securitysail.java

这是外国一个开源推理机

		boolean result = false;
		/* authenticate */
		SessionContext context = SessionContext.getContext();
		int userId = context.userID;
		/* check */
		User user = (User)usersById.get(new Integer(userId));
		if (null!=user) {
			Set rulz = user.getRules();
			rulz.addAll(RoleImpl.getRules(user.getRoles(),false));
			ArrayList rulis = new ArrayList(rulz);
			for (int i = 0 ; i < rulis.size() ; i++ ) {
				Rule ru = (Rule)rulis.get(i);

				if (!ru.getAddRight() && !ru.getRemoveRight() && !ru.getReadRight()) {
					continue;
				}

				if (right.equals(Right.READ) && !ru.getReadRight() ||
					right.equals(Right.REMOVE) && !ru.getRemoveRight() ||
					right.equals(Right.ADD) && !ru.getAddRight())
				{
					continue;
				}

				Restriction rst = ru.getRestriction();

				if (rst.type == Restriction.REPOSITORY ) {
					result = true;
					break;
				}

				if (rst.type == Restriction.SCHEMA) {
					/* check if the resource is part of the schema */
					if (baseRdfSchemaSource.isType(res,URIImpl.RDFS_CLASS)
						|| baseRdfSchemaSource.isType(res,URIImpl.RDF_PROPERTY)) {
						result = true;
						break;
					} // if
				} // schema

				if (rst.type == Restriction.CLASSES){
					ClassesRestriction cr = (ClassesRestriction) rst;
					ArrayList classes = new ArrayList(cr.getResources());
					for (int j=0; j < classes.size() ; j++) {
						Resource clas = (Resource)classes.get(j);
						if (baseRdfSchemaSource.isType(res,clas)) {
								result = true;
								break;
						}
					} // for classes
					if (result) break;
				} //if classes

				if (rst.type == Restriction.CLASSES_OVER_SCHEMA){
					ResourceRestriction rr = (ResourceRestriction) rst;
					ArrayList classes = new ArrayList(rr.getResources());
					for (int j=0; j < classes.size() ; j++) {
						Resource clas = (Resource)classes.get(j);
						if (baseRdfSchemaSource.isSubClassOf(res,clas)) {
								result = true;
								break;
						}
					} // for classes
					if (result) break;
				} //if classes over schema

				if (rst.type == Restriction.INSTANCES){
					InstancesRestriction ir = (InstancesRestriction) rst;
					ArrayList instances = new ArrayList(ir.getResources());
					for (int j=0; j < instances.size() ; j++) {
						URI clas = (URI)instances.get(j);
						if (res instanceof URI) {
							if ( ((URI)res).getLocalName().equals(clas.getLocalName()) &&
								 ((URI)res).getNamespace().equals(clas.getNamespace()) )
							{
								result = true;
								break;
							}
						}
						else {
							// FIXME what to do for bNodes?
						}
					} // for instances
					if (result) break;
				} //if instances

				if (rst.type == Restriction.QUERY) {
					result = isQuAccessible((QueryRestriction) rst, res);
					if (result) break;
				}

			} //for all rulez
		}	// user not null
		return result;

	} // isResourceAccessible(Resource,Right)


	public boolean isResourceAccessible(Resource res) {
		return isResourceAccessible(res,Right.READ);
	}


	public void addUser(int id, String login, String password, String name) {
		try {
			User user = new UserImpl(id,login,password,name);
			users.add(user);
			usersByLogin.put(login,user);
			usersById.put(new Integer(id),user);
		} catch (Exception e) {
			throw new SailInternalException(e);
		}
	}

	public void removeUser(String login) {
		User user = (User)usersByLogin.get(login);
		if (null!=user) {
			usersByLogin.remove(login);
			users.remove(user);
		}
	}

	public Set getUsers() {
		return users;
	}

	public User getUser(String login) {
		return (User)usersByLogin.get(login);
	}

	public User getUser(int id) {
		return (User)usersById.get(new Integer(id));
	}

	public Role createRole(int id, String name, String description, Set parents) {
		try {
			Role role = new RoleImpl(id,name,description);
			role.setParentRoles(parents);
			roles.add(role);
			rolesByName.put(name,role);
			return role;
		} catch (Exception e) {
			throw new SailInternalException(e);
		}
	}

	public void removeRole(String name) {
		Role role = (Role)rolesByName.get(name);
		if(null!=role) {
			rolesById.remove(new Integer(role.getId()));
			rolesByName.remove(name);
			roles.remove(role);
		}
	}

	public void removeRole(int id) {
		Role role = (Role)rolesById.get(new Integer(id));
		if(null!=role) {
			rolesById.remove(new Integer(id));
			rolesByName.remove(role.getName());
			roles.remove(role);
		}
	}

