourceAsStream()
* Notice that / is the path seperator and strings that lack
* a leading slash are relative to the package of the this.getClass().
*/
public JenaNetidPolicy(Model model, String resource){
this(model, JenaNetidPolicy.class.getResourceAsStream(resource));
}
public JenaNetidPolicy(Model model, InputStream policySpec, Authorization authForSuccessfulQuery){
this.authForSuccessfulQuery = authForSuccessfulQuery;
XStream x = new XStream(new DomDriver());
//XStream x = new XStream();
JenaNetidPolicy jnip =(JenaNetidPolicy) x.fromXML( policySpec );
this.actionToQueryStr = jnip.actionToQueryStr;
this.prefixes = jnip.prefixes;
this.name = jnip.name;
this.model = model;
}
/* *********************** Methods ************************************ */
@Override
public PolicyDecision isAuthorized(IdentifierBundle whoToAuth,
RequestedAction whatToAuth) {
BasicPolicyDecision pd = new BasicPolicyDecision(Authorization.INCONCLUSIVE,"not yet set");
if( whoToAuth == null )
return pd.setMessage("whoToAuth was null");
if(whatToAuth == null)
return pd.setMessage("whatToAuth was null");
String netid = getNetid(whoToAuth);
if (netid == null)
return pd.setMessage("Unable to get netid from IdBundle");
if (whatToAuth instanceof AddResource) {
return visit(whoToAuth, (AddResource) whatToAuth);
} else if (whatToAuth instanceof DropResource) {
return visit(whoToAuth, (DropResource) whatToAuth);
} else if (whatToAuth instanceof AddObjectPropStmt) {
return visit(whoToAuth, (AddObjectPropStmt) whatToAuth);
} else if (whatToAuth instanceof DropObjectPropStmt) {
return visit(whoToAuth, (DropObjectPropStmt) whatToAuth);
} else if (whatToAuth instanceof AddDataPropStmt) {
return visit(whoToAuth, (AddDataPropStmt) whatToAuth);
} else if (whatToAuth instanceof DropDataPropStmt) {
return visit(whoToAuth, (DropDataPropStmt) whatToAuth);
} else {
return UNAUTH;
}
}
/* ************************* visit methods ************************** */
private PolicyDecision visit(IdentifierBundle ids, AddResource action) {
log.debug("doing AddResource");
List<String> queryStrs = actionToQueryStr.get(action.getClass().getName());
if( queryStrs == null || queryStrs.size() ==0 )
return new BasicPolicyDecision(Authorization.INCONCLUSIVE,
"no queryies found for action" + action.getClass().getName());
QuerySolutionMap parameters = new QuerySolutionMap();
parameters.add("netid", model.createLiteral( getNetid(ids) ));
parameters.add("subject",model.createResource( action.getSubjectUri() ));
return doQueries(queryStrs,parameters,action);
}
private PolicyDecision visit(IdentifierBundle ids, DropResource action) {
log.debug("doing DropResource");
List<String> queryStrs = actionToQueryStr.get(action.getClass().getName());
if( queryStrs == null || queryStrs.size() ==0 )
return new BasicPolicyDecision(Authorization.INCONCLUSIVE,
"no queryies found for action" + action.getClass().getName());
QuerySolutionMap parameters = new QuerySolutionMap();
parameters.add("netid", model.createLiteral( getNetid(ids) ));
parameters.add("subject",model.createResource( action.getSubjectUri() ));
return doQueries(queryStrs,parameters,action);
}
private PolicyDecision visit(IdentifierBundle ids, AddObjectPropStmt action) {
log.debug("doing AddObjectPropStmt in visit()");
List<String> queryStrs = actionToQueryStr.get(action.getClass().getName());
if( queryStrs == null || queryStrs.size() ==0 )
return new BasicPolicyDecision(Authorization.INCONCLUSIVE,
"no queryies found for action" + action.getClass().getName());
QuerySolutionMap parameters = new QuerySolutionMap();
parameters.add("netid", model.createLiteral( getNetid(ids) ));
parameters.add("subject",model.createResource( action.getUriOfSubject() )) ;
parameters.add("object", model.createResource( action.getUriOfObject() )) ;
parameters.add("predicate", model.createResource( action.getUriOfPredicate() )) ;
return doQueries(queryStrs,parameters,action);
}
private PolicyDecision visit(IdentifierBundle ids, DropObjectPropStmt action) {
log.debug("doing DropObjectPropStmt");
List<String> queryStrs = actionToQueryStr.get(action.getClass().getName());
if( queryStrs == null || queryStrs.size() ==0 )
return new BasicPolicyDecision(Authorization.INCONCLUSIVE,
"no queryies found for action" + action.getClass().getName());
QuerySolutionMap parameters = new QuerySolutionMap();
