Google Git
Sign in
apache / jena-site / refs/heads/javadoc / . / permissions / org / apache / jena / permissions / SecurityEvaluator.html
blob: 48e29282e27a8a4a5705a0e5a73ea9549857f8e0 [file] [log] [blame]
<!DOCTYPE HTML>
<html lang="en">
<head>
<!-- Generated by javadoc (17) -->
<title>SecurityEvaluator (Apache Jena - Security Permissions 5.0.0)</title>
<meta name="viewport" content="width=device-width, initial-scale=1">
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<meta name="description" content="declaration: package: org.apache.jena.permissions, interface: SecurityEvaluator">
<meta name="generator" content="javadoc/ClassWriterImpl">
<link rel="stylesheet" type="text/css" href="../../../../stylesheet.css" title="Style">
<link rel="stylesheet" type="text/css" href="../../../../script-dir/jquery-ui.min.css" title="Style">
<link rel="stylesheet" type="text/css" href="../../../../jquery-ui.overrides.css" title="Style">
<script type="text/javascript" src="../../../../script.js"></script>
<script type="text/javascript" src="../../../../script-dir/jquery-3.6.1.min.js"></script>
<script type="text/javascript" src="../../../../script-dir/jquery-ui.min.js"></script>
</head>
<body class="class-declaration-page">
<script type="text/javascript">var evenRowColor = "even-row-color";
var oddRowColor = "odd-row-color";
var tableTab = "table-tab";
var activeTableTab = "active-table-tab";
var pathtoroot = "../../../../";
loadScripts(document, 'script');</script>
<noscript>
<div>JavaScript is disabled on your browser.</div>
</noscript>
<div class="flex-box">
<header role="banner" class="flex-header">
<nav role="navigation">
<!-- ========= START OF TOP NAVBAR ======= -->
<div class="top-nav" id="navbar-top">
<div class="skip-nav"><a href="#skip-navbar-top" title="Skip navigation links">Skip navigation links</a></div>
<ul id="navbar-top-firstrow" class="nav-list" title="Navigation">
<li><a href="../../../../index.html">Overview</a></li>
<li><a href="package-summary.html">Package</a></li>
<li class="nav-bar-cell1-rev">Class</li>
<li><a href="class-use/SecurityEvaluator.html">Use</a></li>
<li><a href="package-tree.html">Tree</a></li>
<li><a href="../../../../index-all.html">Index</a></li>
<li><a href="../../../../help-doc.html#class">Help</a></li>
</ul>
</div>
<div class="sub-nav">
<div>
<ul class="sub-nav-list">
<li>Summary:&nbsp;</li>
<li><a href="#nested-class-summary">Nested</a>&nbsp;|&nbsp;</li>
<li><a href="#field-summary">Field</a>&nbsp;|&nbsp;</li>
<li>Constr&nbsp;|&nbsp;</li>
<li><a href="#method-summary">Method</a></li>
</ul>
<ul class="sub-nav-list">
<li>Detail:&nbsp;</li>
<li><a href="#field-detail">Field</a>&nbsp;|&nbsp;</li>
<li>Constr&nbsp;|&nbsp;</li>
<li><a href="#method-detail">Method</a></li>
</ul>
</div>
<div class="nav-list-search"><label for="search-input">SEARCH:</label>
<input type="text" id="search-input" value="search" disabled="disabled">
<input type="reset" id="reset-button" value="reset" disabled="disabled">
</div>
</div>
<!-- ========= END OF TOP NAVBAR ========= -->
<span class="skip-nav" id="skip-navbar-top"></span></nav>
</header>
<div class="flex-content">
<main role="main">
<!-- ======== START OF CLASS DATA ======== -->
<div class="header">
<div class="sub-title"><span class="package-label-in-type">Package</span>&nbsp;<a href="package-summary.html">org.apache.jena.permissions</a></div>
<h1 title="Interface SecurityEvaluator" class="title">Interface SecurityEvaluator</h1>
</div>
<section class="class-description" id="class-description">
<dl class="notes">
<dt>All Known Implementing Classes:</dt>
<dd><code><a href="impl/CachedSecurityEvaluator.html" title="class in org.apache.jena.permissions.impl">CachedSecurityEvaluator</a></code>, <code><a href="example/ExampleEvaluator.html" title="class in org.apache.jena.permissions.example">ExampleEvaluator</a></code>, <code><a href="example/readonly/ReadOnlyEval.html" title="class in org.apache.jena.permissions.example.readonly">ReadOnlyEval</a></code>, <code><a href="example/ShiroExampleEvaluator.html" title="class in org.apache.jena.permissions.example">ShiroExampleEvaluator</a></code></dd>
</dl>
<hr>
<div class="type-signature"><span class="modifiers">public interface </span><span class="element-name type-name-label">SecurityEvaluator</span></div>
<div class="block">SecurityEvaluator.
<p>
The security evaluator is the link between the graph security system and an
external security system. This interface specifies the methods that are
required by the graph security system. It is assumed that the implementation
will handle tracking the current user and will query some underlying data
source to determine what actions the user can and can not take.
</p>
<p>
All questions of white listing or black listing will be handled in the
concrete implementation.
</p>
<p>
Implementations of this class should probably cache any evaluate calculations
as the evaluate methods are called frequently. However, the underlying
classes do cache results within a single method check.
</p>
<dl>
<dt>Secured operations</dt>
<dd>The security system recognizes and secures each of the CRUD (Create,
Read, Update and Delete) operations as represented by the Action
enumeration.</dd>
<dt>Levels of security</dt>
<dd>The security interfaces operates at two (2) levels: graph (or Model) and
triple.
<p>
At the the graph level the security evaluator may restrict CRUD access to the
graph or model as a whole. When evaluating the restriction, if the user it
not permitted to perform the operation on the graph or model access is
denied. If the user is permitted any triple restrictions are evaluated.
