jena-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From a...@apache.org
Subject [12/24] jena git commit: Module jena-seurity becomes jena-permissions
Date Fri, 24 Apr 2015 12:20:10 GMT
http://git-wip-us.apache.org/repos/asf/jena/blob/b712fb28/jena-security/LICENSE
----------------------------------------------------------------------
diff --git a/jena-security/LICENSE b/jena-security/LICENSE
deleted file mode 100644
index d645695..0000000
--- a/jena-security/LICENSE
+++ /dev/null
@@ -1,202 +0,0 @@
-
-                                 Apache License
-                           Version 2.0, January 2004
-                        http://www.apache.org/licenses/
-
-   TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION
-
-   1. Definitions.
-
-      "License" shall mean the terms and conditions for use, reproduction,
-      and distribution as defined by Sections 1 through 9 of this document.
-
-      "Licensor" shall mean the copyright owner or entity authorized by
-      the copyright owner that is granting the License.
-
-      "Legal Entity" shall mean the union of the acting entity and all
-      other entities that control, are controlled by, or are under common
-      control with that entity. For the purposes of this definition,
-      "control" means (i) the power, direct or indirect, to cause the
-      direction or management of such entity, whether by contract or
-      otherwise, or (ii) ownership of fifty percent (50%) or more of the
-      outstanding shares, or (iii) beneficial ownership of such entity.
-
-      "You" (or "Your") shall mean an individual or Legal Entity
-      exercising permissions granted by this License.
-
-      "Source" form shall mean the preferred form for making modifications,
-      including but not limited to software source code, documentation
-      source, and configuration files.
-
-      "Object" form shall mean any form resulting from mechanical
-      transformation or translation of a Source form, including but
-      not limited to compiled object code, generated documentation,
-      and conversions to other media types.
-
-      "Work" shall mean the work of authorship, whether in Source or
-      Object form, made available under the License, as indicated by a
-      copyright notice that is included in or attached to the work
-      (an example is provided in the Appendix below).
-
-      "Derivative Works" shall mean any work, whether in Source or Object
-      form, that is based on (or derived from) the Work and for which the
-      editorial revisions, annotations, elaborations, or other modifications
-      represent, as a whole, an original work of authorship. For the purposes
-      of this License, Derivative Works shall not include works that remain
-      separable from, or merely link (or bind by name) to the interfaces of,
-      the Work and Derivative Works thereof.
-
-      "Contribution" shall mean any work of authorship, including
-      the original version of the Work and any modifications or additions
-      to that Work or Derivative Works thereof, that is intentionally
-      submitted to Licensor for inclusion in the Work by the copyright owner
-      or by an individual or Legal Entity authorized to submit on behalf of
-      the copyright owner. For the purposes of this definition, "submitted"
-      means any form of electronic, verbal, or written communication sent
-      to the Licensor or its representatives, including but not limited to
-      communication on electronic mailing lists, source code control systems,
-      and issue tracking systems that are managed by, or on behalf of, the
-      Licensor for the purpose of discussing and improving the Work, but
-      excluding communication that is conspicuously marked or otherwise
-      designated in writing by the copyright owner as "Not a Contribution."
-
-      "Contributor" shall mean Licensor and any individual or Legal Entity
-      on behalf of whom a Contribution has been received by Licensor and
-      subsequently incorporated within the Work.
-
-   2. Grant of Copyright License. Subject to the terms and conditions of
-      this License, each Contributor hereby grants to You a perpetual,
-      worldwide, non-exclusive, no-charge, royalty-free, irrevocable
-      copyright license to reproduce, prepare Derivative Works of,
-      publicly display, publicly perform, sublicense, and distribute the
-      Work and such Derivative Works in Source or Object form.
-
-   3. Grant of Patent License. Subject to the terms and conditions of
-      this License, each Contributor hereby grants to You a perpetual,
-      worldwide, non-exclusive, no-charge, royalty-free, irrevocable
-      (except as stated in this section) patent license to make, have made,
-      use, offer to sell, sell, import, and otherwise transfer the Work,
-      where such license applies only to those patent claims licensable
-      by such Contributor that are necessarily infringed by their
-      Contribution(s) alone or by combination of their Contribution(s)
-      with the Work to which such Contribution(s) was submitted. If You
-      institute patent litigation against any entity (including a
-      cross-claim or counterclaim in a lawsuit) alleging that the Work
-      or a Contribution incorporated within the Work constitutes direct
-      or contributory patent infringement, then any patent licenses
-      granted to You under this License for that Work shall terminate
-      as of the date such litigation is filed.
-
-   4. Redistribution. You may reproduce and distribute copies of the
-      Work or Derivative Works thereof in any medium, with or without
-      modifications, and in Source or Object form, provided that You
-      meet the following conditions:
-
-      (a) You must give any other recipients of the Work or
-          Derivative Works a copy of this License; and
-
-      (b) You must cause any modified files to carry prominent notices
-          stating that You changed the files; and
-
-      (c) You must retain, in the Source form of any Derivative Works
-          that You distribute, all copyright, patent, trademark, and
-          attribution notices from the Source form of the Work,
-          excluding those notices that do not pertain to any part of
-          the Derivative Works; and
-
-      (d) If the Work includes a "NOTICE" text file as part of its
-          distribution, then any Derivative Works that You distribute must
-          include a readable copy of the attribution notices contained
-          within such NOTICE file, excluding those notices that do not
-          pertain to any part of the Derivative Works, in at least one
-          of the following places: within a NOTICE text file distributed
-          as part of the Derivative Works; within the Source form or
-          documentation, if provided along with the Derivative Works; or,
-          within a display generated by the Derivative Works, if and
-          wherever such third-party notices normally appear. The contents
-          of the NOTICE file are for informational purposes only and
-          do not modify the License. You may add Your own attribution
-          notices within Derivative Works that You distribute, alongside
-          or as an addendum to the NOTICE text from the Work, provided
-          that such additional attribution notices cannot be construed
-          as modifying the License.
-
-      You may add Your own copyright statement to Your modifications and
-      may provide additional or different license terms and conditions
-      for use, reproduction, or distribution of Your modifications, or
-      for any such Derivative Works as a whole, provided Your use,
-      reproduction, and distribution of the Work otherwise complies with
-      the conditions stated in this License.
-
-   5. Submission of Contributions. Unless You explicitly state otherwise,
-      any Contribution intentionally submitted for inclusion in the Work
-      by You to the Licensor shall be under the terms and conditions of
-      this License, without any additional terms or conditions.
-      Notwithstanding the above, nothing herein shall supersede or modify
-      the terms of any separate license agreement you may have executed
-      with Licensor regarding such Contributions.
-
-   6. Trademarks. This License does not grant permission to use the trade
-      names, trademarks, service marks, or product names of the Licensor,
-      except as required for reasonable and customary use in describing the
-      origin of the Work and reproducing the content of the NOTICE file.
-
-   7. Disclaimer of Warranty. Unless required by applicable law or
-      agreed to in writing, Licensor provides the Work (and each
-      Contributor provides its Contributions) on an "AS IS" BASIS,
-      WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
-      implied, including, without limitation, any warranties or conditions
-      of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A
-      PARTICULAR PURPOSE. You are solely responsible for determining the
-      appropriateness of using or redistributing the Work and assume any
-      risks associated with Your exercise of permissions under this License.
-
-   8. Limitation of Liability. In no event and under no legal theory,
-      whether in tort (including negligence), contract, or otherwise,
-      unless required by applicable law (such as deliberate and grossly
-      negligent acts) or agreed to in writing, shall any Contributor be
-      liable to You for damages, including any direct, indirect, special,
-      incidental, or consequential damages of any character arising as a
-      result of this License or out of the use or inability to use the
-      Work (including but not limited to damages for loss of goodwill,
-      work stoppage, computer failure or malfunction, or any and all
-      other commercial damages or losses), even if such Contributor
-      has been advised of the possibility of such damages.
-
-   9. Accepting Warranty or Additional Liability. While redistributing
-      the Work or Derivative Works thereof, You may choose to offer,
-      and charge a fee for, acceptance of support, warranty, indemnity,
-      or other liability obligations and/or rights consistent with this
-      License. However, in accepting such obligations, You may act only
-      on Your own behalf and on Your sole responsibility, not on behalf
-      of any other Contributor, and only if You agree to indemnify,
-      defend, and hold each Contributor harmless for any liability
-      incurred by, or claims asserted against, such Contributor by reason
-      of your accepting any such warranty or additional liability.
-
-   END OF TERMS AND CONDITIONS
-
-   APPENDIX: How to apply the Apache License to your work.
-
-      To apply the Apache License to your work, attach the following
-      boilerplate notice, with the fields enclosed by brackets "[]"
-      replaced with your own identifying information. (Don't include
-      the brackets!)  The text should be enclosed in the appropriate
-      comment syntax for the file format. We also recommend that a
-      file or class name and description of purpose be included on the
-      same "printed page" as the copyright notice for easier
-      identification within third-party archives.
-
-   Copyright [yyyy] [name of copyright owner]
-
-   Licensed under the Apache License, Version 2.0 (the "License");
-   you may not use this file except in compliance with the License.
-   You may obtain a copy of the License at
-
-       http://www.apache.org/licenses/LICENSE-2.0
-
-   Unless required by applicable law or agreed to in writing, software
-   distributed under the License is distributed on an "AS IS" BASIS,
-   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-   See the License for the specific language governing permissions and
-   limitations under the License.

http://git-wip-us.apache.org/repos/asf/jena/blob/b712fb28/jena-security/NOTICE
----------------------------------------------------------------------
diff --git a/jena-security/NOTICE b/jena-security/NOTICE
deleted file mode 100644
index d4e11ad..0000000
--- a/jena-security/NOTICE
+++ /dev/null
@@ -1,5 +0,0 @@
-Apache Jena - Security module
-Copyright 2011, 2012, 2013, 2014, 2015 The Apache Software Foundation
-
-This product includes software developed at
-The Apache Software Foundation (http://www.apache.org/).