parameters.add("netid", model.createLiteral( getNetid(ids) ));
parameters.add("subject",model.createResource( action.getUriOfSubject() )) ;
parameters.add("object", model.createResource( action.getUriOfObject() )) ;
parameters.add("predicate", model.createResource( action.getUriOfPredicate() )) ;
return doQueries(queryStrs,parameters,action);
}
private PolicyDecision visit(IdentifierBundle ids, AddDataPropStmt action) {
log.debug("doing AddDataPropStmt");
List<String> queryStrs = actionToQueryStr.get(action.getClass().getName());
if( queryStrs == null || queryStrs.size() ==0 )
return new BasicPolicyDecision(Authorization.INCONCLUSIVE,
"no queryies found for action" + action.getClass().getName());
QuerySolutionMap parameters = new QuerySolutionMap();
parameters.add("netid", model.createLiteral( getNetid(ids) ));
parameters.add("subject",model.createResource( action.getSubjectUri() )) ;
parameters.add("predicate", model.createResource( action.getPredicateUri() )) ;
parameters.add("literalValue", model.createLiteral(action.getData() ));
return doQueries(queryStrs,parameters,action);
}
private PolicyDecision visit(IdentifierBundle ids, DropDataPropStmt action) {
log.debug("doing DropDataPropStmt");
List<String> queryStrs = actionToQueryStr.get(action.getClass().getName());
if( queryStrs == null || queryStrs.size() ==0 )
return new BasicPolicyDecision(Authorization.INCONCLUSIVE,
"no queries found for action" + action.getClass().getName());
QuerySolutionMap parameters = new QuerySolutionMap();
parameters.add("netid", model.createLiteral( getNetid(ids) ));
parameters.add("subject",model.createResource( action.getSubjectUri() )) ;
parameters.add("predicate", model.createResource( action.getPredicateUri() )) ;
parameters.add("literalValue", model.createLiteral(action.data() )); // caution: will always do untyped things
return doQueries(queryStrs,parameters,action);
}
/* ******************************** utilities ****************************** */
private PolicyDecision doQueries(List<String>queryStrs, QuerySolutionMap parameters, RequestedAction action){
SparqlPolicyDecision pd = new SparqlPolicyDecision(Authorization.INCONCLUSIVE,"");
for(String quStr : queryStrs){
Query query = getQueryForQueryStr(quStr);
pd.setQuery(query);
QueryExecution qexec = QueryExecutionFactory.create(query, model, parameters);
pd.setQexec(qexec);
boolean pathFound = qexec.execAsk();
if( pathFound ){
pd.setAuthorized(authForSuccessfulQuery);
pd.setMessage(action.getClass().getName() + " permited by " + quStr);
if( log.isDebugEnabled()){
log.debug(action.getClass().getName() + " permited by " + quStr);
log.debug(query);
}
break;
} else {
if( log.isDebugEnabled()){
log.debug(action.getClass().getName() + " no results for " + query);
log.debug(query);
}
}
}
return pd;
}
private Query getQueryForQueryStr(String queryStr){
Query q = queryStrToQuery.get(queryStr);
if( q == null ){
q = QueryFactory.create(prefixes + queryStr);
queryStrToQuery.put(queryStr, q);
}
return q;
}
private String getNetid(IdentifierBundle whoToAuth) {
String netidStr = null;
for(Identifier id : whoToAuth){
if (id instanceof NetId) {
NetId netid = (NetId) id;
netidStr = netid.getValue();
break;
}
}
if( log.isDebugEnabled() )
log.debug("netid was " + (netidStr!=null?netidStr:"null") );
return netidStr;
}
/**
* An inner class used to setup everything that's needed for
* a JenaNetidPolicy. This setups the JenaNetidPolicy and a
* SelfEditingIdentifierFactory.
*
* @author bdc34
*
*/
public static class ContextSetup implements ServletContextListener {
@Override
public void contextInitialized(ServletContextEvent sce) {
try{
log.trace("Setting up JenaNetidPolicy");
Model model = (Model) sce.getServletContext().getAttribute("jenaOntModel");
if( model == null ){
log.error("could not get jenaOntModel from JenaBaseDao, JenaNetidPolicy will not work");
}
ServletPolicyList.addPolicy(sce.getServletContext(), new JenaNetidPolicy(model));
ActiveIdentifierBundleFactories.addFactory(sce, new SelfEditingIdentifierFactory());
}catch(Exception e){
log.error("could not create AuthorizationFactory: " + e);
e.printStackTrace();
}
}
@Override
public void contextDestroyed(ServletContextEvent sce) { /*nothing*/ }
}
private void setupDefault(){
// --- AddObjectPropStmt ---
// may have 4 parameters: netid, object, predicate, and subject.
