jena-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From a...@apache.org
Subject [14/24] jena git commit: Module jena-seurity becomes jena-permissions
Date Fri, 24 Apr 2015 12:20:12 GMT
http://git-wip-us.apache.org/repos/asf/jena/blob/b712fb28/jena-permissions/src/test/java/org/apache/jena/security/model/SecuredModelTest.java
----------------------------------------------------------------------
diff --git a/jena-permissions/src/test/java/org/apache/jena/security/model/SecuredModelTest.java b/jena-permissions/src/test/java/org/apache/jena/security/model/SecuredModelTest.java
new file mode 100644
index 0000000..0e251d7
--- /dev/null
+++ b/jena-permissions/src/test/java/org/apache/jena/security/model/SecuredModelTest.java
@@ -0,0 +1,2034 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ * 
+ * http://www.apache.org/licenses/LICENSE-2.0
+ * 
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.jena.security.model;
+
+import java.io.* ;
+import java.net.URL ;
+import java.util.ArrayList ;
+import java.util.List ;
+import java.util.Set ;
+
+import org.apache.jena.datatypes.xsd.XSDDatatype ;
+import org.apache.jena.graph.Graph ;
+import org.apache.jena.graph.NodeFactory ;
+import org.apache.jena.graph.Triple ;
+import org.apache.jena.rdf.model.* ;
+import org.apache.jena.security.* ;
+import org.apache.jena.security.SecurityEvaluator.Action ;
+import org.apache.jena.security.graph.SecuredGraph ;
+import org.apache.jena.security.graph.SecuredPrefixMappingTest ;
+import org.junit.Assert ;
+import org.junit.Before ;
+import org.junit.Test ;
+import org.junit.runner.RunWith ;
+
+@RunWith( value = SecurityEvaluatorParameters.class )
+public class SecuredModelTest
+{
+	protected final MockSecurityEvaluator securityEvaluator;
+	protected SecuredModel securedModel;
+	protected Model baseModel;
+	protected Resource s;
+	protected Property p;
+	protected Resource o;
+
+	public SecuredModelTest( final MockSecurityEvaluator securityEvaluator )
+	{
+		this.securityEvaluator = securityEvaluator;
+	}
+
+	/**
+	 * create an unsecured securedModel.
+	 * 
+	 * @return
+	 */
+	protected Model createModel()
+	{
+		return ModelFactory.createDefaultModel();
+	}
+
+	@Before
+	public void setup()
+	{
+		baseModel = createModel();
+		baseModel.removeAll();
+		securedModel = Factory.getInstance(securityEvaluator,
+				"http://example.com/securedGraph", baseModel);
+		s = ResourceFactory.createResource("http://example.com/graph/s");
+		p = ResourceFactory.createProperty("http://example.com/graph/p");
+		o = ResourceFactory.createResource("http://example.com/graph/o");
+		baseModel.add(s, p, o);
+	}
+
+	@Test
+	public void testAdd() throws Exception
+	{
+		final List<Statement> stmt = baseModel.listStatements().toList();
+		final Set<Action> createAndUpdate = SecurityEvaluator.Util
+				.asSet(new Action[] { Action.Update, Action.Create });
+		try
+		{
+			securedModel.add(stmt);
+			if (!securityEvaluator.evaluate(createAndUpdate))
+			{
+				Assert.fail("Should have thrown AccessDenied Exception");
+			}
+		}
+		catch (final AccessDeniedException e)
+		{
+			if (securityEvaluator.evaluate(createAndUpdate))
+			{
+				Assert.fail(String
+						.format("Should not have thrown AccessDenied Exception: %s - %s",
+								e, e.getTriple()));
+			}
+		}
+		try
+		{
+			securedModel.add(baseModel);
+			if (!securityEvaluator.evaluate(createAndUpdate))
+			{
