securitysail.java

这是外国一个开源推理机

			versionMngmt.workWithState(stateUID);
	}

	public Iterator getVersions() {
		Iterator i = new ArrayList().iterator();
		if ( isVersionTrackingAccessible() )
			i = versionMngmt.getVersions();
		return i;
	}

	public void lockStatements(Iterator statementsList) {
		if ( isVersionTrackingAccessible() )
			versionMngmt.lockStatements(statementsList);
	}

	public void unlockStatements(Iterator statementsList) {
		if ( isVersionTrackingAccessible() )
			versionMngmt.unlockStatements(statementsList);
	}

	public Iterator getUpdateIds() {
		Iterator i = new ArrayList().iterator();
		if ( isVersionTrackingAccessible() )
			i= versionMngmt.getUpdateIds();
		return i;
	}

	public void pauseCounterIncrement() {
		if ( isVersionTrackingAccessible() )
			versionMngmt.pauseCounterIncrement();
	}

	public void continueCounterIncrement() {
		if ( isVersionTrackingAccessible() )
			versionMngmt.continueCounterIncrement();
	}

	public boolean isPausedCounterIncrement() {
		if ( isVersionTrackingAccessible() )
			return versionMngmt.isPausedCounterIncrement();
		return false;
	}

	public Iterator getVersionIds() {
		Iterator i = new ArrayList().iterator();
		if ( isVersionTrackingAccessible() )
			i= versionMngmt.getVersionIds();
		return i;
	}

	/* MetaInfo Retrieval Methods */

	public Map getMetaInfo(String subj, String pred, String obj) {
		Map mi = new HashMap();
		if ( isVersionTrackingAccessible() )
			mi = versionMngmt.getMetaInfo(subj,pred,obj);
		return mi;
	}

	public Map getUpdateMetaInfo(String updateId) {
		Map mi = new HashMap();
		if ( isVersionTrackingAccessible() )
			mi = versionMngmt.getUpdateMetaInfo(updateId);
		return mi;
	}

	public Map getVersionMetaInfo(String versionId) {
		Map mi = new HashMap();
		if ( isVersionTrackingAccessible() )
			mi = versionMngmt.getVersionMetaInfo(versionId);
		return mi;
	}

/* < Version Management implementation */

/* > SecurityServices implementation */
	public int getResourceId(Resource res) throws SecurityException{
		Integer i = (Integer)idByRes.get(res);
		if (null == i) {
			throw new SecurityException("Id not found for resource:\n" +res);
		}
		int ii = i.intValue();
		return ii;
	}

	public Resource getResource(int id) {
		Resource res = (Resource)resById.get(new Integer(id));
		return res;
	}

	public boolean isVersionTrackingAccessible() {
		return isRepositoryAccessible(Right.ADMIN) && versionMngmt != null;
	}// isVersionTrackingAccessible(Right)

	public boolean isSchemaAccessible(Right right) {
		boolean result = false;
		/* authenticate */
		SessionContext context = SessionContext.getContext();
		int userId = context.userID;
		/* check */
		User user = (User)usersById.get(new Integer(userId));
		if (null!=user) {
			Set rulz = user.getRules();
			rulz.addAll(RoleImpl.getRules(user.getRoles(),false));
			ArrayList rulis = new ArrayList(rulz);
			for (int i = 0 ; i < rulis.size() ; i++ ) {
				Rule ru = (Rule)rulis.get(i);
				Restriction rst = ru.getRestriction();
				if (rst.getType() != Restriction.REPOSITORY
					&&	rst.getType() != Restriction.SCHEMA) {
						continue;
				}

				if ( right.equals(Right.READ) ) {
					if (ru.getReadRight()) {
						result = true;
						break;
					}
				}

				if ( right.equals(Right.ADD) ) {
					if (ru.getAddRight()) {
						result = true;
						break;
					}
				}

				if ( right.equals(Right.REMOVE) ) {
					if (ru.getRemoveRight()) {
						result = true;
						break;
					}
				}
			} // for rules
		} // if user
		return result;
	} // isSchemaAccessible(Right)