</p>
<p>
At the triple level the security evaluator may restrict CRUD access to
specific triples. In order to skip potentially expensive triple security
checks the system will generally ask if the user is permitted the CRUD action
on any triple. This is represented by the SecTriple
<code>(ANY, ANY, ANY)</code>.
</p>
<ul>
<li>If the system does not support triple level security the system should
always return <code>true</code>.</li>
<li>If the system does support triple level
security and is unable to verify that the user can execute the CRUD action
against any arbitrary triple the system should return
<code>false</code>.</li>
<li>See <code>Node.ANY</code>, <code>SecurityEvaluator.FUTURE</code>, and
<code>SecurityEvaluator.VARIABLE</code> for discussion of specifics of their
respective usages.</li>
</ul>
</dd>
</dl></div>
</section>
<section class="summary">
<ul class="summary-list">
<!-- ======== NESTED CLASS SUMMARY ======== -->
<li>
<section class="nested-class-summary" id="nested-class-summary">
<h2>Nested Class Summary</h2>
<div class="caption"><span>Nested Classes</span></div>
<div class="summary-table three-column-summary">
<div class="table-header col-first">Modifier and Type</div>
<div class="table-header col-second">Interface</div>
<div class="table-header col-last">Description</div>
<div class="col-first even-row-color"><code>static enum&nbsp;</code></div>
<div class="col-second even-row-color"><code><a href="SecurityEvaluator.Action.html" class="type-name-link" title="enum in org.apache.jena.permissions">SecurityEvaluator.Action</a></code></div>
<div class="col-last even-row-color">
<div class="block">Identifies a specific CRUD actions.</div>
</div>
<div class="col-first odd-row-color"><code>static class&nbsp;</code></div>
<div class="col-second odd-row-color"><code><a href="SecurityEvaluator.Util.html" class="type-name-link" title="class in org.apache.jena.permissions">SecurityEvaluator.Util</a></code></div>
<div class="col-last odd-row-color">
<div class="block">A collection of utility functions for the SecurityEvaluator implementations.</div>
</div>
</div>
</section>
</li>
<!-- =========== FIELD SUMMARY =========== -->
<li>
<section class="field-summary" id="field-summary">
<h2>Field Summary</h2>
<div class="caption"><span>Fields</span></div>
<div class="summary-table three-column-summary">
<div class="table-header col-first">Modifier and Type</div>
<div class="table-header col-second">Field</div>
<div class="table-header col-last">Description</div>
<div class="col-first even-row-color"><code>static final <a href="https://jena.apache.org/documentation/javadoc/jena/org.apache.jena.core/org/apache/jena/graph/Node.html" title="class or interface in org.apache.jena.graph" class="external-link">Node</a></code></div>
<div class="col-second even-row-color"><code><a href="#FUTURE" class="member-name-link">FUTURE</a></code></div>
<div class="col-last even-row-color">
<div class="block">This is a blank (anonymous) node that will be created in the future.</div>
</div>
<div class="col-first odd-row-color"><code>static final <a href="https://jena.apache.org/documentation/javadoc/jena/org.apache.jena.core/org/apache/jena/graph/Node.html" title="class or interface in org.apache.jena.graph" class="external-link">Node</a></code></div>
<div class="col-second odd-row-color"><code><a href="#VARIABLE" class="member-name-link">VARIABLE</a></code></div>
<div class="col-last odd-row-color">
<div class="block">Indicates a variable in the triple.</div>
</div>
</div>
</section>
</li>
<!-- ========== METHOD SUMMARY =========== -->
<li>
<section class="method-summary" id="method-summary">
<h2>Method Summary</h2>
<div id="method-summary-table">
<div class="table-tabs" role="tablist" aria-orientation="horizontal"><button id="method-summary-table-tab0" role="tab" aria-selected="true" aria-controls="method-summary-table.tabpanel" tabindex="0" onkeydown="switchTab(event)" onclick="show('method-summary-table', 'method-summary-table', 3)" class="active-table-tab">All Methods</button><button id="method-summary-table-tab2" role="tab" aria-selected="false" aria-controls="method-summary-table.tabpanel" tabindex="-1" onkeydown="switchTab(event)" onclick="show('method-summary-table', 'method-summary-table-tab2', 3)" class="table-tab">Instance Methods</button><button id="method-summary-table-tab3" role="tab" aria-selected="false" aria-controls="method-summary-table.tabpanel" tabindex="-1" onkeydown="switchTab(event)" onclick="show('method-summary-table', 'method-summary-table-tab3', 3)" class="table-tab">Abstract Methods</button><button id="method-summary-table-tab5" role="tab" aria-selected="false" aria-controls="method-summary-table.tabpanel" tabindex="-1" onkeydown="switchTab(event)" onclick="show('method-summary-table', 'method-summary-table-tab5', 3)" class="table-tab">Default Methods</button></div>
<div id="method-summary-table.tabpanel" role="tabpanel">
<div class="summary-table three-column-summary" aria-labelledby="method-summary-table-tab0">
<div class="table-header col-first">Modifier and Type</div>
<div class="table-header col-second">Method</div>
<div class="table-header col-last">Description</div>
<div class="col-first even-row-color method-summary-table method-summary-table-tab2 method-summary-table-tab5"><code>default boolean</code></div>
<div class="col-second even-row-color method-summary-table method-summary-table-tab2 method-summary-table-tab5"><code><a href="#evaluate(java.lang.Object,java.util.Set,org.apache.jena.graph.Node)" class="member-name-link">evaluate</a><wbr>(<a href="https://docs.oracle.com/javase/8/docs/api/java/lang/Object.html" title="class or interface in java.lang" class="external-link">Object</a>&nbsp;principal,
<a href="https://docs.oracle.com/javase/8/docs/api/java/util/Set.html" title="class or interface in java.util" class="external-link">Set</a>&lt;<a href="SecurityEvaluator.Action.html" title="enum in org.apache.jena.permissions">SecurityEvaluator.Action</a>&gt;&nbsp;actions,