ArrayList <String> queries = new ArrayList<String>();
queries.add( "ASK WHERE { ?subject vitro:netid ?netid }");
queries.add( "ASK WHERE { ?object vitro:netid ?netid }");
actionToQueryStr.put( AddObjectPropStmt.class.getName(), queries);
// --- DropObjectPropStmt ---
queries = new ArrayList<String>();
queries.add( "ASK WHERE { ?subject vitro:netid ?netid }");
queries.add( "ASK WHERE { ?object vitro:netid ?netid }");
actionToQueryStr.put( DropObjectPropStmt.class.getName(), queries);
// --- DropDataPropStmt ---
queries = new ArrayList<String>();
queries.add( "ASK WHERE { ?subject vitro:netid ?netid }");
queries.add( "ASK WHERE { ?object vitro:netid ?netid }");
actionToQueryStr.put( DropDataPropStmt.class.getName(), queries);
// --- AddDataPropStmt ---
queries = new ArrayList<String>();
queries.add( "ASK WHERE { ?subject vitro:netid ?netid }");
queries.add( "ASK WHERE { ?object vitro:netid ?netid }");
actionToQueryStr.put( AddDataPropStmt.class.getName(), queries);
// --- DropResource ---
queries = new ArrayList<String>();
queries.add( "ASK WHERE { ?subject vitro:netid ?netid }");
queries.add( "ASK WHERE { ?object vitro:netid ?netid }");
actionToQueryStr.put( DropObjectPropStmt.class.getName(), queries);
// --- AddResource ---
queries = new ArrayList<String>();
queries.add( "ASK WHERE { ?subject vitro:netid ?netid }");
queries.add( "ASK WHERE { ?object vitro:netid ?netid }");
actionToQueryStr.put( DropObjectPropStmt.class.getName(), queries);
}
public final static String netIdPropUri = VitroVocabulary.vitroURI+ "netid";
private static final Log log = LogFactory.getLog(JenaNetidPolicy.class.getName());
public final static String DEFAULT_PREFIXES =
"PREFIX rdf: <http://www.w3.org/1999/02/22-rdf-syntax-ns#>\n"+
"PREFIX rdfs: <http://www.w3.org/2000/01/rdf-schema#>\n"+
"PREFIX vivoa: <http://vivo.library.cornell.edu/abox#>\n"+
"PREFIX vivo: <http://vivo.library.cornell.edu/ns/0.1#>\n"+
"PREFIX vitro: <"+ VitroVocabulary.vitroURI+">\n";
private final PolicyDecision UNAUTH = new BasicPolicyDecision(
Authorization.UNAUTHORIZED,
"JenaNetidPolicy doesn't authorize admin or onto editing actions");
}

264
webapp/src/edu/cornell/mannlib/vitro/webapp/auth/policy/SparqlPolicy.java
View file

@ -1,264 +0,0 @@
/* $This file is distributed under the terms of the license in /doc/license.txt$ */
package edu.cornell.mannlib.vitro.webapp.auth.policy;
import java.io.InputStream;
import java.util.HashMap;
import java.util.List;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import com.hp.hpl.jena.query.Query;
import com.hp.hpl.jena.query.QueryExecution;
import com.hp.hpl.jena.query.QueryExecutionFactory;
import com.hp.hpl.jena.query.QueryFactory;
import com.hp.hpl.jena.query.QuerySolutionMap;
import com.hp.hpl.jena.rdf.model.Model;
import com.hp.hpl.jena.rdf.model.ModelFactory;
import com.thoughtworks.xstream.XStream;
import com.thoughtworks.xstream.io.xml.DomDriver;
import edu.cornell.mannlib.vitro.webapp.auth.identifier.IdentifierBundle;
import edu.cornell.mannlib.vitro.webapp.auth.policy.ifaces.Authorization;
import edu.cornell.mannlib.vitro.webapp.auth.policy.ifaces.DefaultInconclusivePolicy;
import edu.cornell.mannlib.vitro.webapp.auth.policy.ifaces.PolicyDecision;
import edu.cornell.mannlib.vitro.webapp.auth.policy.ifaces.PolicyIface;
import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.admin.UploadFile;
import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.ifaces.RequestedAction;
import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.propstmt.AddDataPropStmt;
import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.propstmt.AddObjectPropStmt;
import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.propstmt.DropDataPropStmt;
import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.propstmt.DropObjectPropStmt;
import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.propstmt.EditDataPropStmt;
import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.propstmt.EditObjPropStmt;
import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.resource.AddResource;
import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.resource.DropResource;
/**
* This policy maps strings in the IdentifierBundle to a QuerySolutioinMap in order
* to bind identifiers with unbound variables in SPARQL queries.
* These queries are intended to specify the relations that allow authorization.
* If the query return no rows will be interpreted as unauthorized and a
* query returning one or more rows will be interpreted as authorized.
*
* @author bdc34
*
*/
public class SparqlPolicy extends DefaultInconclusivePolicy implements PolicyIface{
protected Model model = ModelFactory.createDefaultModel();
private HashMap<String,Query> queryStrToQuery = new HashMap<String,Query>();
/** human readable name for this policy */
protected String name="Unnamed Policy";
/** prefixes for SPARQL queries. */
protected String prefixes = "";
/** The SPARQL queries. They should all be of the type ASK */
protected HashMap<String,List<String>> actionToQueryStr = new HashMap<String,List<String>>();
/** Function to transform identifiers into a QuerySolutionMap */
private Ids2QueryBindings binder;
private String resource = null;
/**
* Load XML policy files with this.getClass().getResourceAsStream()
* Notice that / is the path separator and strings that lack
* a leading slash are relative to the package of the this.getClass().