http://git-wip-us.apache.org/repos/asf/jena/blob/b712fb28/jena-security/license-header.txt
----------------------------------------------------------------------
diff --git a/jena-security/license-header.txt b/jena-security/license-header.txt
deleted file mode 100644
index 2114391..0000000
--- a/jena-security/license-header.txt
+++ /dev/null
@@ -1,15 +0,0 @@
-Licensed to the Apache Software Foundation (ASF) under one
-or more contributor license agreements.  See the NOTICE file
-distributed with this work for additional information
-regarding copyright ownership.  The ASF licenses this file
-to you under the Apache License, Version 2.0 (the
-"License"); you may not use this file except in compliance
-with the License.  You may obtain a copy of the License at
-
-    http://www.apache.org/licenses/LICENSE-2.0
-    
-Unless required by applicable law or agreed to in writing, software
-distributed under the License is distributed on an "AS IS" BASIS,
-WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-See the License for the specific language governing permissions and
-limitations under the License.
\ No newline at end of file

http://git-wip-us.apache.org/repos/asf/jena/blob/b712fb28/jena-security/pom.xml
----------------------------------------------------------------------
diff --git a/jena-security/pom.xml b/jena-security/pom.xml
deleted file mode 100644
index 470c22d..0000000
--- a/jena-security/pom.xml
+++ /dev/null
@@ -1,203 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-
-<!--
-   Licensed to the Apache Software Foundation (ASF) under one or more
-   contributor license agreements.  See the NOTICE file distributed with
-   this work for additional information regarding copyright ownership.
-   The ASF licenses this file to You under the Apache License, Version 2.0
-   (the "License"); you may not use this file except in compliance with
-   the License.  You may obtain a copy of the License at
-
-       http://www.apache.org/licenses/LICENSE-2.0
-
-   Unless required by applicable law or agreed to in writing, software
-   distributed under the License is distributed on an "AS IS" BASIS,
-   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-   See the License for the specific language governing permissions and
-   limitations under the License.
--->
-
-<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
-  <modelVersion>4.0.0</modelVersion>
-  <groupId>org.apache.jena</groupId>
-  <artifactId>jena-security</artifactId>
-  <version>3.0.0-SNAPSHOT</version>
-  <properties>
-    <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
-    <project.reporting.outputEncoding>UTF-8</project.reporting.outputEncoding>
-  </properties>
-  <name>Apache Jena - Security</name>
-  <description>Security (Permissions) wrapper around Jena RDF implementation.</description>
-  <url>http://jena.apache.org/documentation/security</url>
-  <inceptionYear>2012</inceptionYear>
-
-  <parent>
-    <groupId>org.apache.jena</groupId>
-    <artifactId>jena-parent</artifactId>
-    <version>14-SNAPSHOT</version>
-    <relativePath>../jena-parent</relativePath>
-  </parent>
-	<organization>
-		 <name>The Apache Software Foundation</name>
-    	<url>http://www.apache.org/</url>
-	</organization>
-	<issueManagement>
-		<url>http://issues.apache.org/jira/browse/JENA</url>
-		<system>JIRA</system>
-	</issueManagement>
-	<repositories>
-		<repository>
-			<id>apache-snapshots-repo</id>
-			<url>https://repository.apache.org/content/repositories/snapshots/</url>
-		</repository>
-		<repository>
-			<id>apache-staging-repo</id>
-			<url>https://repository.apache.org/content/repositories/staging/</url>
-		</repository>
-		<repository>
-			<id>apache-releases-repo</id>
-			<url>https://repository.apache.org/content/repositories/releases/</url>
-		</repository>
-	</repositories>
-	<build>
-		<plugins>
-			<plugin>
-	        	<groupId>org.codehaus.mojo</groupId>
-	        	<artifactId>build-helper-maven-plugin</artifactId>
-	        	<version>1.9.1</version>
-	        	<executions>
-	          		<execution>
-	            		<id>add-example-source</id>
-	            		<phase>generate-sources</phase>
-	            		<goals>
-	              			<goal>add-source</goal>
-	            		</goals>
-	            		<configuration>
-	              			<sources>
-	                			<source>src/example/java</source>
-	              			</sources>
-	            		</configuration>
-	          		</execution>
-	          		<execution>
-	            		<id>add-example-resource</id>
-	            		<phase>generate-sources</phase>
-	            		<goals>
-	              			<goal>add-resource</goal>
-	            		</goals>
-	            		<configuration>
-	              			<resources>
-	                			<resource>
-	                				<directory>src/example/resources</directory>
-	                				<targetPath>${project.build.outputDirectory}</targetPath>
-	                			</resource>
-	              			</resources>
-	            		</configuration>
-	          		</execution>
-	        	</executions>
-	      	</plugin>
-			<plugin>
-				<groupId>org.apache.maven.plugins</groupId>
-				<artifactId>maven-javadoc-plugin</artifactId>
-				<!--  <version>2.9</version> -->
-				<configuration>
-					<excludePackageNames>org.apache.jena.security.example:org.apache.jena.security.example.*</excludePackageNames>
-					<tags>
-						<tag>
-							<name>sec.graph</name>
-							<!-- tag for all places -->
-							<placement>a</placement>
-							<head>Required graph permissions:</head>
-						</tag>
-						<tag>
-							<name>sec.triple</name>
-							<!-- tag for all places -->
-							<placement>a</placement>
-							<head>Required triple permissions:</head>
-						</tag>
-					</tags>
-					<overview>${basedir}/src/main/overview.html</overview>
-					 
-				</configuration>
-				<executions>
-					<execution>
-						<id>attach-javadocs</id>
-						<goals>
-							<goal>jar</goal>
-						</goals>
-					</execution>
-				</executions>
-			</plugin>
-			<plugin>
-				<groupId>org.apache.maven.plugins</groupId>
-				<artifactId>maven-jar-plugin</artifactId>
-				<configuration>
-              		<excludes>
-                		<exclude>org/apache/jena/security/example/**</exclude>
-              		</excludes>
-            	</configuration>
-				<executions>
-					<execution>
-						<id>create-test-jar</id>
-						<goals>
-							<goal>test-jar</goal>
-						</goals>
-					</execution>
-					<execution>
-						<id>create-example-jar</id>
-		            	<phase>package</phase>
-		            	<goals>
-		              		<goal>jar</goal>
-		            	</goals>
-		            	<configuration>
-		            		<classedDirectory>target</classedDirectory>
-		              		<classifier>example</classifier>
-		              		<includes>
-		                		<include>../src/example/**</include>
-		                		<include>../src/example</include>
-		                		<include>META-INF/**</include>
-		                		<include>org/apache/jena/security/example/**</include>
-		              		</includes>
-		              		<excludes>
-		              			<exclude>META-INF/DEPENDENCIES</exclude>
-		              		</excludes>
-		            	</configuration>
-		          	</execution>
-				</executions>
-			</plugin>
-		</plugins>
-	</build>
-	<dependencies>
-		<dependency>
-			<groupId>junit</groupId>
-			<artifactId>junit</artifactId>
-		</dependency>
-
-		<dependency>
-			<groupId>org.apache.commons</groupId>
-			<artifactId>commons-collections4</artifactId>
-		</dependency>
-		<dependency>
-			<groupId>org.apache.jena</groupId>
-			<artifactId>apache-jena-libs</artifactId>
-			<version>${project.version}</version>
-			<type>pom</type>
-		</dependency>
-		<dependency>
-			<groupId>org.apache.jena</groupId>
-			<artifactId>jena-core</artifactId>
-			<version>${project.version}</version>
-			<classifier>tests</classifier>
-			<scope>test</scope>
-		</dependency>
-		<dependency>
-			<groupId>org.apache.commons</groupId>
-			<artifactId>commons-lang3</artifactId>
-		</dependency>
-		<dependency>
-			<groupId>org.apache.shiro</groupId>
-			<artifactId>shiro-core</artifactId>
-			<version>1.2.2</version>
-			<scope>provided</scope>
-		</dependency>
-	</dependencies>
-</project>

http://git-wip-us.apache.org/repos/asf/jena/blob/b712fb28/jena-security/readme.md
----------------------------------------------------------------------
diff --git a/jena-security/readme.md b/jena-security/readme.md
deleted file mode 100644
index 5feaa42..0000000
--- a/jena-security/readme.md
+++ /dev/null
@@ -1,32 +0,0 @@
-REQUIRES Jena 2.10.0
-
-JenaSecurity is a SecurityEvaluator interface and a set of dynamic proxies that apply that interface to Jena Graphs, Models, and associated methods and classes.
-
-The SecurityEvaluator class must be implemented.  This class provides the interface to the authentication results (e.g. getPrincipal())) and the authorization system.
-
-Create a SecuredGraph by calling Factory.getInstance( SecurityEvaluator, String, Graph );
-Create a SecuredModel by calling Factory.getInstance( SecurityEvaluator, String, Model ) or ModelFactory.createModelForGraph( SecuredGraph );
-
-NOTE: when creating a model by wrapping a secured graph (e.g. ModelFactory.createModelForGraph( SecuredGraph );) the resulting Model does not 
-have the same security requirements that the standard secured model does. 
-
-For instance when creating a list on a secured model calling model.createList( RDFNode[] ); The standard secured model verifies that the user
-has the right to update the triples and allows or denies the entire operation accordingly.  The wrapped secured graph does not have visibility
-to the createList() command and can only operate on the instructions issued by the model.createList() implementation.  In the standard implementation
-the model requests the graph to delete one triple and then insert another.  Thus the user must have delete and add permissions, not the update permission.
-
-There are several other cases where the difference in the layer can trip up the security system.  In all known cases the result is a tighter 
-security definition than was requested.  For simplicity sake we recommend that the wrapped secured graph only be used in cases where access to the
-graph as a whole is granted/denied.  In these cases the user either has all CRUD capabilities or none.
- 
-[] a ja:Model ;
-   sec:baseModel jena:model ;
-   ja:modelName "modelName";
-   sec:evaluatorFactory "javaclass";
-   .
-   
-jena:model  A model defined in the assembler file.
-"modelName" The name of the model as identified in the security manager
-"javaclass" The name of a java class that implements a Evaluator Factory.  The Factory must have static method getInstance() that
-returns a SecurityEvaluator.
-