+				Assert.fail("Should have thrown AccessDenied Exception");
+			}
+		}
+		catch (final AccessDeniedException e)
+		{
+			if (securityEvaluator.evaluate(createAndUpdate))
+			{
+				Assert.fail(String
+						.format("Should not have thrown AccessDenied Exception: %s - %s",
+								e, e.getTriple()));
+			}
+		}
+		try
+		{
+			securedModel.add(stmt.get(0));
+			if (!securityEvaluator.evaluate(createAndUpdate))
+			{
+				Assert.fail("Should have thrown AccessDenied Exception");
+			}
+		}
+		catch (final AccessDeniedException e)
+		{
+			if (securityEvaluator.evaluate(createAndUpdate))
+			{
+				Assert.fail(String
+						.format("Should not have thrown AccessDenied Exception: %s - %s",
+								e, e.getTriple()));
+			}
+		}
+		try
+		{
+
+			securedModel.add(stmt.toArray(new Statement[stmt.size()]));
+			if (!securityEvaluator.evaluate(createAndUpdate))
+			{
+				Assert.fail("Should have thrown AccessDenied Exception");
+			}
+		}
+		catch (final AccessDeniedException e)
+		{
+			if (securityEvaluator.evaluate(createAndUpdate))
+			{
+				Assert.fail(String
+						.format("Should not have thrown AccessDenied Exception: %s - %s",
+								e, e.getTriple()));
+			}
+		}
+		try
+		{
+			securedModel.add(baseModel.listStatements());
+			if (!securityEvaluator.evaluate(createAndUpdate))
+			{
+				Assert.fail("Should have thrown AccessDenied Exception");
+			}
+		}
+		catch (final AccessDeniedException e)
+		{
+			if (securityEvaluator.evaluate(createAndUpdate))
+			{
+				Assert.fail(String
+						.format("Should not have thrown AccessDenied Exception: %s - %s",
+								e, e.getTriple()));
+			}
+		}
+		try
+		{
+			securedModel.add(baseModel);
+			if (!securityEvaluator.evaluate(createAndUpdate))
+			{
+				Assert.fail("Should have thrown AccessDenied Exception");
+			}
+		}
+		catch (final AccessDeniedException e)
+		{
+			if (securityEvaluator.evaluate(createAndUpdate))
+			{
+				Assert.fail(String
+						.format("Should not have thrown AccessDenied Exception: %s - %s",
+								e, e.getTriple()));
+			}
+		}
+		try
+		{
+			securedModel.add(s, p, o);
+			if (!securityEvaluator.evaluate(createAndUpdate))
+			{
+				Assert.fail("Should have thrown AccessDenied Exception");
+			}
+		}
+		catch (final AccessDeniedException e)
+		{
+			if (securityEvaluator.evaluate(createAndUpdate))
+			{
+				Assert.fail(String
+						.format("Should not have thrown AccessDenied Exception: %s - %s",
+								e, e.getTriple()));
+			}
+		}
+		try
+		{
+			securedModel.add(s, p, "foo");
+			if (!securityEvaluator.evaluate(createAndUpdate))
+			{
+				Assert.fail("Should have thrown AccessDenied Exception");
+			}
+		}
+		catch (final AccessDeniedException e)
+		{
+			if (securityEvaluator.evaluate(createAndUpdate))
+			{
+				Assert.fail(String
+						.format("Should not have thrown AccessDenied Exception: %s - %s",
+								e, e.getTriple()));
+			}
+		}
+		try
+		{
+			securedModel.add(s, p, "foo", false);
+			if (!securityEvaluator.evaluate(createAndUpdate))
+			{
+				Assert.fail("Should have thrown AccessDenied Exception");
+			}
+		}
+		catch (final AccessDeniedException e)
+		{
+			if (securityEvaluator.evaluate(createAndUpdate))
+			{
+				Assert.fail(String
+						.format("Should not have thrown AccessDenied Exception: %s - %s",
+								e, e.getTriple()));
+			}
+		}
+		try
+		{
+			securedModel.add(s, p, "foo", XSDDatatype.XSDstring);
+			if (!securityEvaluator.evaluate(createAndUpdate))