	public boolean isRepositoryAccessible(Right right) {
		boolean result = false;
		/* authenticate */
		SessionContext context = SessionContext.getContext();
		int userId = context.userID;
		/* check */
		User user = (User)usersById.get(new Integer(userId));
		if (null!=user) {
			Set rulz = user.getRules();
			rulz.addAll(RoleImpl.getRules(user.getRoles(),false));
			ArrayList rulis = new ArrayList(rulz);
			for (int i = 0 ; i < rulis.size() ; i++ ) {
				Rule ru = (Rule)rulis.get(i);
				Restriction rst = ru.getRestriction();
				if (rst.getType() != Restriction.REPOSITORY) {
					continue;
				}
				if ( right.equals(Right.READ) ) {
					if (ru.getReadRight()) {
						result = true;
						break;
					}
				}

				if ( right.equals(Right.REMOVE) ) {
					if (ru.getRemoveRight()) {
						result = true;
						break;
					}
				}

				if ( right.equals(Right.ADMIN) ) {
					if (ru.getAdminRight()) {
						result = true;
						break;
					}
				}

				if ( right.equals(Right.HISTORY) ) {
					if (ru.getHistoryRight()) {
						result = true;
						break;
					}
				}


			} // for rules
		} // if user
		return result;
	} // isRepositoryAccessible(Right)

	public boolean isStatementAccessible(Resource subj, URI pred, Value obj, Right right) {
		boolean result = false;
		/* authenticate */
		SessionContext context = SessionContext.getContext();
		int userId = context.userID;
		/* check */
		User user = (User)usersById.get(new Integer(userId));
		if (null!=user) {
			Set rulz = user.getRules();
			rulz.addAll(RoleImpl.getRules(user.getRoles(),false));
			ArrayList rulis = new ArrayList(rulz);
			for (int i = 0 ; i < rulis.size() ; i++ ) {
				Rule ru = (Rule)rulis.get(i);

				if (!ru.getAddRight() && !ru.getRemoveRight() && !ru.getReadRight()) {
					continue;
				}

				if (right.equals(Right.READ) && !ru.getReadRight() ||
					right.equals(Right.REMOVE) && !ru.getRemoveRight() ||
					right.equals(Right.ADD) && !ru.getAddRight())
				{
					continue;
				}

				Restriction rst = ru.getRestriction();

				if (rst.type == Restriction.REPOSITORY ) {
					// OPTIMIZE
					result = true;
					break;
				}

				if (rst.type == Restriction.SCHEMA) {
					/* check if the subject is part of the schema */
					if (baseRdfSchemaSource.isType(subj,URIImpl.RDFS_CLASS) ||
						baseRdfSchemaSource.isType(subj,URIImpl.RDF_PROPERTY))
					{
						result = true;
						break;
					} // if
				} // schema

				/*
				 * CHECK SUBJECT : IF ACCESSIBLE : THEN THE WHOLE STATEMENT IS
				 * ACCESSIBLE
				 */
				if (isResourceAccessible(subj,right)) {
					result = true;
					break;
				}



				/* PROPERTIES */
				if (rst.type == Restriction.PROPERTIES) {
					PropertiesRestriction propr = (PropertiesRestriction) rst;
					ArrayList props = new ArrayList(propr.getProperties());
					for (int pi = 0 ; pi < props.size() ; pi++ ) {
						Resource prop = (Resource)props.get(pi);
						if ( baseRdfSchemaSource.isSubPropertyOf(pred,prop) ) {
							result = true;
							break;
						}
					} // for properties
					if ( result ) break;
				} // Properties

				/* PATTERN */
				if (rst.type == Restriction.PATTERN ) {

					boolean subjAccessible = true ;
					boolean predAccessible = true ;
					boolean objAccessible = true ;