*/
public SparqlPolicy(Model model, Ids2QueryBindings binder, String resource){
if( model == null )
throw new IllegalArgumentException("model must not be null.");
if( binder == null )
throw new IllegalArgumentException("binder must not be null.");
if( resource == null )
throw new IllegalArgumentException("resource must not be null.");
this.model = model;
this.binder = binder;
this.resource = resource;
loadPolicy();
}
public void loadPolicy(){
InputStream policySpec = SparqlPolicy.class.getResourceAsStream(resource);
XStream x = new XStream(new DomDriver());
SparqlPolicy jnip =(SparqlPolicy) x.fromXML( policySpec );
this.actionToQueryStr = jnip.actionToQueryStr;
this.prefixes = jnip.prefixes;
this.name = jnip.name;
try{
policySpec.close();
}catch(Throwable th){/*ignore it?*/}
}
/* *********************** Methods ************************************ */
@Override
public PolicyDecision isAuthorized(IdentifierBundle whoToAuth,
RequestedAction whatToAuth) {
if( whoToAuth == null )
return new BasicPolicyDecision(Authorization.INCONCLUSIVE,"whoToAuth was null");
if(whatToAuth == null)
return new BasicPolicyDecision(Authorization.INCONCLUSIVE,"whatToAuth was null");
List<String> queryStrs = actionToQueryStr.get(whatToAuth.getClass().getName());
if( queryStrs == null || queryStrs.size() ==0 )
return new BasicPolicyDecision(Authorization.INCONCLUSIVE,
"no queryies found for action" + whatToAuth.getClass().getName());
if (whatToAuth instanceof AddObjectPropStmt) {
return visit(whoToAuth, (AddObjectPropStmt) whatToAuth);
} else if (whatToAuth instanceof DropResource) {
return visit(whoToAuth, (DropResource) whatToAuth);
} else if (whatToAuth instanceof DropDataPropStmt) {
return visit(whoToAuth, (DropDataPropStmt) whatToAuth);
} else if (whatToAuth instanceof DropObjectPropStmt) {
return visit(whoToAuth, (DropObjectPropStmt) whatToAuth);
} else if (whatToAuth instanceof AddResource) {
return visit(whoToAuth, (AddResource) whatToAuth);
} else if (whatToAuth instanceof AddDataPropStmt) {
return visit(whoToAuth, (AddDataPropStmt) whatToAuth);
} else if (whatToAuth instanceof UploadFile) {
return visit(whoToAuth, (UploadFile) whatToAuth);
} else if (whatToAuth instanceof EditDataPropStmt) {
return visit(whoToAuth, (EditDataPropStmt) whatToAuth);
} else if (whatToAuth instanceof EditObjPropStmt) {
return visit(whoToAuth, (EditObjPropStmt) whatToAuth);
} else {
return UNAUTH;
}
}
private PolicyDecision doQueries(List<String>queryStrs, IdentifierBundle ids, RequestedAction action){
SparqlPolicyDecision pd = new SparqlPolicyDecision(Authorization.INCONCLUSIVE,"");
List<QuerySolutionMap> bindings = binder.makeScopeBinding(ids, action);
for( QuerySolutionMap scope: bindings ){
for(String quStr : queryStrs){
Query query = getQueryForQueryStr(quStr);
pd.setQuery(query);
QueryExecution qexec = QueryExecutionFactory.create(query, model, scope);
pd.setQexec(qexec);
boolean pathFound = qexec.execAsk();
if( pathFound ){
pd.setAuthorized(Authorization.AUTHORIZED);
pd.setMessage(action.getClass().getName() + " permited by " + quStr);
if( log.isDebugEnabled()){
log.debug(action.getClass().getName() + " permited by " + quStr);
log.debug(query);
}
return pd;
} else {
if( log.isDebugEnabled()){
log.debug(action.getClass().getName() + " no results for " + query);
log.debug(query);
}
}
}
}
return pd;
}
private Query getQueryForQueryStr(String queryStr){
//memoize queries
Query q = queryStrToQuery.get(queryStr);
if( q == null ){
q = QueryFactory.create(prefixes + queryStr);
queryStrToQuery.put(queryStr, q);
}
return q;
}
/* ***************** Visit methods ********************** */
private final String pkg = "edu.cornell.mannlib.vitro.webapp.auth.requestedAction.";