<a href="https://jena.apache.org/documentation/javadoc/jena/org.apache.jena.core/org/apache/jena/graph/Node.html" title="class or interface in org.apache.jena.graph" class="external-link">Node</a>&nbsp;graphIRI)</code></div>
<div class="col-last even-row-color method-summary-table method-summary-table-tab2 method-summary-table-tab5">
<div class="block">Determine if all actions are allowed on the graph.</div>
</div>
<div class="col-first odd-row-color method-summary-table method-summary-table-tab2 method-summary-table-tab5"><code>default boolean</code></div>
<div class="col-second odd-row-color method-summary-table method-summary-table-tab2 method-summary-table-tab5"><code><a href="#evaluate(java.lang.Object,java.util.Set,org.apache.jena.graph.Node,org.apache.jena.graph.Triple)" class="member-name-link">evaluate</a><wbr>(<a href="https://docs.oracle.com/javase/8/docs/api/java/lang/Object.html" title="class or interface in java.lang" class="external-link">Object</a>&nbsp;principal,
<a href="https://docs.oracle.com/javase/8/docs/api/java/util/Set.html" title="class or interface in java.util" class="external-link">Set</a>&lt;<a href="SecurityEvaluator.Action.html" title="enum in org.apache.jena.permissions">SecurityEvaluator.Action</a>&gt;&nbsp;actions,
<a href="https://jena.apache.org/documentation/javadoc/jena/org.apache.jena.core/org/apache/jena/graph/Node.html" title="class or interface in org.apache.jena.graph" class="external-link">Node</a>&nbsp;graphIRI,
<a href="https://jena.apache.org/documentation/javadoc/jena/org.apache.jena.core/org/apache/jena/graph/Triple.html" title="class or interface in org.apache.jena.graph" class="external-link">Triple</a>&nbsp;triple)</code></div>
<div class="col-last odd-row-color method-summary-table method-summary-table-tab2 method-summary-table-tab5">
<div class="block">Determine if all the actions are allowed on the triple within the graph.</div>
</div>
<div class="col-first even-row-color method-summary-table method-summary-table-tab2 method-summary-table-tab3"><code>boolean</code></div>
<div class="col-second even-row-color method-summary-table method-summary-table-tab2 method-summary-table-tab3"><code><a href="#evaluate(java.lang.Object,org.apache.jena.permissions.SecurityEvaluator.Action,org.apache.jena.graph.Node)" class="member-name-link">evaluate</a><wbr>(<a href="https://docs.oracle.com/javase/8/docs/api/java/lang/Object.html" title="class or interface in java.lang" class="external-link">Object</a>&nbsp;principal,
<a href="SecurityEvaluator.Action.html" title="enum in org.apache.jena.permissions">SecurityEvaluator.Action</a>&nbsp;action,
<a href="https://jena.apache.org/documentation/javadoc/jena/org.apache.jena.core/org/apache/jena/graph/Node.html" title="class or interface in org.apache.jena.graph" class="external-link">Node</a>&nbsp;graphIRI)</code></div>
<div class="col-last even-row-color method-summary-table method-summary-table-tab2 method-summary-table-tab3">
<div class="block">Determine if the action is allowed on the graph.</div>
</div>
<div class="col-first odd-row-color method-summary-table method-summary-table-tab2 method-summary-table-tab3"><code>boolean</code></div>
<div class="col-second odd-row-color method-summary-table method-summary-table-tab2 method-summary-table-tab3"><code><a href="#evaluate(java.lang.Object,org.apache.jena.permissions.SecurityEvaluator.Action,org.apache.jena.graph.Node,org.apache.jena.graph.Triple)" class="member-name-link">evaluate</a><wbr>(<a href="https://docs.oracle.com/javase/8/docs/api/java/lang/Object.html" title="class or interface in java.lang" class="external-link">Object</a>&nbsp;principal,
<a href="SecurityEvaluator.Action.html" title="enum in org.apache.jena.permissions">SecurityEvaluator.Action</a>&nbsp;action,
<a href="https://jena.apache.org/documentation/javadoc/jena/org.apache.jena.core/org/apache/jena/graph/Node.html" title="class or interface in org.apache.jena.graph" class="external-link">Node</a>&nbsp;graphIRI,
<a href="https://jena.apache.org/documentation/javadoc/jena/org.apache.jena.core/org/apache/jena/graph/Triple.html" title="class or interface in org.apache.jena.graph" class="external-link">Triple</a>&nbsp;triple)</code></div>
<div class="col-last odd-row-color method-summary-table method-summary-table-tab2 method-summary-table-tab3">
<div class="block">Determine if the action is allowed on the triple within the graph.</div>
</div>
<div class="col-first even-row-color method-summary-table method-summary-table-tab2 method-summary-table-tab5"><code>default boolean</code></div>
<div class="col-second even-row-color method-summary-table method-summary-table-tab2 method-summary-table-tab5"><code><a href="#evaluateAny(java.lang.Object,java.util.Set,org.apache.jena.graph.Node)" class="member-name-link">evaluateAny</a><wbr>(<a href="https://docs.oracle.com/javase/8/docs/api/java/lang/Object.html" title="class or interface in java.lang" class="external-link">Object</a>&nbsp;principal,
<a href="https://docs.oracle.com/javase/8/docs/api/java/util/Set.html" title="class or interface in java.util" class="external-link">Set</a>&lt;<a href="SecurityEvaluator.Action.html" title="enum in org.apache.jena.permissions">SecurityEvaluator.Action</a>&gt;&nbsp;actions,
<a href="https://jena.apache.org/documentation/javadoc/jena/org.apache.jena.core/org/apache/jena/graph/Node.html" title="class or interface in org.apache.jena.graph" class="external-link">Node</a>&nbsp;graphIRI)</code></div>
<div class="col-last even-row-color method-summary-table method-summary-table-tab2 method-summary-table-tab5">
<div class="block">Determine if any of the actions are allowed on the graph.</div>
</div>
<div class="col-first odd-row-color method-summary-table method-summary-table-tab2 method-summary-table-tab5"><code>default boolean</code></div>