+			{
+				Assert.fail("Should have thrown AccessDenied Exception");
+			}
+		}
+		catch (final AccessDeniedException e)
+		{
+			if (securityEvaluator.evaluate(createAndUpdate))
+			{
+				Assert.fail(String
+						.format("Should not have thrown AccessDenied Exception: %s - %s",
+								e, e.getTriple()));
+			}
+		}
+		try
+		{
+			securedModel.add(s, p, "foo", "en");
+			if (!securityEvaluator.evaluate(createAndUpdate))
+			{
+				Assert.fail("Should have thrown AccessDenied Exception");
+			}
+		}
+		catch (final AccessDeniedException e)
+		{
+			if (securityEvaluator.evaluate(createAndUpdate))
+			{
+				Assert.fail(String
+						.format("Should not have thrown AccessDenied Exception: %s - %s",
+								e, e.getTriple()));
+			}
+		}
+
+	}
+
+	@Test
+	public void testAnonymousInModel()
+	{
+		// test anonymous
+		final RDFNode rdfNode = ResourceFactory.createResource();
+		final RDFNode rdfNode2 = rdfNode.inModel(securedModel);
+		Assert.assertEquals(
+				"Should have placed RDFNode in secured securedModel",
+				securedModel, rdfNode2.getModel());
+	}
+
+	@Test
+	public void testAsRDFNode() throws Exception
+	{
+		securedModel.asRDFNode(NodeFactory.createURI("http://example.com/rdfNode"));
+	}
+
+	@Test
+	public void testAsStatement()
+	{
+		final Triple t = new Triple(s.asNode(), p.asNode(), o.asNode());
+		try
+		{
+			securedModel.asStatement(t);
+			if (!securityEvaluator.evaluate(Action.Read))
+			{
+				Assert.fail("Should have thrown AccessDenied Exception");
+			}
+		}
+		catch (final AccessDeniedException e)
+		{
+			if (securityEvaluator.evaluate(Action.Read))
+			{
+				Assert.fail(String
+						.format("Should not have thrown AccessDenied Exception: %s - %s",
+								e, e.getTriple()));
+			}
+		}
+	}
+
+	@Test
+	public void testContains() throws Exception
+	{
+		final Statement stmt = baseModel.listStatements().next();
+		try
+		{
+			securedModel.contains(stmt);
+			if (!securityEvaluator.evaluate(Action.Read))
+			{
+				Assert.fail("Should have thrown AccessDenied Exception");
+			}
+		}
+		catch (final AccessDeniedException e)
+		{
+			if (securityEvaluator.evaluate(Action.Read))
+			{
+				Assert.fail(String
+						.format("Should not have thrown AccessDenied Exception: %s - %s",
+								e, e.getTriple()));
+			}
+		}
+
+		try
+		{
+			securedModel.contains(s, p);
+			if (!securityEvaluator.evaluate(Action.Read))
+			{
+				Assert.fail("Should have thrown AccessDenied Exception");
+			}
+		}
+		catch (final AccessDeniedException e)
+		{
+			if (securityEvaluator.evaluate(Action.Read))
+			{
+				Assert.fail(String
+						.format("Should not have thrown AccessDenied Exception: %s - %s",
+								e, e.getTriple()));
+			}
+		}
+		try
+		{
+			securedModel.contains(s, p, o);
+			if (!securityEvaluator.evaluate(Action.Read))
+			{
+				Assert.fail("Should have thrown AccessDenied Exception");
+			}
+		}
+		catch (final AccessDeniedException e)
+		{
+			if (securityEvaluator.evaluate(Action.Read))
+			{
+				Assert.fail(String
+						.format("Should not have thrown AccessDenied Exception: %s - %s",
+								e, e.getTriple()));
+			}
+		}
+		try
+		{
+			securedModel.contains(s, p, "foo");
+			if (!securityEvaluator.evaluate(Action.Read))
+			{
+				Assert.fail("Should have thrown AccessDenied Exception");
+			}
+		}
+		catch (final AccessDeniedException e)
+		{
+			if (securityEvaluator.evaluate(Action.Read))
+			{