http://git-wip-us.apache.org/repos/asf/jena/blob/b712fb28/jena-security/src/example/java/org/apache/jena/security/example/ExampleEvaluator.java
----------------------------------------------------------------------
diff --git a/jena-security/src/example/java/org/apache/jena/security/example/ExampleEvaluator.java b/jena-security/src/example/java/org/apache/jena/security/example/ExampleEvaluator.java
deleted file mode 100644
index 3ed244e..0000000
--- a/jena-security/src/example/java/org/apache/jena/security/example/ExampleEvaluator.java
+++ /dev/null
@@ -1,147 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- * 
- * http://www.apache.org/licenses/LICENSE-2.0
- * 
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package org.apache.jena.security.example;
-
-import java.security.Principal;
-import java.util.Set;
-
-import org.apache.http.auth.BasicUserPrincipal;
-import org.apache.jena.security.SecurityEvaluator;
-
-import org.apache.jena.graph.NodeFactory;
-import org.apache.jena.rdf.model.AnonId;
-import org.apache.jena.rdf.model.Model;
-import org.apache.jena.rdf.model.Property;
-import org.apache.jena.rdf.model.RDFNode;
-import org.apache.jena.rdf.model.Resource;
-import org.apache.jena.rdf.model.ResourceFactory;
-import org.apache.jena.vocabulary.RDF;
-
-/**
- * An example evaluator that only provides access to messages in the graph that 
- * are from or to the principal.
- *
- */
-public class ExampleEvaluator implements SecurityEvaluator {
-	
-	private Principal principal;
-	private Model model;
-	private RDFNode msgType = ResourceFactory.createResource( "http://example.com/msg" );
-	private Property pTo = ResourceFactory.createProperty( "http://example.com/to" );
-	private Property pFrom = ResourceFactory.createProperty( "http://example.com/from" );
-	
-	/**
-	 * 
-	 * @param model The graph we are going to evaluate against.
-	 */
-	public ExampleEvaluator( Model model )
-	{
-		this.model = model;
-	}
-	
-	@Override
-	public boolean evaluate(Object principal, Action action, SecNode graphIRI) {
-		// we allow any action on a graph.
-		return true;
-	}
-
-	private boolean evaluate( Object principalObj, Resource r )
-	{
-		Principal principal = (Principal)principalObj;
-		// a message is only available to sender or recipient
-		if (r.hasProperty( RDF.type, msgType ))
-		{
-			return r.hasProperty( pTo, principal.getName() ) ||
-					r.hasProperty( pFrom, principal.getName());
-		}
-		return true;	
-	}
-	
-	private boolean evaluate( Object principal, SecNode node )
-	{
-		if (node.equals( SecNode.ANY )) {
-			return false;  // all wild cards are false
-		}
-		
-		if (node.getType().equals( SecNode.Type.URI)) {
-			Resource r = model.createResource( node.getValue() );
-			return evaluate( principal, r );
-		}
-		else if (node.getType().equals( SecNode.Type.Anonymous)) {
-			Resource r = model.getRDFNode( NodeFactory.createAnon( new AnonId( node.getValue()) ) ).asResource();
-			return evaluate( principal, r );
-		}
-		else
-		{
-			return true;
-		}
-
-	}
-	
-	private boolean evaluate( Object principal, SecTriple triple ) {
-		return evaluate( principal, triple.getSubject()) &&
-				evaluate( principal, triple.getObject()) &&
-				evaluate( principal, triple.getPredicate());
-	}
-	
-	@Override
-	public boolean evaluate(Object principal, Action action, SecNode graphIRI, SecTriple triple) {
-		return evaluate( principal, triple );
-	}
-
-	@Override
-	public boolean evaluate(Object principal, Set<Action> actions, SecNode graphIRI) {
-		return true;
-	}
-
-	@Override
-	public boolean evaluate(Object principal, Set<Action> actions, SecNode graphIRI,
-			SecTriple triple) {
-		return evaluate( principal, triple );
-	}
-
-	@Override
-	public boolean evaluateAny(Object principal, Set<Action> actions, SecNode graphIRI) {
-		return true;
-	}
-
-	@Override
-	public boolean evaluateAny(Object principal, Set<Action> actions, SecNode graphIRI,
-			SecTriple triple) {
-		return evaluate( principal, triple );
-	}
-
-	@Override
-	public boolean evaluateUpdate(Object principal, SecNode graphIRI, SecTriple from, SecTriple to) {
-		return evaluate( principal, from ) && evaluate( principal, to );
-	}
-
-	public void setPrincipal( String userName )
-	{
-		if (userName == null)
-		{
-			principal = null;
-		}
-		principal = new BasicUserPrincipal( userName );
-	}
-	@Override
-	public Principal getPrincipal() {
-		return principal;
-	}
-
-}

http://git-wip-us.apache.org/repos/asf/jena/blob/b712fb28/jena-security/src/example/java/org/apache/jena/security/example/SecurityExample.java
----------------------------------------------------------------------
diff --git a/jena-security/src/example/java/org/apache/jena/security/example/SecurityExample.java b/jena-security/src/example/java/org/apache/jena/security/example/SecurityExample.java
deleted file mode 100644
index 0b7e0d9..0000000
--- a/jena-security/src/example/java/org/apache/jena/security/example/SecurityExample.java
+++ /dev/null
@@ -1,93 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- * 
- * http://www.apache.org/licenses/LICENSE-2.0
- * 
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package org.apache.jena.security.example;
-
-import java.net.URL;
-
-import org.apache.jena.security.Factory;
-
-import org.apache.jena.rdf.model.Model;
-import org.apache.jena.rdf.model.ModelFactory;
-import org.apache.jena.rdf.model.Property;
-import org.apache.jena.rdf.model.RDFNode;
-import org.apache.jena.rdf.model.ResIterator;
-import org.apache.jena.rdf.model.Resource;
-import org.apache.jena.rdf.model.ResourceFactory;
-import org.apache.jena.rdf.model.Statement;
-import org.apache.jena.vocabulary.RDF;
-
-public class SecurityExample {
-
-	/**
-	 * @param args
-	 */
-
-	public static void main(String[] args) {
-		String[] names = { "alice", "bob", "chuck", "darla" };
-
-		RDFNode msgType = ResourceFactory
-				.createResource("http://example.com/msg");
-		Property pTo = ResourceFactory.createProperty("http://example.com/to");
-		Property pFrom = ResourceFactory
-				.createProperty("http://example.com/from");
-		Property pSubj = ResourceFactory
-				.createProperty("http://example.com/subj");
-
-		Model model = ModelFactory.createDefaultModel();
-		URL url = SecurityExample.class.getClassLoader().getResource(
-				"org/apache/jena/security/example/example.ttl");
-		model.read(url.toExternalForm());
-		ResIterator ri = model.listSubjectsWithProperty(RDF.type, msgType);
-		System.out.println("All the messages");
-		while (ri.hasNext()) {
-			Resource msg = ri.next();
-			Statement to = msg.getProperty(pTo);
-			Statement from = msg.getProperty(pFrom);
-			Statement subj = msg.getProperty(pSubj);
-			System.out.println(String.format("%s to: %s  from: %s  subj: %s",
-					msg, to.getObject(), from.getObject(), subj.getObject()));
-		}
-		System.out.println();
-
-		ExampleEvaluator evaluator = new ExampleEvaluator(model);
-		model = Factory.getInstance(evaluator,
-				"http://example.com/SecuredModel", model);
-		for (String userName : names) {
-			evaluator.setPrincipal(userName);
-
-			System.out.println("Messages " + userName + " can manipulate");
-			ri = model.listSubjectsWithProperty(RDF.type, msgType);
-			while (ri.hasNext()) {
-				Resource msg = ri.next();
-				Statement to = msg.getProperty(pTo);
-				Statement from = msg.getProperty(pFrom);
-				Statement subj = msg.getProperty(pSubj);
-				System.out.println(String.format(
-						"%s to: %s  from: %s  subj: %s", msg, to.getObject(),
-						from.getObject(), subj.getObject()));
-			}
-			ri.close();
-			for (String name : names)
-			{
-				System.out.println( String.format( "%s messages to %s", model.listSubjectsWithProperty( pTo, name ).toList().size(), name ) );
-			}
-			System.out.println();
-		}
-	}
-
-}