<div class="col-second odd-row-color method-summary-table method-summary-table-tab2 method-summary-table-tab5"><code><a href="#evaluateAny(java.lang.Object,java.util.Set,org.apache.jena.graph.Node,org.apache.jena.graph.Triple)" class="member-name-link">evaluateAny</a><wbr>(<a href="https://docs.oracle.com/javase/8/docs/api/java/lang/Object.html" title="class or interface in java.lang" class="external-link">Object</a>&nbsp;principal,
<a href="https://docs.oracle.com/javase/8/docs/api/java/util/Set.html" title="class or interface in java.util" class="external-link">Set</a>&lt;<a href="SecurityEvaluator.Action.html" title="enum in org.apache.jena.permissions">SecurityEvaluator.Action</a>&gt;&nbsp;actions,
<a href="https://jena.apache.org/documentation/javadoc/jena/org.apache.jena.core/org/apache/jena/graph/Node.html" title="class or interface in org.apache.jena.graph" class="external-link">Node</a>&nbsp;graphIRI,
<a href="https://jena.apache.org/documentation/javadoc/jena/org.apache.jena.core/org/apache/jena/graph/Triple.html" title="class or interface in org.apache.jena.graph" class="external-link">Triple</a>&nbsp;triple)</code></div>
<div class="col-last odd-row-color method-summary-table method-summary-table-tab2 method-summary-table-tab5">
<div class="block">Determine if any of the actions are allowed on the triple within the graph.</div>
</div>
<div class="col-first even-row-color method-summary-table method-summary-table-tab2 method-summary-table-tab5"><code>default boolean</code></div>
<div class="col-second even-row-color method-summary-table method-summary-table-tab2 method-summary-table-tab5"><code><a href="#evaluateUpdate(java.lang.Object,org.apache.jena.graph.Node,org.apache.jena.graph.Triple,org.apache.jena.graph.Triple)" class="member-name-link">evaluateUpdate</a><wbr>(<a href="https://docs.oracle.com/javase/8/docs/api/java/lang/Object.html" title="class or interface in java.lang" class="external-link">Object</a>&nbsp;principal,
<a href="https://jena.apache.org/documentation/javadoc/jena/org.apache.jena.core/org/apache/jena/graph/Node.html" title="class or interface in org.apache.jena.graph" class="external-link">Node</a>&nbsp;graphIRI,
<a href="https://jena.apache.org/documentation/javadoc/jena/org.apache.jena.core/org/apache/jena/graph/Triple.html" title="class or interface in org.apache.jena.graph" class="external-link">Triple</a>&nbsp;from,
<a href="https://jena.apache.org/documentation/javadoc/jena/org.apache.jena.core/org/apache/jena/graph/Triple.html" title="class or interface in org.apache.jena.graph" class="external-link">Triple</a>&nbsp;to)</code></div>
<div class="col-last even-row-color method-summary-table method-summary-table-tab2 method-summary-table-tab5">
<div class="block">Determine if the user is allowed to update the "from" triple to the "to"
triple.</div>
</div>
<div class="col-first odd-row-color method-summary-table method-summary-table-tab2 method-summary-table-tab3"><code><a href="https://docs.oracle.com/javase/8/docs/api/java/lang/Object.html" title="class or interface in java.lang" class="external-link">Object</a></code></div>
<div class="col-second odd-row-color method-summary-table method-summary-table-tab2 method-summary-table-tab3"><code><a href="#getPrincipal()" class="member-name-link">getPrincipal</a>()</code></div>
<div class="col-last odd-row-color method-summary-table method-summary-table-tab2 method-summary-table-tab3">
<div class="block">returns the current principal or null if there is no current principal.</div>
</div>
<div class="col-first even-row-color method-summary-table method-summary-table-tab2 method-summary-table-tab5"><code>default boolean</code></div>
<div class="col-second even-row-color method-summary-table method-summary-table-tab2 method-summary-table-tab5"><code><a href="#isHardReadError()" class="member-name-link">isHardReadError</a>()</code></div>
<div class="col-last even-row-color method-summary-table method-summary-table-tab2 method-summary-table-tab5">
<div class="block">Returns true if reads blocked by permissions should throw exceptions.</div>
</div>
<div class="col-first odd-row-color method-summary-table method-summary-table-tab2 method-summary-table-tab3"><code>boolean</code></div>
<div class="col-second odd-row-color method-summary-table method-summary-table-tab2 method-summary-table-tab3"><code><a href="#isPrincipalAuthenticated(java.lang.Object)" class="member-name-link">isPrincipalAuthenticated</a><wbr>(<a href="https://docs.oracle.com/javase/8/docs/api/java/lang/Object.html" title="class or interface in java.lang" class="external-link">Object</a>&nbsp;principal)</code></div>
<div class="col-last odd-row-color method-summary-table method-summary-table-tab2 method-summary-table-tab3">
<div class="block">Returns true if the principal is recognized as an authenticated principal by
the underlying authentication mechanism.</div>
</div>
</div>
</div>
</div>
</section>
</li>
</ul>
</section>
<section class="details">
<ul class="details-list">
<!-- ============ FIELD DETAIL =========== -->
<li>
<section class="field-details" id="field-detail">
<h2>Field Details</h2>
<ul class="member-list">
<li>
<section class="detail" id="VARIABLE">
<h3>VARIABLE</h3>
<div class="member-signature"><span class="modifiers">static final</span>&nbsp;<span class="return-type"><a href="https://jena.apache.org/documentation/javadoc/jena/org.apache.jena.core/org/apache/jena/graph/Node.html" title="class or interface in org.apache.jena.graph" class="external-link">Node</a></span>&nbsp;<span class="element-name">VARIABLE</span></div>
<div class="block">Indicates a variable in the triple.
<p>
This differs from <code>ANY</code> in that the system is asking if there are
any prohibitions not if the user may perform. Thus queries with the VARIABLE
type node should return <code>true</code> where <code>ANY</code> returns
<code>false</code>. In general this type is used in the query to determine if
triple level filtering of results must be performed.
