Class STAuthorizationEvaluator
java.lang.Object
it.uniroma2.art.semanticturkey.security.STAuthorizationEvaluator
- Author:
- Tiziano
-
Constructor Summary
Constructors -
Method Summary
Modifier and TypeMethodDescriptionprotected booleanevaluatePrologGoal(String prologGoal, Collection<Role> userRoles, Project targetForRBAC) booleanisAdmin()Allows request only to system administrator To use like follow:@PreAuthorize("@auth.isAdmin())booleanisAuthorized(String prologCapability, String crudv) To use like follow:@PreAuthorize("@auth.isAuthorized('rdf(concept, taxonomy)', 'R')")For complete documentation seeisAuthorized(String, String, String)booleanisAuthorized(String prologCapability, String userResponsibility, String crudv) booleanisAuthorized(String prologCapability, String userResponsibility, String crudv, String projectName) To use like follow:@PreAuthorize("@auth.isAuthorized('rdf(concept, taxonomy)', '{key1: ''value1'', key2: true}', 'R')")booleanisAuthorizedInProject(String prologCapability, String crudv, String projectName) This is useful for evaluating authorization for a project different from the one indicated in the contextbooleanisConfigurationActionAuthorized(String relativeReference, String crud) booleanAllows request only when the contextual project is public (visibility open).booleanisDefaultSettingsActionAuthorized(Scope scope, Scope defaultScope, String crud) Tells if an action on default settings is authorizedbooleanisFileActionAuthorized(String dir, String crud) Useful for authorizing file operation (read/create file)booleanisLoggedUser(String email) Check if the user that is performing the request has the given email.booleanisLoggedUser(org.eclipse.rdf4j.model.IRI iri) booleanAllows request only when the given project is public (visbility open).booleanisSecretConfigurationActionAuthorized(Scope scope, String crud) booleanisSettingsActionAuthorized(Scope scope, String crud) booleanisSuperUser(boolean strict) Returns true if the logged user is a SuperUser.langof(SpecialValue value) langof(org.eclipse.rdf4j.model.Literal literal) To use at support of isAuthorized like @PreAuthorize("@auth.isAuthorized('rdf(concept)', '{lang: ''' +@auth.langof(#label)+ '''}', 'C')") the three ''' are required because '' represents the double quotes surrounding the map value, the third ' closes (or open) the string to evaluate in isAuthorized() where literal is a method parameter name of type Literallangof(org.eclipse.rdf4j.model.Resource xLabel) Same oflangof(Literal)to use with xLabelscopeForRelativeReference(String relativeReference) typeof(org.eclipse.rdf4j.model.Resource resource) To use at support of isAuthorized like @PreAuthorize("@auth.isAuthorized('rdf(' +@auth.typeof(#individual)+ ')', 'R')") where individual is a method parameter name
-
Constructor Details
-
STAuthorizationEvaluator
public STAuthorizationEvaluator()
-
-
Method Details
-
isAdmin
public boolean isAdmin()Allows request only to system administrator To use like follow:@PreAuthorize("@auth.isAdmin())- Returns:
-
isSuperUser
public boolean isSuperUser(boolean strict) Returns true if the logged user is a SuperUser. Argument strict determines if the user needs to be only SuperUser (strict=true), or "at least" SuperUser, namely even Admin is ok (strict=false).- Parameters:
strict-- Returns:
-
isCtxProjectPublic
public boolean isCtxProjectPublic()Allows request only when the contextual project is public (visibility open). To use like the following:@PreAuthorize("@auth.isCtxProjectPublic()")- Returns:
-
isProjectPublic
public boolean isProjectPublic(String id) throws InvalidProjectNameException, ProjectInexistentException, ProjectAccessException Allows request only when the given project is public (visbility open). To use like the following:@PreAuthorize("@auth.isProjectPublic(#projectNameParam"))- Returns:
- Throws:
InvalidProjectNameExceptionProjectInexistentExceptionProjectAccessException
-
isAuthorizedInProject
public boolean isAuthorizedInProject(String prologCapability, String crudv, String projectName) throws alice.tuprolog.MalformedGoalException, HaltedEngineException, HarmingGoalException, STPropertyAccessException, org.json.JSONException, ProjectAccessException, ProjectInexistentException, InvalidProjectNameException This is useful for evaluating authorization for a project different from the one indicated in the context- Parameters:
prologCapability-crudv-projectName-- Returns:
- Throws:
alice.tuprolog.MalformedGoalExceptionHaltedEngineExceptionHarmingGoalExceptionSTPropertyAccessExceptionorg.json.JSONExceptionProjectAccessExceptionProjectInexistentExceptionInvalidProjectNameException
-
isConfigurationActionAuthorized
-
isSecretConfigurationActionAuthorized
public boolean isSecretConfigurationActionAuthorized(Scope scope, String crud) throws ProjectAccessException, ProjectInexistentException, InvalidProjectNameException, HarmingGoalException, HaltedEngineException, alice.tuprolog.MalformedGoalException, STPropertyAccessException - Throws:
ProjectAccessExceptionProjectInexistentExceptionInvalidProjectNameExceptionHarmingGoalExceptionHaltedEngineExceptionalice.tuprolog.MalformedGoalExceptionSTPropertyAccessException
-
scopeForRelativeReference
-
isSettingsActionAuthorized
public boolean isSettingsActionAuthorized(Scope scope, String crud) throws ProjectAccessException, ProjectInexistentException, InvalidProjectNameException, HarmingGoalException, org.json.JSONException, HaltedEngineException, alice.tuprolog.MalformedGoalException, STPropertyAccessException - Throws:
ProjectAccessExceptionProjectInexistentExceptionInvalidProjectNameExceptionHarmingGoalExceptionorg.json.JSONExceptionHaltedEngineExceptionalice.tuprolog.MalformedGoalExceptionSTPropertyAccessException
-
isDefaultSettingsActionAuthorized
public boolean isDefaultSettingsActionAuthorized(Scope scope, Scope defaultScope, String crud) throws ProjectAccessException, ProjectInexistentException, InvalidProjectNameException, HarmingGoalException, org.json.JSONException, HaltedEngineException, alice.tuprolog.MalformedGoalException, STPropertyAccessException Tells if an action on default settings is authorized- Parameters:
scope-defaultScope-crud-- Returns:
- Throws:
ProjectAccessExceptionProjectInexistentExceptionInvalidProjectNameExceptionHarmingGoalExceptionorg.json.JSONExceptionHaltedEngineExceptionalice.tuprolog.MalformedGoalExceptionSTPropertyAccessException
-
isFileActionAuthorized
public boolean isFileActionAuthorized(String dir, String crud) throws ProjectAccessException, ProjectInexistentException, InvalidProjectNameException, HarmingGoalException, org.json.JSONException, HaltedEngineException, alice.tuprolog.MalformedGoalException, STPropertyAccessException Useful for authorizing file operation (read/create file)- Parameters:
dir-crud-- Returns:
- Throws:
ProjectAccessExceptionProjectInexistentExceptionInvalidProjectNameExceptionHarmingGoalExceptionorg.json.JSONExceptionHaltedEngineExceptionalice.tuprolog.MalformedGoalExceptionSTPropertyAccessException
-
isAuthorized
public boolean isAuthorized(String prologCapability, String crudv) throws alice.tuprolog.MalformedGoalException, HaltedEngineException, HarmingGoalException, STPropertyAccessException, org.json.JSONException, ProjectAccessException, ProjectInexistentException, InvalidProjectNameException To use like follow:@PreAuthorize("@auth.isAuthorized('rdf(concept, taxonomy)', 'R')")For complete documentation seeisAuthorized(String, String, String)- Parameters:
prologCapability-crudv-- Returns:
- Throws:
HarmingGoalExceptionHaltedEngineExceptionTheoryNotFoundExceptionalice.tuprolog.MalformedGoalExceptionalice.tuprolog.InvalidTheoryExceptionSTPropertyAccessExceptionorg.json.JSONExceptionProjectAccessExceptionProjectInexistentExceptionInvalidProjectNameException
-
isAuthorized
public boolean isAuthorized(String prologCapability, String userResponsibility, String crudv) throws HarmingGoalException, org.json.JSONException, HaltedEngineException, alice.tuprolog.MalformedGoalException, STPropertyAccessException, ProjectAccessException, ProjectInexistentException, InvalidProjectNameException - Throws:
HarmingGoalExceptionorg.json.JSONExceptionHaltedEngineExceptionalice.tuprolog.MalformedGoalExceptionSTPropertyAccessExceptionProjectAccessExceptionProjectInexistentExceptionInvalidProjectNameException
-
isAuthorized
public boolean isAuthorized(String prologCapability, String userResponsibility, String crudv, String projectName) throws alice.tuprolog.MalformedGoalException, HaltedEngineException, HarmingGoalException, STPropertyAccessException, org.json.JSONException, ProjectAccessException, ProjectInexistentException, InvalidProjectNameException To use like follow:@PreAuthorize("@auth.isAuthorized('rdf(concept, taxonomy)', '{key1: ''value1'', key2: true}', 'R')")- Parameters:
prologCapability- Expressed in this way<area>(<subject>, <scope>).userResponsibility- A String representing a JSON map serialization like{key1: "value1", key2: "value2"}currently the only handled key is 'lang'crudv- Following the CRUD paradigma, it could be any ofC (create)R (read)U (update)D (delete), plusV (validation).projectName- Name of the project where the capability will be evaluated. If null is provided, it will be considered the context project- Returns:
- Throws:
TheoryNotFoundExceptionalice.tuprolog.InvalidTheoryExceptionHarmingGoalExceptionHaltedEngineExceptionalice.tuprolog.MalformedGoalExceptionSTPropertyAccessExceptionorg.json.JSONExceptionProjectAccessExceptionProjectInexistentExceptionInvalidProjectNameException
-
evaluatePrologGoal
protected boolean evaluatePrologGoal(String prologGoal, Collection<Role> userRoles, Project targetForRBAC) throws alice.tuprolog.MalformedGoalException, HaltedEngineException, HarmingGoalException - Throws:
alice.tuprolog.MalformedGoalExceptionHaltedEngineExceptionHarmingGoalException
-
typeof
To use at support of isAuthorized like @PreAuthorize("@auth.isAuthorized('rdf(' +@auth.typeof(#individual)+ ')', 'R')") where individual is a method parameter name- Parameters:
resource-- Returns:
-
langof
To use at support of isAuthorized like @PreAuthorize("@auth.isAuthorized('rdf(concept)', '{lang: ''' +@auth.langof(#label)+ '''}', 'C')") the three ''' are required because '' represents the double quotes surrounding the map value, the third ' closes (or open) the string to evaluate in isAuthorized() where literal is a method parameter name of type Literal- Parameters:
literal-- Returns:
-
langof
Same oflangof(Literal)to use with xLabel- Parameters:
xLabel-- Returns:
-
langof
-
isLoggedUser
Check if the user that is performing the request has the given email. Useful to the Preauthorize annotation in those services that allow to edit user related staff. This check so is exploited in order to check that the user provided as parameter (which is the subject of the changes), is the logged one- Parameters:
email-- Returns:
-
isLoggedUser
public boolean isLoggedUser(org.eclipse.rdf4j.model.IRI iri)
-