private PolicyDecision visit(IdentifierBundle ids, AddObjectPropStmt action) {
return doQueries(actionToQueryStr.get(pkg +"AddObjectPropStmt"),ids,action);
}
private PolicyDecision visit(IdentifierBundle ids, DropResource action) {
return doQueries(actionToQueryStr.get(pkg +"DropResource"),ids,action);
}
private PolicyDecision visit(IdentifierBundle ids, DropDataPropStmt action) {
return doQueries(actionToQueryStr.get(pkg +"DropDataPropStmt"),ids,action);
}
private PolicyDecision visit(IdentifierBundle ids, DropObjectPropStmt action) {
return doQueries(actionToQueryStr.get(pkg +"DropObjectPropStmt"),ids,action);
}
private PolicyDecision visit(IdentifierBundle ids, AddResource action) {
return doQueries(actionToQueryStr.get(pkg +"AddResource"),ids,action);
}
private PolicyDecision visit(IdentifierBundle ids, AddDataPropStmt action) {
return doQueries(actionToQueryStr.get(pkg +"AddDataPropStmt"),ids,action);
}
private PolicyDecision visit(IdentifierBundle ids, UploadFile action) {
return doQueries(actionToQueryStr.get(pkg +"UploadFile"),ids,action);
}
private PolicyDecision visit(IdentifierBundle ids, EditDataPropStmt action) {
return doQueries(actionToQueryStr.get(pkg +"EditDataPropStmt"),ids,action);
}
private PolicyDecision visit(IdentifierBundle ids, EditObjPropStmt action) {
return doQueries(actionToQueryStr.get(pkg +"EditObjPropStmt"),ids,action);
}
private static final Log log = LogFactory.getLog(SparqlPolicy.class.getName());
private final PolicyDecision UNAUTH = new BasicPolicyDecision(
Authorization.UNAUTHORIZED,
name + " SparqlPolicy doesn't authorize admin or onto editing actions");
/*
* example of how to set up the xml:
*
* <code>
<edu.cornell.mannlib.vitro.webapp.auth.policy.JenaNetidPolicy>
<name>Example Policy</name>
<prefixes>PREFIX rdf: &lt;http://www.w3.org/1999/02/22-rdf-syntax-ns#&gt;
PREFIX rdfs: &lt;http://www.w3.org/2000/01/rdf-schema#&gt;
PREFIX vivoa: &lt;http://vivo.library.cornell.edu/abox#&gt;
PREFIX vivo: &lt;http://vivo.library.cornell.edu/ns/0.1#&gt;
PREFIX vitro: &lt;http://lowe.mannlib.cornell.edu/ns/vitro/0.1/vitro.owl#&gt;
</prefixes>
<actionToQueryStr>
<entry>
<string>edu.cornell.mannlib.vitro.webapp.auth.requestedAction.DropDataPropStmt</string>
<list>
<string>ASK WHERE { ?subject vitro:netid ?netid }</string>
<string>ASK WHERE { ?object vitro:netid ?netid }</string>
</list>
</entry>
<entry>
<string>edu.cornell.mannlib.vitro.webapp.auth.requestedAction.DropObjectPropStmt</string>
<list>
<string>ASK WHERE { ?subject vitro:netid ?netid }</string>
<string>ASK WHERE { ?object vitro:netid ?netid }</string>
</list>
</entry>
<entry>
<string>edu.cornell.mannlib.vitro.webapp.auth.requestedAction.AddObjectPropStmt</string>
<list>
<string>ASK WHERE { ?subject vitro:netid ?netid }</string>
<string>ASK WHERE { ?object vitro:netid ?netid }</string>
</list>
</entry>
<entry>
<string>edu.cornell.mannlib.vitro.webapp.auth.requestedAction.AddDataPropStmt</string>
<list>
<string>ASK WHERE { ?subject vitro:netid ?netid }</string>
<string>ASK WHERE { ?object vitro:netid ?netid }</string>
</list>
</entry>
</actionToQueryStr>
</edu.cornell.mannlib.vitro.webapp.auth.policy.JenaNetidPolicy>
</code>
*/
}

61
webapp/src/edu/cornell/mannlib/vitro/webapp/auth/policy/SparqlPolicyDecision.java
View file

@ -1,61 +0,0 @@
/* $This file is distributed under the terms of the license in /doc/license.txt$ */
package edu.cornell.mannlib.vitro.webapp.auth.policy;
import com.hp.hpl.jena.query.Query;
import com.hp.hpl.jena.query.QueryExecution;
import edu.cornell.mannlib.vitro.webapp.auth.policy.ifaces.Authorization;
/**
* Extends the BasicPolicyDecision with additional debugging information about the
* sparql queries that were run to create the decision.