<dl>
<dt><code>(VARIABLE, X, Y )</code></dt>
<dd>Asks if there are any prohibitions against the user seeing all subjects
that have property X and object Y.</dd>
<dt><code>(X, VARIABLE, Y )</code></dt>
<dd>Asks if there are any prohibitions against the user seeing all predicates
that have subject X and object Y.</dd>
<dt><code>(X, Y, VARIABLE)</code></dt>
<dd>Asks if there are any prohibitions against the user seeing all objects
that have subject X and predicate Y.</dd>
</dl>
The <code>VARIABLE</code> may occur multiple times and may occur with the
<code>ANY</code> node.</div>
</section>
</li>
<li>
<section class="detail" id="FUTURE">
<h3>FUTURE</h3>
<div class="member-signature"><span class="modifiers">static final</span>&nbsp;<span class="return-type"><a href="https://jena.apache.org/documentation/javadoc/jena/org.apache.jena.core/org/apache/jena/graph/Node.html" title="class or interface in org.apache.jena.graph" class="external-link">Node</a></span>&nbsp;<span class="element-name">FUTURE</span></div>
<div class="block">This is a blank (anonymous) node that will be created in the future.
<p>
FUTURE is used to check that a blank node may be created in as specific
position in a triple.
<dl>
<dt><code>(FUTURE, X, Y )</code></dt>
<dd>Asks if there the user may create a blank node that has property X and
object Y.</dd>
<dt><code>(X, Y, FUTURE)</code></dt>
<dd>Asks if there the user may create a blank node that has subject X and
property Y.</dd>
</dl>
The <code>FUTURE</code> may occur multiple times and may occur with the
<code>ANY</code> node.</div>
</section>
</li>
</ul>
</section>
</li>
<!-- ============ METHOD DETAIL ========== -->
<li>
<section class="method-details" id="method-detail">
<h2>Method Details</h2>
<ul class="member-list">
<li>
<section class="detail" id="evaluate(java.lang.Object,org.apache.jena.permissions.SecurityEvaluator.Action,org.apache.jena.graph.Node)">
<h3>evaluate</h3>
<div class="member-signature"><span class="return-type">boolean</span>&nbsp;<span class="element-name">evaluate</span><wbr><span class="parameters">(<a href="https://docs.oracle.com/javase/8/docs/api/java/lang/Object.html" title="class or interface in java.lang" class="external-link">Object</a>&nbsp;principal,
<a href="SecurityEvaluator.Action.html" title="enum in org.apache.jena.permissions">SecurityEvaluator.Action</a>&nbsp;action,
<a href="https://jena.apache.org/documentation/javadoc/jena/org.apache.jena.core/org/apache/jena/graph/Node.html" title="class or interface in org.apache.jena.graph" class="external-link">Node</a>&nbsp;graphIRI)</span>
throws <span class="exceptions"><a href="https://jena.apache.org/documentation/javadoc/jena/org.apache.jena.core/org/apache/jena/shared/AuthenticationRequiredException.html" title="class or interface in org.apache.jena.shared" class="external-link">AuthenticationRequiredException</a></span></div>
<div class="block">Determine if the action is allowed on the graph.</div>
<dl class="notes">
<dt>Parameters:</dt>
<dd><code>principal</code> - The principal that is attempting the action.</dd>
<dd><code>action</code> - The action to perform</dd>
<dd><code>graphIRI</code> - The IRI of the graph to check</dd>
<dt>Returns:</dt>
<dd>true if the action is allowed, false otherwise.</dd>
<dt>Throws:</dt>
<dd><code><a href="https://jena.apache.org/documentation/javadoc/jena/org.apache.jena.core/org/apache/jena/shared/AuthenticationRequiredException.html" title="class or interface in org.apache.jena.shared" class="external-link">AuthenticationRequiredException</a></code> - if user is not authenticated and is
required to be.</dd>
</dl>
</section>
</li>
<li>
<section class="detail" id="evaluate(java.lang.Object,org.apache.jena.permissions.SecurityEvaluator.Action,org.apache.jena.graph.Node,org.apache.jena.graph.Triple)">
<h3>evaluate</h3>
<div class="member-signature"><span class="return-type">boolean</span>&nbsp;<span class="element-name">evaluate</span><wbr><span class="parameters">(<a href="https://docs.oracle.com/javase/8/docs/api/java/lang/Object.html" title="class or interface in java.lang" class="external-link">Object</a>&nbsp;principal,
<a href="SecurityEvaluator.Action.html" title="enum in org.apache.jena.permissions">SecurityEvaluator.Action</a>&nbsp;action,
<a href="https://jena.apache.org/documentation/javadoc/jena/org.apache.jena.core/org/apache/jena/graph/Node.html" title="class or interface in org.apache.jena.graph" class="external-link">Node</a>&nbsp;graphIRI,
<a href="https://jena.apache.org/documentation/javadoc/jena/org.apache.jena.core/org/apache/jena/graph/Triple.html" title="class or interface in org.apache.jena.graph" class="external-link">Triple</a>&nbsp;triple)</span>
throws <span class="exceptions"><a href="https://jena.apache.org/documentation/javadoc/jena/org.apache.jena.core/org/apache/jena/shared/AuthenticationRequiredException.html" title="class or interface in org.apache.jena.shared" class="external-link">AuthenticationRequiredException</a></span></div>
<div class="block">Determine if the action is allowed on the triple within the graph.