http://git-wip-us.apache.org/repos/asf/jena/blob/b712fb28/jena-security/src/example/java/org/apache/jena/security/example/ShiroExampleEvaluator.java
----------------------------------------------------------------------
diff --git a/jena-security/src/example/java/org/apache/jena/security/example/ShiroExampleEvaluator.java b/jena-security/src/example/java/org/apache/jena/security/example/ShiroExampleEvaluator.java
deleted file mode 100644
index a1eedef..0000000
--- a/jena-security/src/example/java/org/apache/jena/security/example/ShiroExampleEvaluator.java
+++ /dev/null
@@ -1,235 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- * 
- * http://www.apache.org/licenses/LICENSE-2.0
- * 
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package org.apache.jena.security.example;
-
-import java.util.Set;
-
-import org.apache.jena.security.SecurityEvaluator;
-import org.apache.shiro.SecurityUtils;
-import org.apache.shiro.subject.Subject;
-import org.slf4j.Logger;
-import org.slf4j.LoggerFactory;
-
-import org.apache.jena.graph.NodeFactory;
-import org.apache.jena.rdf.model.AnonId;
-import org.apache.jena.rdf.model.Model;
-import org.apache.jena.rdf.model.Property;
-import org.apache.jena.rdf.model.RDFNode;
-import org.apache.jena.rdf.model.Resource;
-import org.apache.jena.rdf.model.ResourceFactory;
-import org.apache.jena.vocabulary.RDF;
-
-/**
- * Class to use Shiro to provide credentials.
- * 
- * An example evaluator that only provides access to messages in the graph that 
- * are from or to the principal.
- *
- */
-public class ShiroExampleEvaluator implements SecurityEvaluator {
-
-	private static final Logger LOG = LoggerFactory.getLogger(ShiroExampleEvaluator.class);
-	// the model that contains the messages.
-	private Model model;
-	private RDFNode msgType = ResourceFactory.createResource( "http://example.com/msg" );
-	private Property pTo = ResourceFactory.createProperty( "http://example.com/to" );
-	private Property pFrom = ResourceFactory.createProperty( "http://example.com/from" );
-	
-	/**
-	 * 
-	 * @param model The graph we are going to evaluate against.
-	 */
-	public ShiroExampleEvaluator( Model model )
-	{
-		this.model = model;
-	}
-	
-	/**
-	 * We allow any action on the graph itself, so this is always true.
-	 */
-	@Override
-	public boolean evaluate(Object principal, Action action, SecNode graphIRI) {
-		// we allow any action on a graph.
-		return true;
-	}
-
-	/**
-	 * This is our internal check to see if the user may access the resource.
-	 * This method is called from the evauate(Object,SecNode) method.
-	 * A user may only access the resource if they are authenticated, and are either the
-	 * sender or the recipient.
-	 * Additionally the admin can always see the messages.
-	 * @param principalObj
-	 * @param r
-	 * @return
-	 */
-	private boolean evaluate( Object principalObj, Resource r )
-	{
-		// cast to the Subject because we know that it comes from Shiro and that
-		// our getPrincipal() method returns a Subject.
-		Subject subject = (Subject)principalObj;
-		if (! subject.isAuthenticated())
-		{
-			LOG.info( "User not authenticated");
-			return false;
-		}
-		// a message is only available to sender or recipient
-		LOG.debug( "checking {}", subject.getPrincipal());
-		Object principal = subject.getPrincipal();
-		
-		// We put the admin check here but it could have been done much earlier.
-		if ("admin".equals(principal.toString()))
-		{
-			return true;
-		}
-		// if we are looking at a message object then check the restrictions.
-		if (r.hasProperty( RDF.type, msgType ))
-		{
-			return r.hasProperty( pTo, subject.getPrincipal().toString() ) ||
-					r.hasProperty( pFrom, subject.getPrincipal().toString());
-		}
-		// otherwise user can see the object.
-		return true;	
-	}
-	
-	/**
-	 * Check that the user can see a specific node.
-	 * @param principal
-	 * @param node
-	 * @return
-	 */
-	private boolean evaluate( Object principal, SecNode node )
-	{
-		// Access to wild card is false -- this forces checks to the acutal nodes
-		// to be returned.
-		// we could have checked for admin access here and returned true since the admin
-		// can see any node.
-		if (node.equals( SecNode.ANY )) {
-			return false;  
-		}
-		
-		// URI nodes are retrieved from the model and evaluated
-		if (node.getType().equals( SecNode.Type.URI)) {
-			Resource r = model.createResource( node.getValue() );
-			return evaluate( principal, r );
-		}
-		// anonymous nodes have to be retrieved from the model as anonymous nodes.
-		else if (node.getType().equals( SecNode.Type.Anonymous)) {
-			Resource r = model.getRDFNode( NodeFactory.createAnon( new AnonId( node.getValue()) ) ).asResource();
-			return evaluate( principal, r );
-		}
-		// anything else (literals) can be seen.
-		else
-		{
-			return true;
-		}
-
-	}
-	
-	/**
-	 * Evaluate if the user can see the triple.
-	 * @param principal
-	 * @param triple
-	 * @return
-	 */
-	private boolean evaluate( Object principal, SecTriple triple ) {
-		// we could have checked here to see if the principal was the admin and 
-		// just returned true since the admin can perform any operation on any triple.
-		return evaluate( principal, triple.getSubject()) &&
-				evaluate( principal, triple.getObject()) &&
-				evaluate( principal, triple.getPredicate());
-	}
-	
-	/**
-	 * As per our design, users can do anything with triples they have access to, so we just
-	 * ignore the action parameter.  If we were to implement rules restricted access based 
-	 * upon action this method would sort those out appropriately.
-	 */
-	@Override
-	public boolean evaluate(Object principal, Action action, SecNode graphIRI, SecTriple triple) {
-		// we could have checked here to see if the principal was the admin and 
-		// just returned true since the admin can perform any operation on any triple.
-		return evaluate( principal, triple );
-	}
-
-	/**
-	 * As per our design, users can access any graph.  If we were to implement rules that 
-	 * restricted user access to specific graphs, those checks would be here and we would 
-	 * return <code>false</code> if they were not allowed to access the graph.  Note that this
-	 * method is checking to see that the user may perform ALL the actions in the set on the
-	 * graph.
-	 */
-	@Override
-	public boolean evaluate(Object principal, Set<Action> actions, SecNode graphIRI) {
-		return true;
-	}
-
-	/**
-	 * As per our design, users can access any triple from a message that is from or to them.  
-	 * Since we don't have restrictions on actions this is no different then checking access
-	 * for a single action.
-	 */
-	@Override
-	public boolean evaluate(Object principal, Set<Action> actions, SecNode graphIRI,
-			SecTriple triple) {
-		return evaluate( principal, triple );
-	}
-
-	/**
-	 * As per our design, users can access any graph.  If we were to implement rules that 
-	 * restricted user access to specific graphs, those checks would be here and we would 
-	 * return <code>false</code> if they were not allowed to access the graph.  Note that this
-	 * method is checking to see that the user may perform ANY of the actions in the set on the
-	 * graph.
-	 */
-	@Override
-	public boolean evaluateAny(Object principal, Set<Action> actions, SecNode graphIRI) {
-		return true;
-	}
-
-	/**
-	 * As per our design, users can access any triple from a message that is from or to them.  
-	 * Since we don't have restrictions on actions this is no different then checking access
-	 * for a single action.
-	 */
-	@Override
-	public boolean evaluateAny(Object principal, Set<Action> actions, SecNode graphIRI,
-			SecTriple triple) {
-		return evaluate( principal, triple );
-	}
-
-	/**
-	 * As per our design, users can access any triple from a message that is from or to them.  
-	 * So for an update they can only change triples they have access to into other triples 
-	 * they have access to. (e.g. they can not remvoe themself from the messsage). 
-	 */
-	@Override
-	public boolean evaluateUpdate(Object principal, SecNode graphIRI, SecTriple from, SecTriple to) {
-		return evaluate( principal, from ) && evaluate( principal, to );
-	}
-
-	/**
-	 * Return the Shiro subject.  This is the subject that Shiro currently has logged in.
-	 */
-	@Override
-	public Object getPrincipal() {
-		return SecurityUtils.getSubject();
-	}
-
-
-}

http://git-wip-us.apache.org/repos/asf/jena/blob/b712fb28/jena-security/src/example/resources/org/apache/jena/security/example/example.ttl
----------------------------------------------------------------------
diff --git a/jena-security/src/example/resources/org/apache/jena/security/example/example.ttl b/jena-security/src/example/resources/org/apache/jena/security/example/example.ttl
deleted file mode 100644
index 7047629..0000000
--- a/jena-security/src/example/resources/org/apache/jena/security/example/example.ttl
+++ /dev/null
@@ -1,49 +0,0 @@
-# Licensed to the Apache Software Foundation (ASF) under one
-# or more contributor license agreements.  See the NOTICE file
-# distributed with this work for additional information
-# regarding copyright ownership.  The ASF licenses this file
-# to you under the Apache License, Version 2.0 (the
-# "License"); you may not use this file except in compliance
-# with the License.  You may obtain a copy of the License at
-#
-#     http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-@prefix ex: <http://example.com/> .
-@prefix rdf: <http://www.w3.org/1999/02/22-rdf-syntax-ns#> .
-
-ex:msg1 rdf:type ex:msg; 
-	ex:to "bob";
-	ex:from "alice" ;
-	ex:subj "alice to bob 1";
-	.
-
-ex:msg2  rdf:type ex:msg; 
-	ex:to "alice";
-	ex:from "bob";
-	ex:subj "bob to alice 1";
-	.
-	
-ex:msg3  rdf:type ex:msg; 
-	ex:to "chuck" ;
-	ex:from "alice";
-	ex:subj "alice to chuck 1";
-	.
-	
-ex:msg4  rdf:type ex:msg; 
-	ex:to "darla" ;
-	ex:from "bob" ;
-	ex:subj "bob to darla 1"
-	.
-
-ex:msg5  rdf:type ex:msg; 
-	ex:to "alice";
-	ex:from "bob";
-	ex:subj "bob to alice 2";
-	.
-	
\ No newline at end of file

