securitysail.java

这是外国一个开源推理机

/*	OMM - Ontology Middleware Module
 *	Copyright (C) 2002 OntoText Lab, Sirma AI OOD
 *
 *	Contact:
 *	Sirma AI OOD, OntoText Lab.
 *	38A, Christo Botev Blvd.
 *	1000 Sofia, Bulgaria
 *	tel. +359(2)981 00 18
 *	fax. +359(2)981 90 58
 *	info@ontotext.com
 *
 * 	http://www.ontotext.com/
 *
 *	This library is free software; you can redistribute it and/or
 *	modify it under the terms of the GNU Lesser General Public
 *	License as published by the Free Software Foundation; either
 *	version 2.1 of the License, or (at your option) any later version.
 *
 *	This library is distributed in the hope that it will be useful,
 *	but WITHOUT ANY WARRANTY; without even the implied warranty of
 *	MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.	See the GNU
 *	Lesser General Public License for more details.
 *
 *	You should have received a copy of the GNU Lesser General Public
 *	License along with this library; if not, write to the Free Software
 *	Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA	02111-1307	USA
 */
package org.openrdf.sesame.sailimpl.omm.security;

import java.io.FileOutputStream;
import java.io.IOException;
import java.sql.Connection;
import java.sql.DatabaseMetaData;
import java.sql.ResultSet;
import java.sql.SQLException;
import java.util.ArrayList;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Iterator;
import java.util.Map;
import java.util.Set;

import org.openrdf.util.jdbc.ConnectionPool;
import org.openrdf.util.log.ThreadLog;
import org.openrdf.vocabulary.RDF;
import org.openrdf.vocabulary.RDFS;

import org.openrdf.model.Graph;
import org.openrdf.model.Literal;
import org.openrdf.model.Resource;
import org.openrdf.model.URI;
import org.openrdf.model.Value;
import org.openrdf.model.ValueFactory;
import org.openrdf.model.impl.LiteralImpl;
import org.openrdf.model.impl.URIImpl;
import org.openrdf.model.impl.ValueFactoryImpl;

import org.openrdf.sesame.Sesame;
import org.openrdf.sesame.admin.XmlAdminMsgWriter;
import org.openrdf.sesame.constants.RDFFormat;
import org.openrdf.sesame.omm.SecurityServices;
import org.openrdf.sesame.omm.SessionContext;
import org.openrdf.sesame.omm.VersionManagement;
import org.openrdf.sesame.query.MalformedQueryException;
import org.openrdf.sesame.query.QueryErrorType;
import org.openrdf.sesame.query.TableQueryResultListener;
import org.openrdf.sesame.repository.local.LocalRepository;
import org.openrdf.sesame.repository.local.LocalService;
import org.openrdf.sesame.sail.LiteralIterator;
import org.openrdf.sesame.sail.NamespaceIterator;
import org.openrdf.sesame.sail.RdfRepository;
import org.openrdf.sesame.sail.RdfSchemaRepository;
import org.openrdf.sesame.sail.RdfSchemaSource;
import org.openrdf.sesame.sail.RdfSource;
import org.openrdf.sesame.sail.Sail;
import org.openrdf.sesame.sail.SailChangedListener;
import org.openrdf.sesame.sail.SailInitializationException;
import org.openrdf.sesame.sail.SailInternalException;
import org.openrdf.sesame.sail.SailUpdateException;
import org.openrdf.sesame.sail.StackedSail;
import org.openrdf.sesame.sail.StatementIterator;
import org.openrdf.sesame.sail.query.Query;
import org.openrdf.sesame.sailimpl.rdbms.RdbmsNamespace;

/* Jena depndency
import com.hp.hpl.mesa.rdf.jena.mem.*;
import com.hp.hpl.mesa.rdf.jena.common.prettywriter.*;
*/

/**
 * SecuritySail.java
 * <p>
 * Title: Knowledge Control System
 * </p>
 * <p>
 * </p>
 * <p>
 * Company: OntoText Lab. Sirma AI.
 * </p>
 * 
 * @author borislav popov
 * @version 1.0 Security Sail's purpose is to provide a fine grained security
 *          filtering layer over an RDF repository (e.g. Sesame) in a stacked
 *          sails architecture.
 *          <p>
 *          TODO:
 *          <ul>
 *          <li>PAUSED : getDomain,getRange :is properly filtered ?
 *          <li>remove the literal set object method from the pattern
 *          restrictions
 *          <li>BUG in the WEB interface: when selecting Extract data from the
 *          repository
 *          <li>isValueAccessible implement fully : now only for resource
 *          <li>QueryRestrictions : is correctly implemented? is defined to
 *          restrict statements but is used to restrict resources
 *          </ul>
 */
public class SecuritySail
		implements RdfSchemaRepository, StackedSail,
		SecurityServices, VersionManagement, TableQueryResultListener
{
	/** the transient triples for the current transaction */
	private ArrayList transients = new ArrayList();

	private static int lastResourceId = 0;
	private static int lastLiteralId = 0;