<p>
The evaluation should be performed in the following order:
<ol>
<li>If the triple contains a <code>VARIABLE</code> then this method must
return <code>true</code> if there are any restrictions where the remaining
nodes are either constants or <code>ANY</code> nodes. This will force the
system to use subsequent checks to verify access by substituting the value of
the <code>VARIABLE</code>s. <em>If the system can not quickly verify the
solution it is always acceptable to return <code>true</code>.</em>
<li>Except as specified in the above check, if the triple contains an
<code>ANY</code> then this method must return <code>false</code> if there are
any restrictions where the remaining nodes are held constant and the ANY node
is allowed to vary. This checks is used to avoid subsequent explicit triple
checks. <em>If the system can not quickly verify the solution it is always
acceptable to return <code>false</code>.</em></li>
<li>All other triples are explicit triples and the system must determine if
the user is permitted to perform the action on the triple. If the triple
contains a <code>FUTURE</code> node that node should be considered as an
anonymous or blank node that is not yet created. It should only be used with
<code>Create</code> actions and is asking if the user may create a blank node
in that position in the triple.</li>
</ol></div>
<dl class="notes">
<dt>Parameters:</dt>
<dd><code>principal</code> - The principal that is attempting the action.</dd>
<dd><code>action</code> - The action to perform</dd>
<dd><code>graphIRI</code> - The IRI of the graph to the action is being taken upon. May
be <code>ANY</code>.</dd>
<dd><code>triple</code> - The triple to check</dd>
<dt>Returns:</dt>
<dd>true if the action is allowed, false otherwise.</dd>
<dt>Throws:</dt>
<dd><code><a href="https://docs.oracle.com/javase/8/docs/api/java/lang/IllegalArgumentException.html" title="class or interface in java.lang" class="external-link">IllegalArgumentException</a></code> - if any argument is null.</dd>
<dd><code><a href="https://jena.apache.org/documentation/javadoc/jena/org.apache.jena.core/org/apache/jena/shared/AuthenticationRequiredException.html" title="class or interface in org.apache.jena.shared" class="external-link">AuthenticationRequiredException</a></code> - if user is not authenticated and is
required to be.</dd>
</dl>
</section>
</li>
<li>
<section class="detail" id="evaluate(java.lang.Object,java.util.Set,org.apache.jena.graph.Node)">
<h3>evaluate</h3>
<div class="member-signature"><span class="modifiers">default</span>&nbsp;<span class="return-type">boolean</span>&nbsp;<span class="element-name">evaluate</span><wbr><span class="parameters">(<a href="https://docs.oracle.com/javase/8/docs/api/java/lang/Object.html" title="class or interface in java.lang" class="external-link">Object</a>&nbsp;principal,
<a href="https://docs.oracle.com/javase/8/docs/api/java/util/Set.html" title="class or interface in java.util" class="external-link">Set</a>&lt;<a href="SecurityEvaluator.Action.html" title="enum in org.apache.jena.permissions">SecurityEvaluator.Action</a>&gt;&nbsp;actions,
<a href="https://jena.apache.org/documentation/javadoc/jena/org.apache.jena.core/org/apache/jena/graph/Node.html" title="class or interface in org.apache.jena.graph" class="external-link">Node</a>&nbsp;graphIRI)</span>
throws <span class="exceptions"><a href="https://jena.apache.org/documentation/javadoc/jena/org.apache.jena.core/org/apache/jena/shared/AuthenticationRequiredException.html" title="class or interface in org.apache.jena.shared" class="external-link">AuthenticationRequiredException</a></span></div>
<div class="block">Determine if all actions are allowed on the graph.</div>
<dl class="notes">
<dt>Parameters:</dt>
<dd><code>principal</code> - The principal that is attempting the action.</dd>
<dd><code>actions</code> - The set of actions to perform</dd>
<dd><code>graphIRI</code> - The IRI of the graph to the action is being taken upon. May
be <code>ANY</code>.</dd>
<dt>Returns:</dt>
<dd>true if all the actions are allowed, false otherwise.</dd>
<dt>Throws:</dt>
<dd><code><a href="https://docs.oracle.com/javase/8/docs/api/java/lang/IllegalArgumentException.html" title="class or interface in java.lang" class="external-link">IllegalArgumentException</a></code> - if any argument is null.</dd>
<dd><code><a href="https://jena.apache.org/documentation/javadoc/jena/org.apache.jena.core/org/apache/jena/shared/AuthenticationRequiredException.html" title="class or interface in org.apache.jena.shared" class="external-link">AuthenticationRequiredException</a></code> - if user is not authenticated and is
required to be.</dd>
</dl>
</section>
</li>
<li>
<section class="detail" id="evaluate(java.lang.Object,java.util.Set,org.apache.jena.graph.Node,org.apache.jena.graph.Triple)">
<h3>evaluate</h3>
<div class="member-signature"><span class="modifiers">default</span>&nbsp;<span class="return-type">boolean</span>&nbsp;<span class="element-name">evaluate</span><wbr><span class="parameters">(<a href="https://docs.oracle.com/javase/8/docs/api/java/lang/Object.html" title="class or interface in java.lang" class="external-link">Object</a>&nbsp;principal,
<a href="https://docs.oracle.com/javase/8/docs/api/java/util/Set.html" title="class or interface in java.util" class="external-link">Set</a>&lt;<a href="SecurityEvaluator.Action.html" title="enum in org.apache.jena.permissions">SecurityEvaluator.Action</a>&gt;&nbsp;actions,
<a href="https://jena.apache.org/documentation/javadoc/jena/org.apache.jena.core/org/apache/jena/graph/Node.html" title="class or interface in org.apache.jena.graph" class="external-link">Node</a>&nbsp;graphIRI,
<a href="https://jena.apache.org/documentation/javadoc/jena/org.apache.jena.core/org/apache/jena/graph/Triple.html" title="class or interface in org.apache.jena.graph" class="external-link">Triple</a>&nbsp;triple)</span>
throws <span class="exceptions"><a href="https://jena.apache.org/documentation/javadoc/jena/org.apache.jena.core/org/apache/jena/shared/AuthenticationRequiredException.html" title="class or interface in org.apache.jena.shared" class="external-link">AuthenticationRequiredException</a></span></div>
<div class="block">Determine if all the actions are allowed on the triple within the graph.
<p>
See evaluate( Action, Node, Triple ) for discussion of evaluation strategy.