					PatternRestriction pat = (PatternRestriction) rst;
					/* SUBJECT */
					ArrayList subjs = new ArrayList( pat.getSubjectRestrictions());
					for ( int si = 0 ; si < subjs.size() ; si++ ) {
						subjAccessible = false;
						ResourceRestriction sr = (ResourceRestriction)subjs.get(si);
						ArrayList resList = new ArrayList(sr.getResources());
						for ( int ri=0 ; ri < resList.size() ; ri++) {
							Resource reso = (Resource) resList.get(ri);
							if (sr.getType() == Restriction.CLASSES) {
								if (baseRdfSchemaSource.isType(subj,reso)) {
									subjAccessible = true;
									break;
								}
							} else {
								if (sr.getType() == Restriction.CLASSES_OVER_SCHEMA) {
									if (baseRdfSchemaSource.isSubClassOf(subj,reso)) {
										subjAccessible = true;
										break;
									}
								} else {
									if (sr.getType() == Restriction.INSTANCES) {
										if (subj.equals(reso)) {
											subjAccessible = true;
											break;
										}
									} else {
											throw new SailInternalException(
											"Object Restrictions (part of the Pattern Restriction)\n "+
											"should be of type ClassesRestriction or InstancesRestriction");
									}
								}
							} // else

						} // for reslist
						if (subjAccessible) break;
					}	// for subjectrestrs

					/* PREDICATE */
					ArrayList preds = new ArrayList( pat.getPredicateRestrictions());
					for ( int predi = 0 ; predi < preds.size() ; predi++ ) {
						predAccessible = false;
						PropertiesRestriction pr = (PropertiesRestriction)preds.get(predi);
						ArrayList propList = new ArrayList(pr.getProperties());
						for ( int propi = 0 ; propi < propList.size(); propi++) {
							Resource prop = (Resource)propList.get(propi);
							if ( baseRdfSchemaSource.isSubPropertyOf(pred,prop)){
								 predAccessible = true;
								 break;
							}
						} // for propi
						if ( predAccessible ) break;
					} // for predi




					/* OBJECT */
					ArrayList objs = new ArrayList( pat.getObjectRestrictions());
					for ( int obji = 0 ; obji < objs.size() ; obji++ ) {
						objAccessible = false;

						Object objRestr = objs.get(obji);
						if (objRestr instanceof Literal) {
							Value val = (Value) objRestr;
							if ( val.equals(obj)) {
								objAccessible = true;
								break;
							}
						} else {
							if (objRestr instanceof ResourceRestriction) {
								ResourceRestriction rr = (ResourceRestriction)objRestr;
								ArrayList resList = new ArrayList(rr.getResources());
								for ( int ri=0 ; ri < resList.size() ; ri++) {
									Resource reso = (Resource) resList.get(ri);
									if (rr.getType() == Restriction.CLASSES) {
										if (obj instanceof Resource &&
											baseRdfSchemaSource.isType((Resource)obj,reso))
										{
											objAccessible = true;
											break;
										}
									}
									else if (rr.getType() == Restriction.CLASSES_OVER_SCHEMA) {
										if (obj instanceof Resource &&
											baseRdfSchemaSource.isSubClassOf((Resource)obj,reso))
										{
											objAccessible = true;
											break;
										}
									}
									else if (rr.getType() == Restriction.INSTANCES) {
										if (obj.equals(reso)) {
											objAccessible = true;
											break;
										}
									} // else

								} // for reslist

							} else {
								throw new SailInternalException(
									"The Object's Restrictions (in a Pattern restriction) should be \n"+
									"either a Literal, either a ResourceRestriction.");
							}
						} //else

						if ( objAccessible ) break;
					} // for obji



					if ( subjAccessible && predAccessible && objAccessible ) {
						result = true;
						break;
					}
				} // PATTERN

			} //for all rulez
		}	// user not null
		return result;
	} //isStatementAccessible(Resource,URI,Value,Right)

	public boolean isStatementAccessible(org.openrdf.model.Statement st,Right right) {
		return isStatementAccessible(st.getSubject(),st.getPredicate(),st.getObject(),right);
	} // isStatementAccessible(Statement,Right)

	public boolean isValueAccessible(Value val) {
		boolean is = true;
		if ( val instanceof Resource) {
			is = isResourceAccessible((Resource)val);
		}
		return is;
	}

	public boolean isResourceAccessible(Resource res, Right right) {