http://git-wip-us.apache.org/repos/asf/jena/blob/b712fb28/jena-security/src/example/resources/org/apache/jena/security/example/fuseki/config.ttl
----------------------------------------------------------------------
diff --git a/jena-security/src/example/resources/org/apache/jena/security/example/fuseki/config.ttl b/jena-security/src/example/resources/org/apache/jena/security/example/fuseki/config.ttl
deleted file mode 100644
index a748f01..0000000
--- a/jena-security/src/example/resources/org/apache/jena/security/example/fuseki/config.ttl
+++ /dev/null
@@ -1,98 +0,0 @@
-# Licensed to the Apache Software Foundation (ASF) under one
-# or more contributor license agreements.  See the NOTICE file
-# distributed with this work for additional information
-# regarding copyright ownership.  The ASF licenses this file
-# to you under the Apache License, Version 2.0 (the
-# "License"); you may not use this file except in compliance
-# with the License.  You may obtain a copy of the License at
-#
-#     http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-##
-## Define all the prefixes 
-##
-
-@prefix fuseki:  <http://jena.apache.org/fuseki#> .
-@prefix rdf:     <http://www.w3.org/1999/02/22-rdf-syntax-ns#> .
-@prefix rdfs:    <http://www.w3.org/2000/01/rdf-schema#> .
-@prefix ja:      <http://jena.hpl.hp.com/2005/11/Assembler#> .
-@prefix sec:    <http://apache.org/jena/security/Assembler#> .
-@prefix my:     <http://example.org/#> .
-
-##
-## Load the SecuredAssembler class from the security library and define 
-## the sec:Model as a subclass of ja:NamedModel.
-##
-[] ja:loadClass    "org.apache.jena.security.SecuredAssembler" .
-sec:Model       rdfs:subClassOf  ja:NamedModel .
-
-##
-## Define the base model that contains the unsecured data.
-##
-my:baseModel rdf:type ja:MemoryModel;
-    ja:content [ja:externalContent <file:./example.ttl>] 
-    .   
-
-##
-## Define the secured model.  This is where permissions is applied to the 
-## my:baseModel to create a model that has permission restrictions.  Note 
-## that it is using the security evaluator implementation (sec:evaluatorImpl) 
-## called my:secEvaluator which we will define next.
-##
-my:securedModel rdf:type sec:Model ;
-    sec:baseModel my:baseModel ;
-    ja:modelName "https://example.org/securedModel" ;
-    sec:evaluatorImpl my:secEvaluator .
-  
-##
-## Define the security evaluator.  This is where we use the example 
-## ShiroExampleEvaluator.  For your production environment you will replace 
-## "org.apache.jena.security.example.ShiroExampleEvaluator"  with your 
-## SecurityEvaluator implementation.  Note that  ShiroExampleEvaluator constructor 
-## takes a Model argument.  We pass in the unsecured baseModel so that the evaluator 
-## can read it unencumbered.  Your implementation of SecurityEvaluator may have different 
-## parameters to meet your specific needs.
-##  
-my:secEvaluator rdf:type sec:Evaluator ;
-    sec:args [  
-        rdf:_1 my:baseModel ;
-    ] ;
-    sec:evaluatorClass "org.apache.jena.security.example.ShiroExampleEvaluator" .
-
-##
-## Define the dataset that we will use for in the server.
-##
-my:securedDataset rdf:type ja:RDFDataset ;
-   ja:defaultGraph my:securedModel .
-
-##
-## Define the fuseki:Server.
-##
-my:fuskei rdf:type fuseki:Server ;
-   fuseki:services (
-     my:service1
-   ) .
-
-##
-## Define the service for the fuseki:Service.  Note that the fuseki:dataset served by 
-## this server is the secured dataset defined above.    
-##
-my:service1 rdf:type fuseki:Service ;
-    rdfs:label                        "My Secured Data Service" ;
-    fuseki:name                       "myAppFuseki" ;       # http://host:port/myAppFuseki
-    fuseki:serviceQuery               "query" ;    # SPARQL query service
-    fuseki:serviceQuery               "sparql" ;   # SPARQL query service
-    fuseki:serviceUpdate              "update" ;   # SPARQL query service
-    fuseki:serviceUpload              "upload" ;   # Non-SPARQL upload service
-    fuseki:serviceReadWriteGraphStore "data" ;     # SPARQL Graph store protocol (read and write)
-    # A separate ead-only graph store endpoint:
-    fuseki:serviceReadGraphStore      "get" ;      # SPARQL Graph store protocol (read only)
-    fuseki:dataset                   my:securedDataset ;
-    .
-    

http://git-wip-us.apache.org/repos/asf/jena/blob/b712fb28/jena-security/src/example/resources/org/apache/jena/security/example/fuseki/shiro.ini
----------------------------------------------------------------------
diff --git a/jena-security/src/example/resources/org/apache/jena/security/example/fuseki/shiro.ini b/jena-security/src/example/resources/org/apache/jena/security/example/fuseki/shiro.ini
deleted file mode 100644
index a9fbf71..0000000
--- a/jena-security/src/example/resources/org/apache/jena/security/example/fuseki/shiro.ini
+++ /dev/null
@@ -1,47 +0,0 @@
-# Licensed to the Apache Software Foundation (ASF) under one
-# or more contributor license agreements.  See the NOTICE file
-# distributed with this work for additional information
-# regarding copyright ownership.  The ASF licenses this file
-# to you under the Apache License, Version 2.0 (the
-# "License"); you may not use this file except in compliance
-# with the License.  You may obtain a copy of the License at
-#
-#     http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-[main]
-# Development
-ssl.enabled = false 
-
-plainMatcher=org.apache.shiro.authc.credential.SimpleCredentialsMatcher
-#iniRealm=org.apache.shiro.realm.text.IniRealm 
-iniRealm.credentialsMatcher = $plainMatcher
-
-localhost=org.apache.jena.fuseki.authz.LocalhostFilter
-
-[users]
-# Implicitly adds "iniRealm =  org.apache.shiro.realm.text.IniRealm"
-admin=admin
-alice=alice
-bob=bob
-chuck=chuck
-darla=darla
-
-[roles]
-
-[urls]
-## Control functions open to anyone
-/$/status = anon
-/$/ping   = anon
-
-## restrict access.  Must log in with above.
-/$/** = authcBasic,user
-
-
-# Everything else
-/**=anon

http://git-wip-us.apache.org/repos/asf/jena/blob/b712fb28/jena-security/src/main/java/org/apache/jena/security/AccessDeniedException.java
----------------------------------------------------------------------
diff --git a/jena-security/src/main/java/org/apache/jena/security/AccessDeniedException.java b/jena-security/src/main/java/org/apache/jena/security/AccessDeniedException.java
deleted file mode 100644
index 3c0654d..0000000
--- a/jena-security/src/main/java/org/apache/jena/security/AccessDeniedException.java
+++ /dev/null
@@ -1,66 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- * 
- * http://www.apache.org/licenses/LICENSE-2.0
- * 
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-package org.apache.jena.security;
-
-import org.apache.jena.security.SecurityEvaluator.Action;
-import org.apache.jena.security.SecurityEvaluator.SecNode;
-
-/**
- * Exception thrown by the security system when an action is not allowed.
- * 
- * Contains the graphIRI and the action that was not allowed.
- */
-public class AccessDeniedException extends RuntimeException
-{
-	private static final long serialVersionUID = 2789332975364811725L;
-
-	private String triple;
-
-	/**
-	 * Constructor.
-	 * @param uri The SecNode that identifies graph with the security.
-	 * @param action The action that was prohibited.
-	 */
-	public AccessDeniedException( final SecNode uri, final Action action )
-	{
-		super(String.format("securedModel sec. %s: %s", uri, action));
-	}
-
-	/**
-	 * Constructor.
-	 * @param uri The SecNode that identifies graph with the security.
-	 * @param triple The triple The triple on which the action was prohibited.
-	 * @param action The action that was prohibited.
-	 */
-	public AccessDeniedException( final SecNode uri, final String triple,
-			final Action action )
-	{
-		super(String.format("triple sec. %s: %s", uri, action));
-		this.triple = triple;
-	}
-
-	/**
-	 * @return The triple on which the action was prohibited.  May be null.
-	 */
-	public String getTriple()
-	{
-		return triple;
-	}
-
-}

http://git-wip-us.apache.org/repos/asf/jena/blob/b712fb28/jena-security/src/main/java/org/apache/jena/security/AssemblerConstants.java
----------------------------------------------------------------------
diff --git a/jena-security/src/main/java/org/apache/jena/security/AssemblerConstants.java b/jena-security/src/main/java/org/apache/jena/security/AssemblerConstants.java
deleted file mode 100644
index 700883e..0000000
--- a/jena-security/src/main/java/org/apache/jena/security/AssemblerConstants.java
+++ /dev/null
@@ -1,62 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements.  See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership.  The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License.  You may obtain a copy of the License at
- *
- *     http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-package org.apache.jena.security;
-
-import org.apache.jena.rdf.model.Property ;
-import org.apache.jena.rdf.model.ResourceFactory ;
-
-public interface AssemblerConstants {
-	public static final String URI = "http://apache.org/jena/security/Assembler#";
-	/**
-	 * Property named URI+"evaluatorFactory"
-	 */
-	public static final Property EVALUATOR_FACTORY =  
-			ResourceFactory.createProperty( URI + "evaluatorFactory" );
-	/**
-	 * Property named URI+"Model"
-	 */
-	public static final Property SECURED_MODEL = ResourceFactory.createProperty( URI + "Model" ); 
-	/**
-	 * Property named URI+"baseModel"
-	 */	
-    public static final Property BASE_MODEL = ResourceFactory.createProperty( URI + "baseModel" ); 
-	/**
-	 * Property named URI+"Evaluator"
-	 */
-    public static final Property EVALUATOR_ASSEMBLER = ResourceFactory.createProperty( URI+"Evaluator" ); 
-    /**
-	 * Property named URI+"evaluatorImpl"
-	 */
-	public static final Property EVALUATOR_IMPL =  
-			ResourceFactory.createProperty( URI + "evaluatorImpl" );
-	
-	/**
-	 * Property named URI+"evaluatorClass"
-	 */
-	public static final Property EVALUATOR_CLASS =  
-			ResourceFactory.createProperty( URI + "evaluatorClass" );
-	   /**
-		 * Property named URI+"evaluatorImpl"
-		 */
-	public static final Property ARGUMENT_LIST =  
-				ResourceFactory.createProperty( URI + "args" );
-	
-	// message formats
-    public static final String NO_X_PROVIDED = "No %s provided for %s";
-}

http://git-wip-us.apache.org/repos/asf/jena/blob/b712fb28/jena-security/src/main/java/org/apache/jena/security/Factory.java
----------------------------------------------------------------------
diff --git a/jena-security/src/main/java/org/apache/jena/security/Factory.java b/jena-security/src/main/java/org/apache/jena/security/Factory.java
deleted file mode 100644
index 1ae3579..0000000
--- a/jena-security/src/main/java/org/apache/jena/security/Factory.java
+++ /dev/null
@@ -1,69 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- * 
- * http://www.apache.org/licenses/LICENSE-2.0
- * 
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package org.apache.jena.security;
-
-import org.apache.jena.graph.Graph ;
-import org.apache.jena.rdf.model.Model ;
-import org.apache.jena.security.graph.SecuredGraph;
-import org.apache.jena.security.model.SecuredModel;
-
-/**
- * The factory that can be used to create an instance of a SecuredGraph or a SecuredModel.
- */
-public class Factory
-{
-
-	/**
-	 * Create an instance of the SecuredGraph
-	 * 
-	 * @param securityEvaluator
-	 *            The security evaluator to use
-	 * @param graphIRI
-	 *            The IRI for the graph.
-	 * @param graph
-	 *            The graph that we are wrapping.
-	 * @return the graph secured under the name graphIRI
-	 */
-	public static SecuredGraph getInstance(
-			final SecurityEvaluator securityEvaluator, final String graphIRI,
-			final Graph graph )
-	{
-
-		return org.apache.jena.security.graph.impl.Factory.getInstance(
-				securityEvaluator, graphIRI, graph);
-	}
-
-	/**
-	 * Get an instance of SecuredModel
-	 * 
-	 * @param securityEvaluator
-	 *            The security evaluator to use
-	 * @param modelIRI
-	 *            The securedModel IRI (graph IRI) to evaluate against.
-	 * @param model
-	 *            The model to secure.
-	 * @return the model secured under the name modelIRI
-	 */
-	public static SecuredModel getInstance(
-			final SecurityEvaluator securityEvaluator, final String modelIRI,
-			final Model model )
-	{
-		return org.apache.jena.security.model.impl.SecuredModelImpl.getInstance(
-				securityEvaluator, modelIRI, model);
-	}
-}

