JENA-1901 Provide default implementations for some of SecurityEvaluator's methods
diff --git a/jena-permissions/src/main/java/org/apache/jena/permissions/SecurityEvaluator.java b/jena-permissions/src/main/java/org/apache/jena/permissions/SecurityEvaluator.java
index 41c157a..2be92aa 100644
--- a/jena-permissions/src/main/java/org/apache/jena/permissions/SecurityEvaluator.java
+++ b/jena-permissions/src/main/java/org/apache/jena/permissions/SecurityEvaluator.java
@@ -17,16 +17,13 @@
*/
package org.apache.jena.permissions;
-import java.util.Arrays;
-import java.util.Collection;
-import java.util.LinkedHashSet;
-import java.util.Set;
-
import org.apache.jena.graph.Node;
-import org.apache.jena.graph.Triple;
import org.apache.jena.graph.NodeFactory;
+import org.apache.jena.graph.Triple;
import org.apache.jena.shared.AuthenticationRequiredException;
+import java.util.*;
+
/**
* SecurityEvaluator.
* <p>
@@ -213,7 +210,7 @@
* @throws AuthenticationRequiredException
* if user is not authenticated and is required to be.
*/
- public boolean evaluate(Object principal, Action action, Node graphIRI)
+ boolean evaluate(Object principal, Action action, Node graphIRI)
throws AuthenticationRequiredException;
/**
@@ -282,8 +279,10 @@
* @throws AuthenticationRequiredException
* if user is not authenticated and is required to be.
*/
- public boolean evaluate(Object principal, Set<Action> actions, Node graphIRI)
- throws AuthenticationRequiredException;
+ public default boolean evaluate(Object principal, Set<Action> actions, Node graphIRI)
+ throws AuthenticationRequiredException {
+ return actions.stream().allMatch(action -> evaluate(principal, action, graphIRI));
+ }
/**
* Determine if all the actions are allowed on the triple within the graph.
@@ -305,9 +304,11 @@
* @throws AuthenticationRequiredException
* if user is not authenticated and is required to be.
*/
- public boolean evaluate(Object principal, Set<Action> actions,
+ public default boolean evaluate(Object principal, Set<Action> actions,
Node graphIRI, Triple triple)
- throws AuthenticationRequiredException;
+ throws AuthenticationRequiredException {
+ return actions.stream().allMatch(action -> evaluate(principal, action, graphIRI));
+ }
/**
* Determine if any of the actions are allowed on the graph.
@@ -326,8 +327,10 @@
* @throws AuthenticationRequiredException
* if user is not authenticated and is required to be.
*/
- public boolean evaluateAny(Object principal, Set<Action> actions,
- Node graphIRI) throws AuthenticationRequiredException;
+ public default boolean evaluateAny(Object principal, Set<Action> actions,
+ Node graphIRI) throws AuthenticationRequiredException {
+ return actions.stream().anyMatch(action -> evaluate(principal, action, graphIRI));
+ }
/**
* Determine if any of the actions are allowed on the triple within the
@@ -353,9 +356,11 @@
* @throws AuthenticationRequiredException
* if user is not authenticated and is required to be.
*/
- public boolean evaluateAny(Object principal, Set<Action> actions,
+ public default boolean evaluateAny(Object principal, Set<Action> actions,
Node graphIRI, Triple triple)
- throws AuthenticationRequiredException;
+ throws AuthenticationRequiredException {
+ return actions.stream().anyMatch(action -> evaluate(principal, action, graphIRI, triple));
+ }
/**
* Determine if the user is allowed to update the "from" triple to the "to"
@@ -380,8 +385,10 @@
* @throws AuthenticationRequiredException
* if user is not authenticated and is required to be.