	public Set getRoles() {
		return roles;
	}

	public Role getRole(String name) {
		return (Role)rolesByName.get(name);
	}

	public Role getRole(int id) {
		return (Role)rolesById.get(new Integer(id));
	} // main

	public Restriction createRestriction(
		int id, int type, String name, String description) throws NullParameterException{
		Restriction restr = null;
		switch(type){
			case Restriction.REPOSITORY : {
				restr = Restriction.createRepositoryRestriction(id,name,description);
				break;
			}
			case Restriction.SCHEMA : {
				restr = Restriction.createSchemaRestriction(id,name,description);
				break;
			}
			case Restriction.QUERY : {
				restr = Restriction.createQueryRestriction(id,name,description);
				break;
			}
			case Restriction.INSTANCES : {
				restr = Restriction.createInstancesRestriction(id,name,description);
				break;
			}
			case Restriction.PATTERN : {
				restr = Restriction.createPatternRestriction(id,name,description);
				break;
			}
			case Restriction.PROPERTIES : {
				restr = Restriction.createPropertiesRestriction(id,name,description);
				break;
			}
			case Restriction.CLASSES : {
				restr = Restriction.createClassesRestriction(id,name,description);
				break;
			}
			case Restriction.CLASSES_OVER_SCHEMA : {
				restr = Restriction.createClassesOverSchemaRestriction(id,name,description);
				break;
			}
			default: {
				throw new SailInternalException("Unknown restriction type ["+type+"].");
			}
		} // switch

		restrictionsById.put(new Integer(id),restr);

		return restr;

	}// createRestriction(int,int,string,string)

	public Restriction getRestriction(int id) {
		return (Restriction) restrictionsById.get(new Integer(id));
	}

	/**
	 * Exports the Security Policy to a Sail. To be used with an In-Memory sail
	 * for example (org.openrdf.sesame.sail.memory.RdfRepository).
	 * 
	 * @param repos the RdfRepository to export to
	 */
	public void exportPolicy(RdfRepository repos){
		// definitions of resources used to describe the policy
		URI proId = new URIImpl(BASE_KCS_URI+"id");
		URI proName = new URIImpl(BASE_KCS_URI+"name");
		URI proDescr = new URIImpl(BASE_KCS_URI+"descritpion");
		URI proSuperRole = new URIImpl(BASE_KCS_URI+"superRole");
		URI proIncludeRule = new URIImpl(BASE_KCS_URI+"includeRule");
		URI proRuleRestriction = new URIImpl(BASE_KCS_URI+"ruleRestriction");
		URI proRightsGranted = new URIImpl(BASE_KCS_URI+"rightsGranted");
		URI proRestrictionType = new URIImpl(BASE_KCS_URI+"restrictionType");
		URI proIncludeProperty = new URIImpl(BASE_KCS_URI+"includeProperty");

		URI proSubjectRestr = new URIImpl(BASE_KCS_URI+"subjectRestr");
		URI proPredicateRestr = new URIImpl(BASE_KCS_URI+"predicateRestr");
		URI proObjectRestr = new URIImpl(BASE_KCS_URI+"objectRestr");

		URI proRestrOnQuery = new URIImpl(BASE_KCS_URI+"restrOnQuery");

		URI proIncludeResource = new URIImpl(BASE_KCS_URI+"includeResource");

		URI proRdfType = new URIImpl(RDF.TYPE);

		URI proHasRole = new URIImpl(BASE_KCS_URI+"hasRole");

		URI proHasRule = new URIImpl(BASE_KCS_URI+"hasRule");


		URI resRole = new URIImpl(BASE_KCS_URI+"Role");

		URI resRule = new URIImpl(BASE_KCS_URI+"SecurityRule");

		URI resRepositRestr = new URIImpl(BASE_KCS_URI+"RepositoryRestriction");

		URI resSchemaRestr = new URIImpl(BASE_KCS_URI+"SchemaRestriction");

		URI resClassesRestr = new URIImpl(BASE_KCS_URI+"ClassesRestriction");

		URI resInstancesRestr = new URIImpl(BASE_KCS_URI+"InstancesRestriction");

		URI resClassesOverSchemaRestr = new URIImpl(BASE_KCS_URI+"ClassesOverSchemaRestriction");

		URI resPaternRestr = new URIImpl(BASE_KCS_URI+"PatternRestriction");

		URI resPropertiesRestr = new URIImpl(BASE_KCS_URI+"PropertiesRestriction");

		URI resQueryRestr = new URIImpl(BASE_KCS_URI+"QueryRestriction");


		URI resUser = new URIImpl(BASE_KCS_URI+"User");

		URI resRestriction = new URIImpl(BASE_KCS_URI+"Restriction");


		repos.startTransaction();
		try {
			repos.clearRepository();
		}
		catch (SailUpdateException e) {
			throw new RuntimeException(e);
		}
		repos.commitTransaction();