http://git-wip-us.apache.org/repos/asf/jena/blob/b712fb28/jena-security/src/main/java/org/apache/jena/security/SecuredAssembler.java
----------------------------------------------------------------------
diff --git a/jena-security/src/main/java/org/apache/jena/security/SecuredAssembler.java b/jena-security/src/main/java/org/apache/jena/security/SecuredAssembler.java
deleted file mode 100644
index 02b255d..0000000
--- a/jena-security/src/main/java/org/apache/jena/security/SecuredAssembler.java
+++ /dev/null
@@ -1,264 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- * 
- * http://www.apache.org/licenses/LICENSE-2.0
- * 
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package org.apache.jena.security;
-
-import java.lang.reflect.InvocationTargetException;
-import java.lang.reflect.Method;
-import java.lang.reflect.Modifier;
-
-import org.apache.jena.assembler.Assembler ;
-import org.apache.jena.assembler.JA ;
-import org.apache.jena.assembler.Mode ;
-import org.apache.jena.assembler.assemblers.AssemblerGroup ;
-import org.apache.jena.assembler.assemblers.ModelAssembler ;
-import org.apache.jena.assembler.exceptions.AssemblerException ;
-import org.apache.jena.rdf.model.Literal ;
-import org.apache.jena.rdf.model.Model ;
-import org.apache.jena.rdf.model.Resource ;
-import org.apache.jena.sparql.util.MappingRegistry ;
-
-/**
- * Assembler for a secured model.
- *  
- * <p>
- * The assembler file should include the following
- * <code><pre>
- * <>; ja:loadClass	"org.apache.jena.security.SecuredAssembler" .
- * 
- * sec:Model rdfs:subClassOf ja:NamedModel .
- * 
- * sec:evaluator rdfs:domain sec:Model ;
- *               rdfs:range sec:Evaluator .
- * </pre></code>
- * 
- * The model definition should include something like.
- * 
- * <code><pre>
- * my:secModel a sec:Model ;
- *    sec:baseModel my:baseModel ;
- *    ja:modelName "http://example.com/securedModel" ;
- *    sec:evaluatorFactory "org.apache.jena.security.MockSecurityEvaluator" ;
- *    .
- * </pre></code>
- * 
- * Terms used in above example:
- * 
- * <dl>
- * <dt>my:secModel</dt>
- * <dd>The secured model as referenced in the assembler file.</dd>
- * 
- * <dt>sec:Model</dt>
- * <dd>Identifes my:secModel as a secured model</dd>
- * 
- * <dt>sec:baseModel</dt>
- * <dd>Identifies my:baseModel as the base model we are applying security to</dd>
- * 
- * <dt>my:baseModel</dt>
- * <dd>a ja:Model (or subclass) defined elsewhere in the assembler file</dd>
- *  
- * <dt>ja:modelName</dt>
- * <dd>The name of the graph as it will be addressed in the security environment 
- * (see ja:NamedModel examples from Jena)</dd>
- * 
- * <dt>sec:evaluatorFactory</dt>
- * <dd>Identifies "org.apache.jena.security.MockSecurityEvaluator" as the java class 
- * that implements an Evaluator Factory.  The Factory must have 
- * static method <code>getInstance()</code> that returns a SecurityEvaluator.</dd>
- * </dl>
- * 
- * or if using an evaluator assembler
- * 
- * <code><pre>
- * my:secModel a sec:Model ;
- *    sec:baseModel my:baseModel ;
- *    ja:modelName "http://example.com/securedModel" ;
- *    sec:evaluatorImpl ex:myEvaluator;
- *    .
- *    
- * ex:myEvaluator a sec:Evaluator ;
- *    ex:arg1 "argument 1 for my evaluator constructor" ;
- *    ex:arg2 "argument 2 for my evaluator constructor" ;
- *    .
- *    
- * </pre></code>
- * 
- * Terms used in above example:
- * 
- * <dl>
- * <dt>my:secModel</dt>
- * <dd>The secured model as referenced in the assembler file.</dd>
- * 
- * <dt>sec:Model</dt>
- * <dd>Identifes my:secModel as a secured model</dd>
- * 
- * <dt>sec:baseModel</dt>
- * <dd>Identifies my:baseModel as the base model we are applying security to</dd>
- * 
- * <dt>my:baseModel</dt>
- * <dd>a ja:Model (or subclass) defined elsewhere in the assembler file</dd>
- *  
- * <dt>ja:modelName</dt>
- * <dd>The name of the graph as it will be addressed in the security environment 
- * (see ja:NamedModel examples from Jena)</dd>
- * 
- * <dt>sec:evaluatorImpl</dt>
- * <dd>Identifies ex:myEvaluator as a SecurityEvaluator defined elsewhere in the assembler file.
- * It must subclass as a sec:Evaluator.</dd>
- * </dd>
- * 
- * <dt>ex:arg1 and ex:arg2</dt>
- * <dd>Arguments as defined by the user defined security evaluator assembler.</dd>
- * </dl>
-
- * </p>
- * 
- */
-public class SecuredAssembler extends ModelAssembler implements AssemblerConstants {
-	private static boolean initialized;
-	
-    // message formats
-    private static final String ERROR_FINDING_FACTORY = "Error finding factory class %s:  %s";
-    
-	static { init() ; }
-    
-	/**
-	 * Initialize the assembler.
-	 * Registers the prefix "sec" with the uri http://apache.org/jena/security/Assembler#
-	 * and registers this assembler with the uri http://apache.org/jena/security/Assembler#Model
-	 */
-    static synchronized public void init()
-    {
-        if ( initialized )
-            return ;
-        MappingRegistry.addPrefixMapping("sec", URI) ;
-        registerWith(Assembler.general) ;
-        initialized = true ;
-    }
-    
-    /**
-     * Register this assembler in the assembler group.
-     * @param group The assembler group to register with.
-     */
-    static void registerWith(AssemblerGroup group)
-    {
-    	if ( group == null )
-            group = Assembler.general ;
-        group.implementWith( SECURED_MODEL, new SecuredAssembler()) ;  
-        group.implementWith( EVALUATOR_ASSEMBLER, new SecurityEvaluatorAssembler());
-    }
-	
-	@Override
-	public Model open(Assembler a, Resource root, Mode mode) {
-
-		Resource rootModel = getUniqueResource( root, BASE_MODEL );
-		if (rootModel == null)
-		{
-			throw new AssemblerException( root, String.format( NO_X_PROVIDED, BASE_MODEL, root ));
-		}
-		Model baseModel = a.openModel(rootModel, Mode.ANY); 
-	
-		Literal modelName = getUniqueLiteral( root, JA.modelName );
-		if (modelName == null)
-		{
-			throw new AssemblerException( root, String.format( NO_X_PROVIDED, JA.modelName, root ));
-		}
-		
-		Literal factoryName = getUniqueLiteral( root, EVALUATOR_FACTORY );
-		Resource evaluatorImpl = getUniqueResource( root, EVALUATOR_IMPL );
-		if (factoryName == null && evaluatorImpl == null)
-		{
-			throw new AssemblerException( root, 
-					String.format( "Either a %s or a %s must be provided for %s" , 
-							EVALUATOR_FACTORY, EVALUATOR_IMPL, root ));
-		}
-		if (factoryName != null && evaluatorImpl != null)
-		{
-			throw new AssemblerException( root, 
-					String.format( "May not specify both a %s and a %s for %s" , 
-							EVALUATOR_FACTORY, EVALUATOR_IMPL, root ));
-		}
-		SecurityEvaluator securityEvaluator = null;
-		if (factoryName != null)
-		{
-			securityEvaluator = executeEvaluatorFactory( root, factoryName );
-		}
-		if (evaluatorImpl != null)
-		{
-			securityEvaluator = getEvaluatorImpl( a, evaluatorImpl );
-		}
-		return Factory.getInstance(securityEvaluator, modelName.asLiteral().getString(), baseModel);
-			
-	}
-
-	@Override
-	protected Model openEmptyModel(Assembler a, Resource root, Mode mode) {
-		return open(a, root, mode);
-	}
-
-	private SecurityEvaluator executeEvaluatorFactory(Resource root, Literal factoryName ) {
-		try
-		{
-			Class<?> factoryClass = Class.forName( factoryName.getString() );
-			Method method = factoryClass.getMethod("getInstance" );
-			if ( ! SecurityEvaluator.class.isAssignableFrom(method.getReturnType()))
-			{
-				throw new AssemblerException( root, String.format( "%s (found at %s for %s) getInstance() must return an instance of SecurityEvaluator", factoryName, EVALUATOR_FACTORY, root ));
-			}
-			if ( ! Modifier.isStatic( method.getModifiers()))
-			{
-				throw new AssemblerException( root, String.format( "%s (found at %s for %s) getInstance() must be a static method", factoryName, EVALUATOR_FACTORY, root ));			
-			}
-			return (SecurityEvaluator) method.invoke( null );
-		}
-		catch (SecurityException e)
-		{
-			throw new AssemblerException( root, String.format( ERROR_FINDING_FACTORY, factoryName, e.getMessage() ), e);			
-		}
-		catch (IllegalArgumentException e)
-		{
-			throw new AssemblerException( root, String.format( ERROR_FINDING_FACTORY, factoryName, e.getMessage() ), e);			
-		}
-		catch (ClassNotFoundException e)
-		{
-			throw new AssemblerException( root, String.format( "Class %s (found at %s for %s) could not be loaded", factoryName, EVALUATOR_FACTORY, root ));
-		}
-		catch (NoSuchMethodException e)
-		{
-			throw new AssemblerException( root, String.format( "%s (found at %s for %s) must implement a static getInstance() that returns an instance of SecurityEvaluator", factoryName, EVALUATOR_FACTORY, root ));
-		}
-		catch (IllegalAccessException e)
-		{
-			throw new AssemblerException( root, String.format( ERROR_FINDING_FACTORY, factoryName, e.getMessage() ), e);			
-		}
-		catch (InvocationTargetException e)
-		{
-			throw new AssemblerException( root, String.format( ERROR_FINDING_FACTORY, factoryName, e.getMessage() ), e);			
-		}
-	}
-	
-	private SecurityEvaluator getEvaluatorImpl(Assembler a, Resource evaluatorImpl ) {
-		Object obj = a.open(a, evaluatorImpl, Mode.ANY);
-		if (obj instanceof SecurityEvaluator)
-		{
-			return (SecurityEvaluator) obj;
-		}
-		throw new AssemblerException( evaluatorImpl, String.format( 
-				"%s does not specify a SecurityEvaluator instance",  evaluatorImpl));
-	}
-
-}