*
* @author bdc34
*
*/
public class SparqlPolicyDecision extends BasicPolicyDecision {
Query query = null;
QueryExecution qexec = null;
public SparqlPolicyDecision(Authorization authorized, String message) {
super(authorized, message);
}
public QueryExecution getQexec() {
return qexec;
}
public void setQexec(QueryExecution qexec) {
this.qexec = qexec;
}
public Query getQuery() {
return query;
}
public void setQuery(Query query) {
this.query = query;
}
@Override
public String getDebuggingInfo() {
String msg = "";
if( super.getDebuggingInfo() != null && super.getDebuggingInfo().length() > 0)
msg = super.getDebuggingInfo() + '\n';
if( query != null )
msg= msg + "query: \n" + query.toString() + '\n';
else
msg = msg + " query was null \n";
if( qexec != null )
msg = msg + "query exec: \n" + qexec.toString();
else
msg = msg + " query exec was null \n";
return msg;
}
}

55
webapp/src/edu/cornell/mannlib/vitro/webapp/auth/policy/setup/JenaNetidPolicySetup.java
View file

@ -1,55 +0,0 @@
/* $This file is distributed under the terms of the license in /doc/license.txt$ */
package edu.cornell.mannlib.vitro.webapp.auth.policy.setup;
import javax.servlet.ServletContextEvent;
import javax.servlet.ServletContextListener;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import com.hp.hpl.jena.ontology.OntModel;
import edu.cornell.mannlib.vitro.webapp.auth.identifier.ActiveIdentifierBundleFactories;
import edu.cornell.mannlib.vitro.webapp.auth.identifier.SelfEditingIdentifierFactory;
import edu.cornell.mannlib.vitro.webapp.auth.policy.JenaNetidPolicy;
import edu.cornell.mannlib.vitro.webapp.auth.policy.ServletPolicyList;
/**
* Class used to setup a JenaNetidPolicy using the default.
* This setups the JenaNetidPolicy and a SelfEditingIdentifierFactory.
*
* See JenaNetidPolicy.setupDefault() for the sparql queries that will
* be used by the default JenaNetidPolicy.
*
* @author bdc34
*
*/
public class JenaNetidPolicySetup implements ServletContextListener {
private static final Log log = LogFactory.getLog(JenaNetidPolicySetup.class.getName());
@Override
public void contextInitialized(ServletContextEvent sce) {
try{
log.debug("Setting up JenaNetidPolicy");
JenaNetidPolicy jnip = new JenaNetidPolicy((OntModel) sce.getServletContext().getAttribute("jenaOntModel"));
ServletPolicyList.addPolicy(sce.getServletContext(), jnip);
SelfEditingIdentifierFactory niif =new SelfEditingIdentifierFactory();
ActiveIdentifierBundleFactories.addFactory(sce, niif);
}catch(Exception e){
log.error("could not create AuthorizationFactory: " + e);
e.printStackTrace();
}
}
@Override
public void contextDestroyed(ServletContextEvent sce) {
/*nothing*/
}
}

228
webapp/test/edu/cornell/mannlib/vitro/webapp/auth/policy/JenaNetidPolicyTest.java
View file

@ -1,228 +0,0 @@
/* $This file is distributed under the terms of the license in /doc/license.txt$ */
package edu.cornell.mannlib.vitro.webapp.auth.policy;
import static org.junit.Assert.assertEquals;
import static org.junit.Assert.assertNotNull;
import static org.junit.Assert.assertTrue;
import java.io.InputStream;
import org.apache.log4j.Level;
import org.junit.BeforeClass;
import org.junit.Test;
import com.hp.hpl.jena.ontology.OntModel;
import com.hp.hpl.jena.ontology.OntModelSpec;
import com.hp.hpl.jena.rdf.model.Model;
import com.hp.hpl.jena.rdf.model.ModelFactory;
import com.hp.hpl.jena.rdf.model.impl.RDFDefaultErrorHandler;
import edu.cornell.mannlib.vitro.testing.AbstractTestClass;
import edu.cornell.mannlib.vitro.webapp.auth.identifier.ArrayIdentifierBundle;
import edu.cornell.mannlib.vitro.webapp.auth.identifier.IdentifierBundle;
import edu.cornell.mannlib.vitro.webapp.auth.identifier.SelfEditingIdentifierFactory;
import edu.cornell.mannlib.vitro.webapp.auth.policy.ifaces.Authorization;
import edu.cornell.mannlib.vitro.webapp.auth.policy.ifaces.PolicyDecision;
import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.ifaces.RequestedAction;
import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.propstmt.AddDataPropStmt;
import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.propstmt.AddObjectPropStmt;
import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.propstmt.DropDataPropStmt;
import edu.cornell.mannlib.vitro.webapp.beans.DataPropertyStatementImpl;
/**
* Simple test of JenaNetidPolicyTest that uses the ExamplePolicy.xml
* It expects that the model will have the resource
* <http://vivo.library.cornell.edu/abox#entity11821> will have
* the datatype property vitro:netid of "bdc34".
*
* @author bdc34
*
*/
public class JenaNetidPolicyTest extends AbstractTestClass {
static transient JenaNetidPolicy jniPolicy;
static transient JenaNetidPolicy unAuthPolicy;
static transient Model model;
static IdentifierBundle idb;
static String onts[] ={
"/testontologies/smallVivo-20070809.owl",
"/testontologies/vitro1.owl",
"/testontologies/vivo-users.owl"
};
/*
* Loading files with this.getClass().getResourceAsStream()
* Notice that / is the path seperator and strings that lack
* a leading slash are relative to the package of the this.getClass().
