JenaSecurity is a SecurityEvaluator interface and a set of
dynamic proxies that apply that interface to Jena Graphs, Models, and
associated methods and classes.
The SecurityEvaluator class must be implemented. This class provides
the interface to the authentication results (e.g.
getPrincipal()
) and the authorization system.
- Create a SecuredGraph by calling
Factory.getInstance(
SecurityEvaluator, String, Graph );
- Create a SecuredModel by calling
Factory.getInstance(
SecurityEvaluator, String, Model )
- It is not recommended that you use the Jena
ModelFactory.createModelForGraph(
SecuredGraph ) See Differences Between Graph and Model below for
reasons.
- See SecurityEvaluator documentation for description of
cascading security checks
- Secured methods are annotated with: @sec.graph for
permissions required on the graph to execute the method.
@sec.triple for permissions required on the associated triples
(if any) to execute the method.
- It is possible to implement a SecurityEvaluator that does not
enforce security at the triple level. See SecurityEvaluator
documentation for details
Differences Between
Graph
and
Model
The Graph interface does not have the concept of "update". Thus all
updates are implemented as a delete and an insert. The Model interface
does have the concept of update as evidenced by the
replace()
method in the
RDFList
class. This difference means that a
Model
created by calling
ModelFactory.createModelForGraph( SecuredGraph )
will yield a model that evaluates
Update
actions differently from one created with
Factory.getInstance( SecurityEvaluator, modelIRI, model)
.
- Models created by the Jena ModelFactory will require that the
user have both delete and create permissions on the underlying graph
to perform the update. And will delete the existing triple before
attempting to create the new one. Since the graph interface does not
have visibility to the model's request for update these are, to the
graph, separate events. It is possible that the delete may succeed
while the create fails.
- Models created by the JenaSecurity Factory will require that
the user have update permissions on the underlying model to perform
the update. As long as the user has the update permission on the
graph, and the triple where required, the update is performed as a
single event.
This is the well documented case of differences between the two secured
model creation methods. For this reason it is recommended that the
model be created with the
Factory.getInsance()
method.