http://git-wip-us.apache.org/repos/asf/jena/blob/b712fb28/jena-security/src/main/java/org/apache/jena/security/SecurityEvaluator.java
----------------------------------------------------------------------
diff --git a/jena-security/src/main/java/org/apache/jena/security/SecurityEvaluator.java b/jena-security/src/main/java/org/apache/jena/security/SecurityEvaluator.java
deleted file mode 100644
index c700090..0000000
--- a/jena-security/src/main/java/org/apache/jena/security/SecurityEvaluator.java
+++ /dev/null
@@ -1,616 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package org.apache.jena.security;
-
-import java.util.Arrays;
-import java.util.Collection;
-import java.util.LinkedHashSet;
-import java.util.Set;
-
-import org.apache.commons.lang3.builder.HashCodeBuilder;
-
-/**
- * SecurityEvaluator.
- * <p>
- * The security evaluator is the link between the graph security system and an
- * external security system. This interface specifies the methods that are
- * required by the graph security system. It is assumed that the implementation
- * will handle tracking the current user and will query some underlying data
- * source to determine what actions the user can and can not take.
- * </p>
- * <p>
- * All questions of white listing or black listing will be handled in the
- * concrete implementation.
- * </p>
- * <p>
- * Implementations of this class should probably cache any evaluate calculations
- * as the evaluate methods are called frequently. However, the underlying
- * classes do cache results within a single method check.
- * </p>
- * <p>
- * <dl>
- * <dt>Secured operations</dt>
- * <dd>The security system recognizes and secures each of the CRUD (Create,
- * Read, Update and Delete) operations as represented by the Action enumeration.
- * </dd>
- * </dl>
- * <dl>
- * <dt>Levels of security</dt>
- * <dd>The security interfaces operates at two (2) levels: graph (or Model) and
- * triple.
- * <p>
- * At the the graph level the security evaluator may restrict CRUD access to the
- * graph or model as a whole. When evaluating the restriction, if the user it
- * not permitted to perform the operation on the graph or model access is
- * denied. If the user is permitted any triple restrictions are evaluated.
- * </p>
- * <p>
- * At the triple level the security evaluator may restrict CRUD access to
- * specific triples. In order to skip potentially expensive triple security
- * checks the system will generally ask if the user is permitted the CRUD action
- * on any triple. This is represented by the SecTriple
- * <code>(ANY, ANY, ANY)</code>.
- * <ul>
- * <li>
- * If the system does not support triple level security the system should always
- * return <code>true</code>.</li>
- * If the system does support triple level security and is unable to verify that
- * the user can execute the CRUD action against any arbitrary triple the system
- * should return <code>false</code>. </li>
- * <li>See <code>SecNode.ANY</code>, <code>SecNode.FUTURE</code>, and
- * <code>SecNode.VARIABLE</code> for discussion of specifics of their respective
- * usages.</li>
- * </ul>
- * </p>
- * </dd>
- * </dl>
- * <dl>
- * <dt>
- *
- * </p>
- */
-public interface SecurityEvaluator {
-	/**
-	 * Identifies a sepcific CRUD actions.
-	 */
-	static enum Action {
-		/**
-		 * Allow creation of the object in question.
-		 */
-		Create,
-		/**
-		 * Allow the user to read the object in question.
-		 */
-		Read,
-		/**
-		 * Allow the user to update the object in question
-		 */
-		Update,
-		/**
-		 * Allow the user to delete the object in question.
-		 */
-		Delete
-
-	}
-
-	/**
-	 * A node in the evaluation.
-	 * <p>
-	 * A node with no value represents a node of that type but unknown
-	 * exactitude. (e.g. <code>SecNode(URI,"")</code> is a URI but of unknown
-	 * value. Useful for systems that restrict type creation.
-	 * </p>
-	 * <p>
-	 * <code>SecNode(Anonymous,"")</code> represents an anonymous node that will
-	 * be created. Otherwise anonymous node values are the values within the
-	 * secured graph.
-	 * </p>
-	 * <p>
-	 * An "Any" node type matches any node.
-	 * </p>
-	 */
-	public static class SecNode implements Comparable<SecNode> {
-
-		/**
-		 * The types of nodes.
-		 */
-		public static enum Type {
-			/**
-			 * A URI type node
-			 */
-			URI,
-			/**
-			 * A Literal node.
-			 */
-			Literal,
-			/**
-			 * An anonymous node. Also called a "blank" node.
-			 */
-			Anonymous,
-			/**
-			 * Any node.
-			 */
-			Any
-		}
-
-		/**
-		 * Matches any node in the security system.
-		 * <p>
-		 * Used in triple checks as follows:
-		 * <dl>
-		 * <dt><code>(ANY, ANY, ANY)</code></dt>
-		 * <dd>Asks if the user may perform the action on any triple.</dd>
-		 * <dt><code>(X, ANY, ANY)</code></dt>
-		 * <dd>Asks if the user may perform the action against any triple where
-		 * X is the subject.</dd>
-		 * <dt><code>(ANY, X, ANY)</code></dt>
-		 * <dd>Asks if the user may perform the action against any triple where
-		 * X is the predicate.</dd>
-		 * <dt><code>(SecNode.ANY, SecNode.ANY, SecNode.X)</code></dt>
-		 * <dd>Asks if if the user may perform the action against any triple
-		 * where X is the object.</dd>
-		 * </dl>
-		 * The <code>ANY</code> may occur multiple times and may occur with the
-		 * <code>VARIABLE</code> and/or <code>FUTURE</code> nodes.
-		 * </p>
-		 */
-		public static final SecNode ANY = new SecNode(Type.Any, "any");
-
-		/**
-		 * Indicates a variable in the triple.
-		 * <p>
-		 * </p>
-		 * This differs from <code>ANY</code> in that the system is asking if
-		 * there are any prohibitions not if the user may perform. Thus queries
-		 * with the VARIABLE type node should return <code>true</code> where
-		 * <code>ANY</code> returns <code>false</code>. In general this type is
-		 * used in the query to determine if triple level filtering of results
-		 * must be performed.
-		 * <p>
-		 * </p>
-		 * <p>
-		 * <dl>
-		 * <dt><code>(VARIABLE, X, Y )</code></dt>
-		 * <dd>
-		 * Asks if there are any prohibitions against the user seeing all
-		 * subjects that have property X and object Y.</dd>
-		 * <dt>
-		 * <code>(X, VARIABLE, Y )</code></dt>
-		 * <dd>
-		 * Asks if there are any prohibitions against the user seeing all
-		 * predicates that have subject X and object Y.</dd>
-		 * <dt>
-		 * <code>(X, Y, VARIABLE)</code></dt>
-		 * <dd>
-		 * Asks if there are any prohibitions against the user seeing all
-		 * objects that have subject X and predicate Y.</dd>
-		 * </dl>
-		 * The <code>VARIABLE</code> may occur multiple times and may occur with
-		 * the <code>ANY</code> node.
-		 * </p>
-		 * 
-		 */
-		public static final SecNode VARIABLE = new SecNode(Type.Any, "variable");
-
-		/**
-		 * This is an anonymous node that will be created in the future.
-		 * <p>
-		 * FUTURE is used to check that an anonymous node may be created in as
-		 * specific position in a triple.
-		 * </p>
-		 * <p>
-		 * <dl>
-		 * <dt><code>(FUTURE, X, Y )</code></dt>
-		 * <dd>
-		 * Asks if there the user may create an anonymous node that has property
-		 * X and object Y.</dd>
-		 * <dt>
-		 * <code>(X, Y, FUTURE)</code></dt>
-		 * <dd>
-		 * Asks if there the user may create an anonymous node that has subject
-		 * X and property Y.</dd>
-		 * </dl>
-		 * The <code>FUTURE</code> may occur multiple times and may occur with
-		 * the <code>ANY</code> node.
-		 * </p>
-		 */
-		public static final SecNode FUTURE = new SecNode(Type.Anonymous, "");
-
-		private final Type type;
-		private final String value;
-		private Integer hashCode;
-
-		/**
-		 * Create a SecNode of the type and value.
-		 * 
-		 * @param type
-		 *            The type of the node
-		 * @param value
-		 *            The value of the node. A null is interpreted as an empty
-		 *            string.
-		 */
-		public SecNode(final Type type, final String value) {
-			this.type = type;
-			this.value = value == null ? "" : value;
-		}
-
-		@Override
-		public int compareTo(final SecNode node) {
-			final int retval = type.compareTo(node.type);
-			return retval == 0 ? value.compareTo(node.value) : retval;
-		}
-
-		@Override
-		public boolean equals(final Object o) {
-			if (o instanceof SecNode) {
-				return this.compareTo((SecNode) o) == 0;
-			}
-			return false;
-		}
-
-		/**
-		 * Get the type of the node.
-		 * 
-		 * @return The type of the node.
-		 */
-		public Type getType() {
-			return type;
-		}
-
-		/**
-		 * Get the value of the node.
-		 * 
-		 * @return the value of the node
-		 */
-		public String getValue() {
-			return value;
-		}
-
-		@Override
-		public int hashCode() {
-			if (hashCode == null) {
-				hashCode = new HashCodeBuilder().append(type).append(value)
-						.toHashCode();
-			}
-			return hashCode;
-		}
-
-		@Override
-		public String toString() {
-			return String.format("[%s:%s]", getType(), getValue());
-		}
-	}
-
-	/**
-	 * An immutable triple of SecNodes.
-	 */
-	public static class SecTriple implements Comparable<SecTriple> {
-		private final SecNode subject;
-		private final SecNode predicate;
-		private final SecNode object;
-		private transient Integer hashCode;
-
-		/**
-		 * The triple of <code>(ANY, ANY, ANY)</code>.
-		 */
-		public static final SecTriple ANY = new SecTriple(SecNode.ANY,
-				SecNode.ANY, SecNode.ANY);
-
-		/**
-		 * Create the sec triple
-		 * 
-		 * @param subject
-		 *            The subject node.