+				Assert.fail(String
+						.format("Should not have thrown AccessDenied Exception: %s - %s",
+								e, e.getTriple()));
+			}
+		}
+		try
+		{
+			securedModel.contains(s, p, "foo", "en");
+			if (!securityEvaluator.evaluate(Action.Read))
+			{
+				Assert.fail("Should have thrown AccessDenied Exception");
+			}
+		}
+		catch (final AccessDeniedException e)
+		{
+			if (securityEvaluator.evaluate(Action.Read))
+			{
+				Assert.fail(String
+						.format("Should not have thrown AccessDenied Exception: %s - %s",
+								e, e.getTriple()));
+			}
+		}
+
+	}
+
+	@Test
+	public void testContainsAll() throws Exception
+	{
+		try
+		{
+			securedModel.containsAll(baseModel);
+			if (!securityEvaluator.evaluate(Action.Read))
+			{
+				Assert.fail("Should have thrown AccessDenied Exception");
+			}
+		}
+		catch (final AccessDeniedException e)
+		{
+			if (securityEvaluator.evaluate(Action.Read))
+			{
+				Assert.fail(String
+						.format("Should not have thrown AccessDenied Exception: %s - %s",
+								e, e.getTriple()));
+			}
+		}
+		try
+		{
+			securedModel.containsAll(baseModel.listStatements());
+			if (!securityEvaluator.evaluate(Action.Read))
+			{
+				Assert.fail("Should have thrown AccessDenied Exception");
+			}
+		}
+		catch (final AccessDeniedException e)
+		{
+			if (securityEvaluator.evaluate(Action.Read))
+			{
+				Assert.fail(String
+						.format("Should not have thrown AccessDenied Exception: %s - %s",
+								e, e.getTriple()));
+			}
+		}
+	}
+
+	@Test
+	public void testCreateAlt() throws Exception
+	{
+		final Set<Action> CU = SecurityEvaluator.Util.asSet(new Action[] {
+				Action.Create, Action.Update });
+		try
+		{
+			securedModel.createAlt();
+			if (!securityEvaluator.evaluate(CU))
+			{
+				Assert.fail("Should have thrown AccessDenied Exception");
+			}
+		}
+		catch (final AccessDeniedException e)
+		{
+			if (securityEvaluator.evaluate(CU))
+			{
+				Assert.fail(String
+						.format("Should not have thrown AccessDenied Exception: %s - %s",
+								e, e.getTriple()));
+			}
+		}
+		try
+		{
+			securedModel.createAlt("foo");
+			if (!securityEvaluator.evaluate(CU))
+			{
+				Assert.fail("Should have thrown AccessDenied Exception");
+			}
+		}
+		catch (final AccessDeniedException e)
+		{
+			if (securityEvaluator.evaluate(CU))
+			{
+				Assert.fail(String
+						.format("Should not have thrown AccessDenied Exception: %s - %s",
+								e, e.getTriple()));
+			}
+		}
+	}
+
+	@Test
+	public void testCreateBag() throws Exception
+	{
+		final Set<Action> CU = SecurityEvaluator.Util.asSet(new Action[] {
+				Action.Create, Action.Update });
+		try
+		{
+			securedModel.createBag();
+			if (!securityEvaluator.evaluate(CU))
+			{
+				Assert.fail("Should have thrown AccessDenied Exception");
+			}
+		}
+		catch (final AccessDeniedException e)
+		{
+			if (securityEvaluator.evaluate(CU))
+			{
+				Assert.fail(String
+						.format("Should not have thrown AccessDenied Exception: %s - %s",
+								e, e.getTriple()));
+			}
+		}
+		try
+		{
+			securedModel.createBag("foo");
+			if (!securityEvaluator.evaluate(CU))
+			{
+				Assert.fail("Should have thrown AccessDenied Exception");
+			}
+		}
+		catch (final AccessDeniedException e)
+		{
+			if (securityEvaluator.evaluate(CU))
+			{
+				Assert.fail(String
+						.format("Should not have thrown AccessDenied Exception: %s - %s",
+								e, e.getTriple()));
+			}
+		}
+	}
+
+	@Test