*/
- public boolean evaluateUpdate(Object principal, Node graphIRI, Triple from,
- Triple to) throws AuthenticationRequiredException;
+ public default boolean evaluateUpdate(Object principal, Node graphIRI, Triple from,
+ Triple to) throws AuthenticationRequiredException {
+ return evaluate(principal, Action.Delete, graphIRI, from) && evaluate(principal, Action.Create, graphIRI, to);
+ }
/**
* returns the current principal or null if there is no current principal.
diff --git a/jena-permissions/src/test/java/org/apache/jena/permissions/SecurityEvaluatorTest.java b/jena-permissions/src/test/java/org/apache/jena/permissions/SecurityEvaluatorTest.java
new file mode 100644
index 0000000..e24fe99
--- /dev/null
+++ b/jena-permissions/src/test/java/org/apache/jena/permissions/SecurityEvaluatorTest.java
@@ -0,0 +1,94 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.jena.permissions;
+
+import static org.junit.Assert.*;
+
+import org.apache.jena.graph.Node;
+import org.apache.jena.graph.Triple;
+import org.apache.jena.permissions.SecurityEvaluator.Action;
+import org.apache.jena.shared.AuthenticationRequiredException;
+import org.junit.Test;
+
+import java.util.EnumSet;
+
+public class SecurityEvaluatorTest {
+ private static final Object PRINCIPAL = null;
+ private static final Node GRAPH = null;
+ private static final Triple TRIPLE = null;
+ private static final EnumSet<Action> ALLOWED_ACTIONS = EnumSet.of(Action.Create, Action.Delete);
+ private static final EnumSet<Action> DISALLOWED_ACTIONS = EnumSet.complementOf(ALLOWED_ACTIONS);
+ public static final EnumSet<Action> ALL_ACTIONS = EnumSet.noneOf(Action.class);
+
+
+ private final SecurityEvaluator evaluator = new SecurityEvaluator() {
+
+ @Override
+ public boolean evaluate(Object principal, Action action, Node graphIRI) throws AuthenticationRequiredException {
+ return ALLOWED_ACTIONS.contains(action);
+ }
+
+ @Override
+ public boolean evaluate(Object principal, Action action, Node graphIRI, Triple triple) throws AuthenticationRequiredException {
+ return ALLOWED_ACTIONS.contains(action);
+ }
+
+ @Override
+ public Object getPrincipal() {
+ return null;
+ }
+
+ @Override
+ public boolean isPrincipalAuthenticated(Object principal) {
+ return false;
+ }
+ };
+
+ @Test
+ public void testAllLogicForGraphOperations() {
+ assertTrue(evaluator.evaluate(PRINCIPAL, ALL_ACTIONS, GRAPH));
+ assertTrue(evaluator.evaluate(PRINCIPAL, ALLOWED_ACTIONS, GRAPH));
+ assertFalse(evaluator.evaluate(PRINCIPAL, DISALLOWED_ACTIONS, GRAPH));
+ assertFalse(evaluator.evaluate(PRINCIPAL, EnumSet.allOf(Action.class), GRAPH));
+ }
+
+
+ @Test
+ public void testAnyLogicForGraphOperations() {
+ assertFalse(evaluator.evaluateAny(PRINCIPAL, ALL_ACTIONS, GRAPH));
+ assertTrue(evaluator.evaluateAny(PRINCIPAL, ALLOWED_ACTIONS, GRAPH));
+ assertFalse(evaluator.evaluateAny(PRINCIPAL, DISALLOWED_ACTIONS, GRAPH));
+ assertTrue(evaluator.evaluateAny(PRINCIPAL, EnumSet.allOf(Action.class), GRAPH));
+ }
+
+ public void testAllLogicForTripleOperations() {
+ assertTrue(evaluator.evaluate(PRINCIPAL, ALL_ACTIONS, GRAPH, TRIPLE));
+ assertTrue(evaluator.evaluate(PRINCIPAL, ALLOWED_ACTIONS, GRAPH, TRIPLE));
+ assertFalse(evaluator.evaluate(PRINCIPAL, DISALLOWED_ACTIONS, GRAPH, TRIPLE));
+ assertFalse(evaluator.evaluate(PRINCIPAL, EnumSet.allOf(Action.class), GRAPH, TRIPLE));
+ }
+
+
+ @Test
+ public void testAnyLogicForTripleOperations() {
+ assertFalse(evaluator.evaluateAny(PRINCIPAL, ALL_ACTIONS, GRAPH, TRIPLE));
+ assertTrue(evaluator.evaluateAny(PRINCIPAL, ALLOWED_ACTIONS, GRAPH, TRIPLE));
+ assertFalse(evaluator.evaluateAny(PRINCIPAL, DISALLOWED_ACTIONS, GRAPH, TRIPLE));
+ assertTrue(evaluator.evaluateAny(PRINCIPAL, EnumSet.allOf(Action.class), GRAPH, TRIPLE));
+ }
+}
\ No newline at end of file