</p></div>
<dl class="notes">
<dt>Parameters:</dt>
<dd><code>actions</code> - The actions to perform.</dd>
<dd><code>graphIRI</code> - The IRI of the graph to the action is being taken upon. May
be <code>ANY</code>.</dd>
<dd><code>triple</code> - The triple to check</dd>
<dt>Returns:</dt>
<dd>true if all the actions are allowed, false otherwise.</dd>
<dt>Throws:</dt>
<dd><code><a href="https://docs.oracle.com/javase/8/docs/api/java/lang/IllegalArgumentException.html" title="class or interface in java.lang" class="external-link">IllegalArgumentException</a></code> - if any argument is null.</dd>
<dd><code><a href="https://jena.apache.org/documentation/javadoc/jena/org.apache.jena.core/org/apache/jena/shared/AuthenticationRequiredException.html" title="class or interface in org.apache.jena.shared" class="external-link">AuthenticationRequiredException</a></code> - if user is not authenticated and is
required to be.</dd>
</dl>
</section>
</li>
<li>
<section class="detail" id="evaluateAny(java.lang.Object,java.util.Set,org.apache.jena.graph.Node)">
<h3>evaluateAny</h3>
<div class="member-signature"><span class="modifiers">default</span>&nbsp;<span class="return-type">boolean</span>&nbsp;<span class="element-name">evaluateAny</span><wbr><span class="parameters">(<a href="https://docs.oracle.com/javase/8/docs/api/java/lang/Object.html" title="class or interface in java.lang" class="external-link">Object</a>&nbsp;principal,
<a href="https://docs.oracle.com/javase/8/docs/api/java/util/Set.html" title="class or interface in java.util" class="external-link">Set</a>&lt;<a href="SecurityEvaluator.Action.html" title="enum in org.apache.jena.permissions">SecurityEvaluator.Action</a>&gt;&nbsp;actions,
<a href="https://jena.apache.org/documentation/javadoc/jena/org.apache.jena.core/org/apache/jena/graph/Node.html" title="class or interface in org.apache.jena.graph" class="external-link">Node</a>&nbsp;graphIRI)</span>
throws <span class="exceptions"><a href="https://jena.apache.org/documentation/javadoc/jena/org.apache.jena.core/org/apache/jena/shared/AuthenticationRequiredException.html" title="class or interface in org.apache.jena.shared" class="external-link">AuthenticationRequiredException</a></span></div>
<div class="block">Determine if any of the actions are allowed on the graph.</div>
<dl class="notes">
<dt>Parameters:</dt>
<dd><code>principal</code> - The principal that is attempting the action.</dd>
<dd><code>actions</code> - The actions to perform</dd>
<dd><code>graphIRI</code> - The IRI of the graph to the action is being taken upon. May
be <code>ANY</code>.</dd>
<dt>Returns:</dt>
<dd>true true if any the actions are allowed, false otherwise.</dd>
<dt>Throws:</dt>
<dd><code><a href="https://docs.oracle.com/javase/8/docs/api/java/lang/IllegalArgumentException.html" title="class or interface in java.lang" class="external-link">IllegalArgumentException</a></code> - if any argument is null.</dd>
<dd><code><a href="https://jena.apache.org/documentation/javadoc/jena/org.apache.jena.core/org/apache/jena/shared/AuthenticationRequiredException.html" title="class or interface in org.apache.jena.shared" class="external-link">AuthenticationRequiredException</a></code> - if user is not authenticated and is
required to be.</dd>
</dl>
</section>
</li>
<li>
<section class="detail" id="evaluateAny(java.lang.Object,java.util.Set,org.apache.jena.graph.Node,org.apache.jena.graph.Triple)">
<h3>evaluateAny</h3>
<div class="member-signature"><span class="modifiers">default</span>&nbsp;<span class="return-type">boolean</span>&nbsp;<span class="element-name">evaluateAny</span><wbr><span class="parameters">(<a href="https://docs.oracle.com/javase/8/docs/api/java/lang/Object.html" title="class or interface in java.lang" class="external-link">Object</a>&nbsp;principal,
<a href="https://docs.oracle.com/javase/8/docs/api/java/util/Set.html" title="class or interface in java.util" class="external-link">Set</a>&lt;<a href="SecurityEvaluator.Action.html" title="enum in org.apache.jena.permissions">SecurityEvaluator.Action</a>&gt;&nbsp;actions,
<a href="https://jena.apache.org/documentation/javadoc/jena/org.apache.jena.core/org/apache/jena/graph/Node.html" title="class or interface in org.apache.jena.graph" class="external-link">Node</a>&nbsp;graphIRI,
<a href="https://jena.apache.org/documentation/javadoc/jena/org.apache.jena.core/org/apache/jena/graph/Triple.html" title="class or interface in org.apache.jena.graph" class="external-link">Triple</a>&nbsp;triple)</span>
throws <span class="exceptions"><a href="https://jena.apache.org/documentation/javadoc/jena/org.apache.jena.core/org/apache/jena/shared/AuthenticationRequiredException.html" title="class or interface in org.apache.jena.shared" class="external-link">AuthenticationRequiredException</a></span></div>
<div class="block">Determine if any of the actions are allowed on the triple within the graph.
<p>
See evaluate( Action, Node, Triple ) for discussion of evaluation strategy.