-		 * @param predicate
-		 *            The predicate node.
-		 * @param object
-		 *            The object node.
-		 * @throws IllegalArgumentException
-		 *             is any value is null.
-		 */
-		public SecTriple(final SecNode subject, final SecNode predicate,
-				final SecNode object) {
-			if (subject == null) {
-				throw new IllegalArgumentException("Subject may not be null");
-			}
-			if (predicate == null) {
-				throw new IllegalArgumentException("Predicate may not be null");
-			}
-			if (object == null) {
-				throw new IllegalArgumentException("Object may not be null");
-			}
-			this.subject = subject;
-			this.predicate = predicate;
-			this.object = object;
-		}
-
-		@Override
-		public int compareTo(final SecTriple o) {
-			if (o == null) {
-				return 1;
-			}
-			int retval = subject.compareTo(o.subject);
-			if (retval == 0) {
-				retval = predicate.compareTo(o.predicate);
-			}
-			return retval == 0 ? object.compareTo(o.object) : retval;
-		}
-
-		@Override
-		public boolean equals(final Object o) {
-			if (o instanceof SecTriple) {
-				return this.compareTo((SecTriple) o) == 0;
-			}
-			return false;
-		}
-
-		/**
-		 * @return the object node.
-		 */
-		public SecNode getObject() {
-			return object;
-		}
-
-		/**
-		 * @return the predicate node.
-		 */
-		public SecNode getPredicate() {
-			return predicate;
-		}
-
-		/**
-		 * @return the subject node.
-		 */
-		public SecNode getSubject() {
-			return subject;
-		}
-
-		@Override
-		public int hashCode() {
-			if (hashCode == null) {
-				hashCode = new HashCodeBuilder().append(object)
-						.append(predicate).append(subject).toHashCode();
-			}
-			return hashCode;
-		}
-
-		@Override
-		public String toString() {
-			return String.format("( %s, %s, %s )", getSubject(),
-					getPredicate(), getObject());
-		}
-	}
-
-	/**
-	 * A collection of utility functions for the SecurityEvaluator
-	 * implementations.
-	 */
-	public static class Util {
-		/**
-		 * Return an array of actions as a set.
-		 * <p>
-		 * The order of the collection is preserved
-		 * </p>
-		 * 
-		 * @param actions
-		 *            The actions.
-		 * @return The set of actions.
-		 */
-		public static Set<Action> asSet(final Action[] actions) {
-			return Util.asSet(Arrays.asList(actions));
-		}
-
-		/**
-		 * Return a collection of actions as a set.
-		 * <p>
-		 * The order of the collection is preserved
-		 * </p>
-		 * 
-		 * @param actions
-		 *            The collection of actions.
-		 * @return The set of actions.
-		 */
-		public static Set<Action> asSet(final Collection<Action> actions) {
-			if (actions instanceof Set) {
-				return (Set<Action>) actions;
-			}
-			else {
-				return new LinkedHashSet<Action>(actions);
-			}
-		}
-	}
-
-	/**
-	 * Determine if the action is allowed on the graph.
-	 *
-	 * @param principal
-	 *            The principal that is attempting the action.
-	 *
-	 * @param action
-	 *            The action to perform
-	 * @param graphIRI
-	 *            The IRI of the graph to check
-	 * @return true if the action is allowed, false otherwise.
-	 */
-	public boolean evaluate(Object principal, Action action, SecNode graphIRI);
-
-	/**
-	 * Determine if the action is allowed on the triple within the graph.
-	 * <p>
-	 * The evaluation should be performed in the following order:
-	 * <ol>
-	 * <li>
-	 * If the triple contains a <code>VARIABLE</code> then this method must
-	 * return <code>true</code> if there are any restrictions where the
-	 * remaining nodes are either constants or <code>ANY</code> nodes. This will
-	 * force the system to use subsequent checks to verify access by
-	 * substituting the value of the <code>VARIABLE</code>s.
-	 * <em>If the system can not quickly verify the solution
-	 * it is always acceptable to return <code>true</code>.</em>
-	 * <li>
-	 * Except as specified in the above check, if the triple contains an
-	 * <code>ANY</code> then this method must return <code>false</code> if there
-	 * are any restrictions where the remaining nodes are held constant and the
-	 * ANY node is allowed to vary. This checks is used to avoid subsequent
-	 * explicit triple checks.
-	 * <em>If the system can not quickly verify the solution it is always
-	 * acceptable to return <code>false</code>.</em></li>
-	 * <li>All other triples are explict triples and the system must determine
-	 * if the user is permitted to perform the action on the triple. If the
-	 * triple contains a <code>FUTURE</code> node that node should be considered
-	 * as an anonymous or blank node that is not yet created. It should only be
-	 * used with <code>Create</code> actions and is asking if the user may
-	 * create a blank node in that position in the triple.</li>
-	 * </ol>
-	 * </p>
-	 *
-	 * @param principal
-	 *            The principal that is attempting the action.
-	 *
-	 * @param action
-	 *            The action to perform
-	 * @param graphIRI
-	 *            The IRI of the graph to the action is being taken upon. May be
-	 *            <code>ANY</code>.
-	 * @param triple
-	 *            The triple to check
-	 * @return true if the action is allowed, false otherwise.
-	 * @throws IllegalArgumentException
-	 *             if any argument is null.
-	 */
-	public boolean evaluate(Object principal, Action action, SecNode graphIRI,
-			SecTriple triple);
-
-	/**
-	 * Determine if all actions are allowed on the graph.
-	 *
-	 * @param principal
-	 *            The principal that is attempting the action.
-	 *
-	 * @param actions
-	 *            The set of actions to perform
-	 * @param graphIRI
-	 *            The IRI of the graph to the action is being taken upon. May be
-	 *            <code>ANY</code>.
-	 * @return true if all the actions are allowed, false otherwise.
-	 * @throws IllegalArgumentException
-	 *             if any argument is null.
-	 */
-	public boolean evaluate(Object principal, Set<Action> actions,
-			SecNode graphIRI);
-
-	/**
-	 * Determine if all the actions are allowed on the triple within the graph.
-	 * <p>
-	 * See evaluate( Action, SecNode, SecTriple ) for discussion of evaluation
-	 * strategy.
-	 * </p>
-	 * 
-	 * @param actions
-	 *            The actions to perform.
-	 * @param graphIRI
-	 *            The IRI of the graph to the action is being taken upon. May be
-	 *            <code>ANY</code>.
-	 * @param triple
-	 *            The triple to check
-	 * @return true if all the actions are allowed, false otherwise.
-	 * @throws IllegalArgumentException
-	 *             if any argument is null.
-	 */
-	public boolean evaluate(Object principal, Set<Action> actions,
-			SecNode graphIRI, SecTriple triple);
-
-	/**
-	 * Determine if any of the actions are allowed on the graph.
-	 *
-	 * @param principal
-	 *            The principal that is attempting the action.
-	 *
-	 * @param actions
-	 *            The actions to perform
-	 * @param graphIRI
-	 *            The IRI of the graph to the action is being taken upon. May be
-	 *            <code>ANY</code>.
-	 * @return true true if any the actions are allowed, false otherwise.
-	 * @throws IllegalArgumentException
-	 *             if any argument is null.
-	 */
-	public boolean evaluateAny(Object principal, Set<Action> actions,
-			SecNode graphIRI);
-
-	/**
-	 * Determine if any of the actions are allowed on the triple within the
-	 * graph.
-	 * <p>
-	 * See evaluate( Action, SecNode, SecTriple ) for discussion of evaluation
-	 * strategy.
-	 * </p>
-	 *
-	 * @param principal
-	 *            The principal that is attempting the action.
-	 *
-	 * @param actions
-	 *            The actions to check.
-	 * @param graphIRI
-	 *            The IRI of the graph to the action is being taken upon. May be
-	 *            <code>ANY</code>.
-	 * @param triple
-	 *            The triple to check
-	 * @return true if any the actions are allowed, false otherwise.
-	 * @throws IllegalArgumentException
-	 *             if any argument is null.
-	 */
-	public boolean evaluateAny(Object principal, Set<Action> actions,
-			SecNode graphIRI, SecTriple triple);
-
-	/**
-	 * Determine if the user is allowed to update the "from" triple to the "to"
-	 * triple.
-	 * <p>
-	 * Update is a special case since it modifies one triple to be another. So
-	 * the user must have permissions to change the "from" triple into the "to"
-	 * triple.
-	 *
-	 * @param principal
-	 *            The principal that is attempting the action.
-	 * @param graphIRI
-	 *            The IRI of the graph to the action is being taken upon. May be
-	 *            <code>ANY</code>.
-	 * @param from
-	 *            The triple to be changed
-	 * @param to
-	 *            The value to change it to.
-	 * @return true if the user may make the change, false otherwise.
-	 * @throws IllegalArgumentException
-	 *             if any argument is null.
-	 */
-	public boolean evaluateUpdate(Object principal, SecNode graphIRI,
-			SecTriple from, SecTriple to);
-
-	/**
-	 * returns the current principal or null if there is no current principal.
-	 *
-	 * All security evaluation methods use this method to determine who the call
-	 * is being executed as. This allows subsystems (like the listener system)
-	 * to capture the current user and evaluate later calls in terms of that
-	 * user.
-	 *
-	 * @return The current principal
-	 */
-	public Object getPrincipal();
-}


Mime
View raw message