*/
@BeforeClass
public static void setUpForClass() throws Exception {
// Suppress warnings from creating default model.
setLoggerLevel(RDFDefaultErrorHandler.class, Level.OFF);
model = ModelFactory.createDefaultModel();
for( String ont : onts){
InputStream in = JenaNetidPolicyTest.class.getResourceAsStream(ont);
model.read(in,null);
in.close();
}
OntModel ontModel = ModelFactory.createOntologyModel(ONT_MODEL_SPEC,model);
ontModel.prepare();
InputStream in = JenaNetidPolicyTest.class.getResourceAsStream("resources/examplePolicy.xml");
jniPolicy = new JenaNetidPolicy(model,in);
in.close();
in = JenaNetidPolicyTest.class.getResourceAsStream("resources/examplePolicy.xml");
unAuthPolicy = new JenaNetidPolicy(model,in, Authorization.UNAUTHORIZED);
in.close();
idb = new ArrayIdentifierBundle();
idb.add(new SelfEditingIdentifierFactory.NetId("bdc34"));
}
@Test public void testOfSetupFromXml(){
assertNotNull(model);
JenaNetidPolicy j = jniPolicy;
assertNotNull(j);
assertNotNull(j.model);
assertNotNull(j.prefixes);
assertNotNull( j.actionToQueryStr );
assertNotNull(j.name);
assertEquals(j.name, "Example Policy");
assertTrue(j.prefixes.length() > 0);
assertTrue( j.actionToQueryStr.size() > 0);
}
@Test public void testAddDataProps(){
RequestedAction act; PolicyDecision pd;
act = new AddDataPropStmt(
"http://some.non.existing.resource",
"http://some.non.existing.dataproperty",
"bogus value", null, null);
pd = jniPolicy.isAuthorized(idb, act);
assertNotNull(pd);
assertTrue( "authorization was " + pd.getAuthorized() +
'\n' + pd.getDebuggingInfo(),
pd.getAuthorized() == Authorization.INCONCLUSIVE);
pd = unAuthPolicy.isAuthorized(idb, act);
assertNotNull(pd);
assertTrue( "authorization was " + pd.getAuthorized() +
'\n' + pd.getDebuggingInfo(),
pd.getAuthorized() == Authorization.INCONCLUSIVE);
}
@Test public void testAddDataProps2(){
RequestedAction act; PolicyDecision pd;
act = new AddDataPropStmt(
"http://vivo.library.cornell.edu/abox#entity11821",
"vitro:description",
"a description of some kind.", null, null);
pd = jniPolicy.isAuthorized(idb, act);
assertNotNull(pd);
assertTrue("authorization was " + pd.getAuthorized() +
'\n' + pd.getDebuggingInfo(),
pd.getAuthorized() == Authorization.AUTHORIZED);
pd = unAuthPolicy.isAuthorized(idb, act);
assertNotNull(pd);
assertTrue( "authorization was " + pd.getAuthorized() +
'\n' + pd.getDebuggingInfo(),
pd.getAuthorized() == Authorization.UNAUTHORIZED);
}
@Test public void testDropDataProps1(){
RequestedAction act; PolicyDecision pd;
DataPropertyStatementImpl dp = new DataPropertyStatementImpl();
dp.setIndividualURI("http://vivo.library.cornell.edu/abox#entity11821");
dp.setData("a description of some kind.");
dp.setDatapropURI("vitro:description");
act = new DropDataPropStmt( dp );
pd = jniPolicy.isAuthorized(idb, act);
assertNotNull(pd);
assertTrue("authorization was " + pd.getAuthorized() +
'\n' + pd.getDebuggingInfo(),
pd.getAuthorized() == Authorization.AUTHORIZED);
pd = unAuthPolicy.isAuthorized(idb, act);
assertNotNull(pd);
assertTrue( "authorization was " + pd.getAuthorized() +
'\n' + pd.getDebuggingInfo(),
pd.getAuthorized() == Authorization.UNAUTHORIZED);
}
@Test public void testDropDataProps2(){
RequestedAction act; PolicyDecision pd;
DataPropertyStatementImpl dp = new DataPropertyStatementImpl();
dp.setIndividualURI("http://mannlib.cornell.edu/non.existing.resource");
dp.setData("a description of some kind.");
dp.setDatapropURI("vitro:description");
act = new DropDataPropStmt( dp );
pd = jniPolicy.isAuthorized(idb, act);
assertNotNull(pd);
assertTrue("authorization was " + pd.getAuthorized() +
'\n' + pd.getDebuggingInfo(),
pd.getAuthorized() == Authorization.INCONCLUSIVE);
pd = unAuthPolicy.isAuthorized(idb, act);