</p></div>
<dl class="notes">
<dt>Parameters:</dt>
<dd><code>principal</code> - The principal that is attempting the action.</dd>
<dd><code>actions</code> - The actions to check.</dd>
<dd><code>graphIRI</code> - The IRI of the graph to the action is being taken upon. May
be <code>ANY</code>.</dd>
<dd><code>triple</code> - The triple to check</dd>
<dt>Returns:</dt>
<dd>true if any the actions are allowed, false otherwise.</dd>
<dt>Throws:</dt>
<dd><code><a href="https://docs.oracle.com/javase/8/docs/api/java/lang/IllegalArgumentException.html" title="class or interface in java.lang" class="external-link">IllegalArgumentException</a></code> - if any argument is null.</dd>
<dd><code><a href="https://jena.apache.org/documentation/javadoc/jena/org.apache.jena.core/org/apache/jena/shared/AuthenticationRequiredException.html" title="class or interface in org.apache.jena.shared" class="external-link">AuthenticationRequiredException</a></code> - if user is not authenticated and is
required to be.</dd>
</dl>
</section>
</li>
<li>
<section class="detail" id="evaluateUpdate(java.lang.Object,org.apache.jena.graph.Node,org.apache.jena.graph.Triple,org.apache.jena.graph.Triple)">
<h3>evaluateUpdate</h3>
<div class="member-signature"><span class="modifiers">default</span>&nbsp;<span class="return-type">boolean</span>&nbsp;<span class="element-name">evaluateUpdate</span><wbr><span class="parameters">(<a href="https://docs.oracle.com/javase/8/docs/api/java/lang/Object.html" title="class or interface in java.lang" class="external-link">Object</a>&nbsp;principal,
<a href="https://jena.apache.org/documentation/javadoc/jena/org.apache.jena.core/org/apache/jena/graph/Node.html" title="class or interface in org.apache.jena.graph" class="external-link">Node</a>&nbsp;graphIRI,
<a href="https://jena.apache.org/documentation/javadoc/jena/org.apache.jena.core/org/apache/jena/graph/Triple.html" title="class or interface in org.apache.jena.graph" class="external-link">Triple</a>&nbsp;from,
<a href="https://jena.apache.org/documentation/javadoc/jena/org.apache.jena.core/org/apache/jena/graph/Triple.html" title="class or interface in org.apache.jena.graph" class="external-link">Triple</a>&nbsp;to)</span>
throws <span class="exceptions"><a href="https://jena.apache.org/documentation/javadoc/jena/org.apache.jena.core/org/apache/jena/shared/AuthenticationRequiredException.html" title="class or interface in org.apache.jena.shared" class="external-link">AuthenticationRequiredException</a></span></div>
<div class="block">Determine if the user is allowed to update the "from" triple to the "to"
triple.
<p>
Update is a special case since it modifies one triple to be another. So the
user must have permissions to change the "from" triple into the "to" triple.</div>
<dl class="notes">
<dt>Parameters:</dt>
<dd><code>principal</code> - The principal that is attempting the action.</dd>
<dd><code>graphIRI</code> - The IRI of the graph to the action is being taken upon. May
be <code>ANY</code>.</dd>
<dd><code>from</code> - The triple to be changed</dd>
<dd><code>to</code> - The value to change it to.</dd>
<dt>Returns:</dt>
<dd>true if the user may make the change, false otherwise.</dd>
<dt>Throws:</dt>
<dd><code><a href="https://docs.oracle.com/javase/8/docs/api/java/lang/IllegalArgumentException.html" title="class or interface in java.lang" class="external-link">IllegalArgumentException</a></code> - if any argument is null.</dd>
<dd><code><a href="https://jena.apache.org/documentation/javadoc/jena/org.apache.jena.core/org/apache/jena/shared/AuthenticationRequiredException.html" title="class or interface in org.apache.jena.shared" class="external-link">AuthenticationRequiredException</a></code> - if user is not authenticated and is
required to be.</dd>
</dl>
</section>
</li>
<li>
<section class="detail" id="getPrincipal()">
<h3>getPrincipal</h3>
<div class="member-signature"><span class="return-type"><a href="https://docs.oracle.com/javase/8/docs/api/java/lang/Object.html" title="class or interface in java.lang" class="external-link">Object</a></span>&nbsp;<span class="element-name">getPrincipal</span>()</div>
<div class="block">returns the current principal or null if there is no current principal.
All security evaluation methods use this method to determine who the call is
being executed as. This allows subsystems (like the listener system) to
capture the current user and evaluate later calls in terms of that user.</div>
<dl class="notes">
<dt>Returns:</dt>
<dd>The current principal</dd>
</dl>
</section>
</li>
<li>
<section class="detail" id="isPrincipalAuthenticated(java.lang.Object)">
<h3>isPrincipalAuthenticated</h3>
<div class="member-signature"><span class="return-type">boolean</span>&nbsp;<span class="element-name">isPrincipalAuthenticated</span><wbr><span class="parameters">(<a href="https://docs.oracle.com/javase/8/docs/api/java/lang/Object.html" title="class or interface in java.lang" class="external-link">Object</a>&nbsp;principal)</span></div>
<div class="block">Returns true if the principal is recognized as an authenticated principal by
the underlying authentication mechanism.
This is to handle the case where an authentication mechanism returns a
non-null object to indicate a non-authenticated principal. (e.g. Shiro).
The principal is guaranteed to have been the return value from an earlier
getPrincipal() call.</div>
<dl class="notes">
<dt>Parameters:</dt>
<dd><code>principal</code> - The principal to check.</dd>
<dt>Returns:</dt>
<dd>true if authenticated, false if not.</dd>
</dl>
</section>
</li>
<li>
<section class="detail" id="isHardReadError()">
<h3>isHardReadError</h3>
<div class="member-signature"><span class="modifiers">default</span>&nbsp;<span class="return-type">boolean</span>&nbsp;<span class="element-name">isHardReadError</span>()</div>
<div class="block">Returns true if reads blocked by permissions should throw exceptions. If set
false then:
<ul>
<li>For iterators return empty iterators.</li>
<li>For existential checks return false.</li>
<li>For counts return 0.</li>
</ul></div>
<dl class="notes">
<dt>Returns:</dt>
<dd>true if reads blocked by permissions should throw an exception.</dd>
</dl>
</section>
</li>
</ul>
</section>
</li>
</ul>
</section>
<!-- ========= END OF CLASS DATA ========= -->
</main>
<footer role="contentinfo">
<hr>
<p class="legal-copy"><small>Licensed under the Apache License, Version 2.0</small></p>
</footer>
</div>
</div>
</body>
</html>