	/*
	 * the following base references are either null either are casted to the
	 * type specified but all are one and the same object
	 */
	/** base Sail */
	private Sail baseSail = null;
	/** base RdfSchemaSource */
	private RdfSchemaSource baseRdfSchemaSource = null;
	/** base RdfRepository */
	private RdfRepository baseRdfRepository = null;
	/** base RdfSource */
	private RdfSource baseRdfSource = null;
	/** base VersionManagement Sail */
	private VersionManagement versionMngmt = null;

	/** the current query results table consisting of Values */
	private ArrayList queryResult = new ArrayList();

	/** Maps executed queries vs. returned results list */
	Map queryResults = new HashMap();

	/**
	 * flag to indicate the status of the query: whether it is ready or is being
	 * used currently
	 */
	boolean isQueryReady = true;


	/** the class of the VersionManagement interface */
	private final static String VERSION_SAIL = "org.openrdf.sesame.omm.VersionManagement";

	/* > demo data related constants */
	private final static String SKILL = "http://www.ontotext.com/otk/2002/05/skills.rdfs#Skill";
	private final static String SKILL_LEVEL =
		"http://www.ontotext.com/otk/2002/05/skills.rdfs#SkillLevel";


	private final static String BUS_SKILL =
		"http://www.ontotext.com/otk/2002/05/sirma_skills_hier.rdfs#BusinessSkill";
	private final static String ESPIONAGE_SKILL =
		"http://www.ontotext.com/otk/2002/05/sirma_skills_hier.rdfs#BusinessEspionage";
	private final static String TECH_SKILL =
		"http://www.ontotext.com/otk/2002/05/sirma_skills_hier.rdfs#TechnicalSkill";
	private final static String SWING_SKILL =
		"http://www.ontotext.com/otk/2002/05/sirma_skills_hier.rdfs#Swing";
	private final static String DEMO_SWING_SKILL =
		"http://www.ontotext.com/otk/2002/05/sirma_enter_kb.rdf#DemoSwingSkill";
	private final static String RDF_TYPE =
		"http://www.w3.org/1999/02/22-rdf-syntax-ns#type";
	private final static String RESOURCE = "http://www.w3.org/2000/01/rdf-schema#Resource";
	private final static String PERSON ="http://www.ontotext.com/otk/2002/05/enterprise.rdfs#Person";

	private final static String HAS_SKILL = "http://www.ontotext.com/otk/2002/05/skills.rdfs#hasSkill";
	private final static String HAS_POSITION = "http://www.ontotext.com/otk/2002/05/enterprise.rdfs#hasPosition";
	private final static String SUB_CLASS_OF = "http://www.w3.org/2000/01/rdf-schema#subClassOf";

	private final static String AI_SKILL_QUERY = "select * from {X} http://www.w3.org/2000/01/rdf-schema#subClassOf {Y} where X = http://www.ontotext.com/otk/2002/05/sirma_skills_hier.rdfs#AISkill";
	private final static String HAS_POSITION_QUERY = "select * from {X} http://www.ontotext.com/otk/2002/05/enterprise.rdfs#hasPosition {Y}";

	private final static String AI_SKILL ="http://www.ontotext.com/otk/2002/05/sirma_skills_hier.rdfs#AISkill";
	private final static String MITAC ="http://www.ontotext.com/otk/2002/05/sirma_enter_kb.rdf#DimitarManov";
	/* > db related constants */

	private final static String KCS_URI = "http://www.ontotext.com/otk/2002/03/KCS.rdfs";
	private final static String BASE_KCS_URI = "http://www.ontotext.com/otk/2002/03/kcs.rdfs#";


	/** Name of table containing Users. */
	public static final String USERS_TABLE = "users";
	/** Name of table containing Users' roles. */
	public static final String USERS_ROLES_TABLE = "users_roles";
	/** Name of table containing Users' Rules. */
	public static final String USERS_RULES_TABLE = "users_rules";
	/** Name of table containing Roles. */
	public static final String ROLES_TABLE = "roles";
	/** Name of table containing Roles Hierarchy. */
	public static final String ROLES_HIERARCHY_TABLE = "roles_hierarchy";
	/** Name of table containing Roles' Rules. */
	public static final String ROLES_RULES_TABLE = "roles_rules";
	/** Name of table containing Security Rules. */
	public static final String SECURITY_RULES_TABLE = "security_rules";
	/** Name of table containing Restrictions. */
	public static final String RESTRICTIONS_TABLE = "restrictions";
	/** Name of table containing Resource Or Properties Restrictions. */
	public static final String RES_PROP_RESTRS_TABLE = "res_propr_restrs";
	/** Name of table containing Pattern Restrictions. */
	public static final String PATTERN_RESTRS_TABLE = "pattern_restrs";
	/** Name of table containing Query Restrictions. */
	public static final String QUERY_RESTRS_TABLE = "query_restrs";

	/** Name of table containing Resources. */
	public static final String RESOURCES_TABLE = "resources";
	/** Name of table containing Literals. */
	public static final String LITERALS_TABLE = "literals";
	/** Name of table containing Namespaces. */
	public static final String NAMESPACES_TABLE = "namespaces";