assertNotNull(pd);
assertTrue( "authorization was " + pd.getAuthorized() +
'\n' + pd.getDebuggingInfo(),
pd.getAuthorized() == Authorization.INCONCLUSIVE);
}
@Test public void testObjectProps(){
RequestedAction act = new AddObjectPropStmt(
"http://vivo.library.cornell.edu/abox#entity11821",
"vitro:headOf",
"http://vivo.library.cornell.edu/abox#entity1");
PolicyDecision pd = jniPolicy.isAuthorized(idb, act);
assertNotNull(pd);
assertTrue("authorization was " + pd.getAuthorized(),
pd.getAuthorized() == Authorization.AUTHORIZED);
pd = unAuthPolicy.isAuthorized(idb, act);
assertNotNull(pd);
assertTrue( "authorization was " + pd.getAuthorized() +
'\n' + pd.getDebuggingInfo(),
pd.getAuthorized() == Authorization.UNAUTHORIZED);
act = new AddObjectPropStmt(
"http://vivo.library.cornell.edu/abox#entity123",
"vitro:headOf",
"http://vivo.library.cornell.edu/abox#entity1");
pd = jniPolicy.isAuthorized(idb, act);
assertNotNull(pd);
assertTrue("authorization was " + pd.getAuthorized(),
pd.getAuthorized() == Authorization.INCONCLUSIVE);
pd = unAuthPolicy.isAuthorized(idb, act);
assertNotNull(pd);
assertTrue( "authorization was " + pd.getAuthorized() +
'\n' + pd.getDebuggingInfo(),
pd.getAuthorized() == Authorization.INCONCLUSIVE);
}
// static String ONTOLOGY_ADDR = "http://caruso.mannlib.cornell.edu/xml/rdf/smallVivo-20070809.owl";
// static String VITRO_ADDR = "http://ivy.mannlib.cornell.edu/ontologies/vitro/vitro1.owl";
// static String USERS_ADDR = "http://ivy.mannlib.cornell.edu/ontologies/vivo/vivo-users.owl";
//String ONTOLOGY_ADDR = "http://lowe.mannlib.cornell.edu/ontologies/fao/geopolitical_Ontology_v_0_2.owl";
//String ONTOLOGY_ADDR = "http://lowe.mannlib.cornell.edu/ontologies/fao/languagecode.owl";
//String ONTOLOGY_ADDR = "http://localhost/~bjl23/ontologies/VitroFacultyReporting.0.2.owl";
static OntModelSpec ONT_MODEL_SPEC = OntModelSpec.OWL_DL_MEM; // no additional entailment reasoning
//OntModelSpec ONT_MODEL_SPEC = OntModelSpec.OWL_MEM_MICRO_RULE_INF; // some additional OWL entailment reasoning
//OntModelSpec ONT_MODEL_SPEC = OntModelSpec.RDFS_MEM_RDFS_INF;
}

43
webapp/test/edu/cornell/mannlib/vitro/webapp/auth/policy/resources/examplePolicy.xml
View file

@ -1,43 +0,0 @@
<edu.cornell.mannlib.vitro.webapp.auth.policy.JenaNetidPolicy>
<!-- $This file is distributed under the terms of the license in /doc/license.txt$ -->
<name>Example Policy</name>
<prefixes>PREFIX rdf: &lt;http://www.w3.org/1999/02/22-rdf-syntax-ns#&gt;
PREFIX rdfs: &lt;http://www.w3.org/2000/01/rdf-schema#&gt;
PREFIX vivoa: &lt;http://vivo.library.cornell.edu/abox#&gt;
PREFIX vivo: &lt;http://vivo.library.cornell.edu/ns/0.1#&gt;
PREFIX vitro: &lt;http://lowe.mannlib.cornell.edu/ns/vitro/0.1/vitro.owl#&gt;
</prefixes>
<actionToQueryStr>
<entry>
<string>edu.cornell.mannlib.vitro.webapp.auth.requestedAction.propstmt.DropObjectPropStmt</string>
<list>
<string>ASK WHERE { ?subject vitro:netid ?netid }</string>
<string>ASK WHERE { ?object vitro:netid ?netid }</string>
</list>
</entry>
<entry>
<string>edu.cornell.mannlib.vitro.webapp.auth.requestedAction.propstmt.AddObjectPropStmt</string>
<list>
<string>ASK WHERE { ?subject vitro:netid ?netid }</string>
<string>ASK WHERE { ?object vitro:netid ?netid }</string>
</list>
</entry>
<entry>
<string>edu.cornell.mannlib.vitro.webapp.auth.requestedAction.propstmt.AddDataPropStmt</string>
<list>
<string>ASK WHERE { ?subject vitro:netid ?netid }</string>
</list>
</entry>
<entry>
<string>edu.cornell.mannlib.vitro.webapp.auth.requestedAction.propstmt.DropDataPropStmt</string>
<list>
<string>ASK WHERE { ?subject vitro:netid ?netid }</string>
</list>
</entry>
</actionToQueryStr>
</edu.cornell.mannlib.vitro.webapp.auth.policy.JenaNetidPolicy>