+	public void testCreateList() throws Exception
+	{
+		final Set<Action> CU = SecurityEvaluator.Util.asSet(new Action[] {
+				Action.Update, Action.Create });
+
+		final List<RDFNode> nodeList = new ArrayList<RDFNode>();
+		try
+		{
+			securedModel.createList();
+			if (!securityEvaluator.evaluate(Action.Update))
+			{
+				Assert.fail("Should have thrown AccessDenied Exception");
+			}
+		}
+		catch (final AccessDeniedException e)
+		{
+			if (securityEvaluator.evaluate(Action.Update))
+			{
+				Assert.fail(String
+						.format("Should not have thrown AccessDenied Exception: %s - %s",
+								e, e.getTriple()));
+			}
+		}
+		baseModel.removeAll();
+
+		try
+		{
+			securedModel.createList(nodeList.iterator());
+			if (!securityEvaluator.evaluate(CU))
+			{
+				Assert.fail("Should have thrown AccessDenied Exception");
+			}
+		}
+		catch (final AccessDeniedException e)
+		{
+			if (securityEvaluator.evaluate(CU))
+			{
+				Assert.fail(String
+						.format("Should not have thrown AccessDenied Exception: %s - %s",
+								e, e.getTriple()));
+			}
+		}
+		baseModel.removeAll();
+
+		try
+		{
+			final RDFNode[] list = new RDFNode[] {
+					ResourceFactory.createResource(),
+					ResourceFactory.createResource(),
+					ResourceFactory.createResource(),
+					ResourceFactory.createResource(), };
+
+			securedModel.createList(list);
+			if (!securityEvaluator.evaluate(CU))
+			{
+				Assert.fail("Should have thrown AccessDenied Exception");
+			}
+		}
+		catch (final AccessDeniedException e)
+		{
+			if (securityEvaluator.evaluate(CU))
+			{
+				Assert.fail(String
+						.format("Should not have thrown AccessDenied Exception: %s - %s",
+								e, e.getTriple()));
+			}
+		}
+		baseModel.removeAll();
+
+	}
+
+	@Test
+	public void testCreateLiteral() throws Exception
+	{
+		securedModel.createLiteral("foo");
+		securedModel.createLiteral("foo", false);
+	}
+
+	@Test
+	public void testCreateLiteralBoolean() throws Exception
+	{
+		final Set<Action> CU = SecurityEvaluator.Util.asSet(new Action[] {
+				Action.Create, Action.Update });
+
+		try
+		{
+			securedModel.createLiteralStatement(s, p, true);
+			if (!securityEvaluator.evaluate(CU))
+			{
+				Assert.fail("Should have thrown AccessDenied Exception");
+			}
+		}
+		catch (final AccessDeniedException e)
+		{
+			if (securityEvaluator.evaluate(CU))
+			{
+				Assert.fail(String
+						.format("Should not have thrown AccessDenied Exception: %s - %s",
+								e, e.getTriple()));
+			}
+		}
+	}
+
+	@Test
+	public void testCreateLiteralChar() throws Exception
+	{
+		final Set<Action> CU = SecurityEvaluator.Util.asSet(new Action[] {
+				Action.Create, Action.Update });
+		try
+		{
+			securedModel.createLiteralStatement(s, p, 'a');
+			if (!securityEvaluator.evaluate(CU))
+			{
+				Assert.fail("Should have thrown AccessDenied Exception");
+			}
+		}
+		catch (final AccessDeniedException e)
+		{
+			if (securityEvaluator.evaluate(CU))
+			{
+				Assert.fail(String
+						.format("Should not have thrown AccessDenied Exception: %s - %s",
+								e, e.getTriple()));
+			}
+		}
+	}
+
+	@Test
+	public void testCreateLiteralDouble() throws Exception
+	{
+		final Set<Action> CU = SecurityEvaluator.Util.asSet(new Action[] {
+				Action.Create, Action.Update });
+
+		try
+		{
+			securedModel.createLiteralStatement(s, p, 1.0d);
+			if (!securityEvaluator.evaluate(CU))
+			{