	/** drop table statement */
	public static final String DROP_TABLE = "DROP TABLE ";
	/** select * from statement */
	public static final String SELECT = "SELECT * FROM ";
	/** INSERT INTO statement */
	public static final String INSERT = "INSERT INTO ";
	/** VALUES part of statement */
	public static final String VALUES = " VALUES ";

	/** Integer datatype. */
	protected final static String INT = "INTEGER UNSIGNED";
	/** character 20 datatype */
	protected final static String CHR20 = "character varying(20)";
	/** character 255 datatype */
	protected final static String CHR255 = "character varying(255)";

	/* < db related constants */

	/** a map of uris vs resource ids */
	static Map resIdsByUri = new HashMap();

	/** conection pool */
	protected ConnectionPool conPool = null;

	/* > Security Services implemenation related members */
	/** the set of users */
	private Set users = new HashSet();
	/** the map of users' logins vs users objects */
	private Map usersByLogin = new HashMap();
	/** the map of users by id */
	private Map usersById = new HashMap();

	/** the set of security roles */
	private Set roles = new HashSet();

	/** the map of roles' ids vs roles objects */
	private Map rolesById = new HashMap();

	/** the map of roles' names vs roles objects */
	private Map rolesByName = new HashMap();

	/** the map of restriction ids vs. restriction objects */
	private Map restrictionsById = new HashMap();

	/** the map of rules ids vs security rules objects. */
	private Map rulesById = new HashMap();


	/* < Security Services implemenation related members */

	/** Resources by Id map */
	private Map resById = new HashMap();

	/** Ids by Resources map */
	private Map idByRes = new HashMap();

	/** the last resource id that has been used */
	private int lastResId = 0;

	/** Namespaces by Id map */
	private Map namespaces = new HashMap();
	/** Literals by Id map */
	private Map literalById = new HashMap();
	/** Ids by Literals map */
	private Map idByLiteral = new HashMap();


	public SecuritySail() {
	}


	/* > */
		/* > RDFSchemaSource implementation */

	public StatementIterator getExplicitStatements(
		Resource subj, URI pred, Value obj)
	{
		StatementIterator si = baseRdfSchemaSource.getExplicitStatements(subj,pred,obj);
		try {
			si = new StatementFilterIterator(si,this,Right.READ);
		}
		catch (Exception e){
			throw new SailInternalException(e);
		}
		return si;
	}

	public boolean hasExplicitStatement(Resource subj, URI pred, Value obj)
	{
		boolean has = baseRdfSchemaSource.hasExplicitStatement(subj,pred,obj);
		if ( has ) {
			has = isStatementAccessible(subj,pred,obj,Right.READ);
		}
		return has;
	}

	public Query optimizeQuery(Query qc) {
		return qc;
	}

	public StatementIterator getClasses() {
		StatementIterator si = baseRdfSchemaSource.getClasses();
		try {
			si = new StatementFilterIterator(si,this,Right.READ);
		} catch (Exception e){
			throw new SailInternalException(e);
		}
		return si;
	}

	public boolean isClass(Resource resource) {
		boolean is = baseRdfSchemaSource.isClass(resource);
		if ( is ) {
			 is = is && isResourceAccessible(resource);
		}
		return is;
	}

	public StatementIterator getProperties() {
		StatementIterator si = baseRdfSchemaSource.getProperties();

		return si;
	}

	public boolean isProperty(Resource resource) {
		boolean is = baseRdfSchemaSource.isProperty(resource);
		if ( is ) {
			is = is && isResourceAccessible(resource);
		}
		return is;
	}

	public StatementIterator getSubClassOf(Resource subClass, Resource superClass) {
		StatementIterator si = baseRdfSchemaSource.getSubClassOf(subClass, superClass);
		try {
			si = new StatementFilterIterator(si, this, Right.READ);
		}
		catch (Exception e){
			throw new SailInternalException(e);
		}
		return si;
	}

	public StatementIterator getDirectSubClassOf(Resource subClass, Resource superClass) {
		StatementIterator si = baseRdfSchemaSource.getDirectSubClassOf(subClass, superClass);
		try {
			si = new StatementFilterIterator(si, this, Right.READ);
		} catch (Exception e){
			throw new SailInternalException(e);
		}
		return si;
	}

	public boolean isSubClassOf(Resource subClass, Resource superClass) {
		boolean is = baseRdfSchemaSource.isSubClassOf(subClass,superClass);
		if ( is ) {
			is = is && isResourceAccessible(subClass);
			is = is && isResourceAccessible(superClass);
		}
		return is;
	}

	public boolean isDirectSubClassOf(Resource subClass, Resource superClass) {
		boolean is = baseRdfSchemaSource.isDirectSubClassOf(subClass,superClass);
		if ( is ) {
			is = is && isResourceAccessible(subClass);
			is = is && isResourceAccessible(superClass);
		}
		return is;
	}

	public StatementIterator getSubPropertyOf(Resource subProperty, Resource superProperty) {
		StatementIterator si = baseRdfSchemaSource.getSubPropertyOf(subProperty, superProperty);
		try {
			si = new StatementFilterIterator(si, this, Right.READ);
		} catch (Exception e){