		ArrayList userz = new ArrayList(users);
		ArrayList queList = new ArrayList();
		ArrayList rolz = new ArrayList(roles);
		Set rulez = new HashSet(RoleImpl.getRules(roles,false));

		try {
			for ( int ui = 0; ui<userz.size() ; ui++) {
				User usr = (User) userz.get(ui);
				rulez.addAll(usr.getRules());
				// current user
				URI resCUser = new URIImpl(usr.getUri());
				repos.addStatement(resCUser,proRdfType,resUser);
				repos.addStatement(resCUser,proId,new LiteralImpl(Integer.toString(usr.getId())));
				ArrayList userRulz = new ArrayList(usr.getRules());
				for ( int i = 0 ; i < userRulz.size() ; i++ ) {
					repos.addStatement(resCUser,proHasRule,
					new URIImpl(((Rule)userRulz.get(i)).getUri()));
				}
				ArrayList userRolz = new ArrayList(usr.getRoles());
				for ( int i = 0 ; i < userRolz.size() ; i++ ) {
					repos.addStatement(resCUser,proHasRole,
					new URIImpl(((Role)userRolz.get(i)).getUri()));
				}

			} // for userz
		}
		catch(Exception x){
			throw new SailInternalException(x);
		}

		try {
			for ( int roi = 0 ; roi < rolz.size(); roi++) {
				Role role = (Role)rolz.get(roi);
				rulez.addAll(role.getRules(true));

				// current role
				URI resCRole = new URIImpl(role.getUri());
				repos.addStatement(resCRole,proRdfType,resRole);
				repos.addStatement(resCRole,proId,new LiteralImpl(Integer.toString(role.getId())));
				repos.addStatement(resCRole,proName,new LiteralImpl(role.getName()));
				repos.addStatement(resCRole,proDescr,new LiteralImpl(role.getDescription()));

				ArrayList parents = new ArrayList(role.getParentRoles());

				for (int i = 0 ; i < parents.size() ; i++ ) {
					Role pRole = (Role)parents.get(i);
					repos.addStatement(resCRole, proSuperRole,
														 new URIImpl(pRole.getUri()));
				} // for

				ArrayList rulzList = new ArrayList(role.getRules(true));

				for (int i = 0 ; i < rulzList.size() ; i++ ) {
					Rule rule = (Rule)rulzList.get(i);
					repos.addStatement(resCRole,proIncludeRule,
														 new URIImpl(rule.getUri()));
				} // for
			} // for rolz
		}
		catch(Exception x){
			throw new SailInternalException(x);
		}

		// rules
		try {
			ArrayList rulz = new ArrayList(rulez);
			for (int rui=0; rui<rulz.size(); rui++) {
				Rule rule = (Rule)rulz.get(rui);
				URI resCRule = new URIImpl(rule.getUri());
				repos.addStatement(resCRule,proRdfType,resRule);
				repos.addStatement(resCRule,proId,new LiteralImpl(Integer.toString(rule.getId())));
				repos.addStatement(resCRule,proName,new LiteralImpl(rule.getName()));
				repos.addStatement(resCRule,proRuleRestriction, new URIImpl(rule.getRestriction().getUri()));
				repos.addStatement(resCRule,proDescr,new LiteralImpl(rule.getDescription()));

				if (rule.getReadRight())
					repos.addStatement(resCRule,proRightsGranted,new LiteralImpl(Right.READ.toString()));
				if (rule.getRemoveRight())
					repos.addStatement(resCRule,proRightsGranted,new LiteralImpl(Right.REMOVE.toString()));
		 		if (rule.getAddRight())
					repos.addStatement(resCRule,proRightsGranted,new LiteralImpl(Right.ADD.toString()));
				if (rule.getAdminRight())
					repos.addStatement(resCRule,proRightsGranted,new LiteralImpl(Right.ADMIN.toString()));
				if (rule.getHistoryRight())
					repos.addStatement(resCRule,proRightsGranted,new LiteralImpl(Right.HISTORY.toString()));
			} // for rulz
		}
		catch(Exception x){
			throw new SailInternalException(x);
		}

		try {
			ArrayList restrz = new ArrayList(Restriction.getRestrictions());
			for (int ri = 0; ri < restrz.size(); ri++) {
				Restriction r = (Restriction)restrz.get(ri);
				// current restriction
				URI resCR = new URIImpl (r.getUri());
				repos.addStatement(resCR, proId,new LiteralImpl(Integer.toString(r.getId())));
				repos.addStatement(resCR, proName,new LiteralImpl(r.getName()));
				repos.addStatement(resCR, proDescr,new LiteralImpl(r.getDescription()));
				repos.addStatement(resCR, proRestrictionType,new LiteralImpl(Restriction.type2String(r.getType())));
				int type = r.getType();

				switch (type) {
					case 1 : repos.addStatement(resCR,proRdfType,resRepositRestr);break;