+				Assert.fail("Should have thrown AccessDenied Exception");
+			}
+		}
+		catch (final AccessDeniedException e)
+		{
+			if (securityEvaluator.evaluate(CU))
+			{
+				Assert.fail(String
+						.format("Should not have thrown AccessDenied Exception: %s - %s",
+								e, e.getTriple()));
+			}
+		}
+	}
+
+	@Test
+	public void testCreateLiteralFloat() throws Exception
+	{
+		final Set<Action> CU = SecurityEvaluator.Util.asSet(new Action[] {
+				Action.Create, Action.Update });
+
+		try
+		{
+			securedModel.createLiteralStatement(s, p, 1.0f);
+			if (!securityEvaluator.evaluate(CU))
+			{
+				Assert.fail("Should have thrown AccessDenied Exception");
+			}
+		}
+		catch (final AccessDeniedException e)
+		{
+			if (securityEvaluator.evaluate(CU))
+			{
+				Assert.fail(String
+						.format("Should not have thrown AccessDenied Exception: %s - %s",
+								e, e.getTriple()));
+			}
+		}
+	}
+
+	@Test
+	public void testCreateLiteralInt() throws Exception
+	{
+		final Set<Action> CU = SecurityEvaluator.Util.asSet(new Action[] {
+				Action.Create, Action.Update });
+
+		try
+		{
+			securedModel.createLiteralStatement(s, p, 1);
+			if (!securityEvaluator.evaluate(CU))
+			{
+				Assert.fail("Should have thrown AccessDenied Exception");
+			}
+		}
+		catch (final AccessDeniedException e)
+		{
+			if (securityEvaluator.evaluate(CU))
+			{
+				Assert.fail(String
+						.format("Should not have thrown AccessDenied Exception: %s - %s",
+								e, e.getTriple()));
+			}
+		}
+
+	}
+
+	@Test
+	public void testCreateLiteralLong() throws Exception
+	{
+		final Set<Action> CU = SecurityEvaluator.Util.asSet(new Action[] {
+				Action.Create, Action.Update });
+
+		try
+		{
+			securedModel.createLiteralStatement(s, p, 1L);
+			if (!securityEvaluator.evaluate(CU))
+			{
+				Assert.fail("Should have thrown AccessDenied Exception");
+			}
+		}
+		catch (final AccessDeniedException e)
+		{
+			if (securityEvaluator.evaluate(CU))
+			{
+				Assert.fail(String
+						.format("Should not have thrown AccessDenied Exception: %s - %s",
+								e, e.getTriple()));
+			}
+		}
+	}
+
+	@Test
+	public void testCreateLiteralObject() throws Exception
+	{
+		final Set<Action> CU = SecurityEvaluator.Util.asSet(new Action[] {
+				Action.Create, Action.Update });
+
+		try
+		{
+			securedModel.createLiteralStatement(s, p, new URL( "http://example.com/testing/URIType"));
+			if (!securityEvaluator.evaluate(CU))
+			{
+				Assert.fail("Should have thrown AccessDenied Exception");
+			}
+		}
+		catch (final AccessDeniedException e)
+		{
+			if (securityEvaluator.evaluate(CU))
+			{
+				e.printStackTrace();
+				Assert.fail(String
+						.format("Should not have thrown AccessDenied Exception: %s - %s",
+								e, e.getTriple()));
+			}
+		}
+	}
+
+	@Test
+	public void testDifference() throws Exception
+	{
+		try
+		{
+			securedModel.difference(baseModel);
+			if (!securityEvaluator.evaluate(Action.Read))
+			{
+				Assert.fail("Should have thrown AccessDenied Exception");
+			}
+		}
+		catch (final AccessDeniedException e)
+		{
+			if (securityEvaluator.evaluate(Action.Read))
+			{
+				Assert.fail(String
+						.format("Should not have thrown AccessDenied Exception: %s - %s",
+								e, e.getTriple()));
+			}
+		}
+	}
+
+	@Test
+	public void testEquals() throws Exception
+	{
+		securedModel.equals(baseModel);
+		baseModel.equals(securedModel);
+	}
+
+	@Test
+	public void testExpandPrefix() throws Exception
+	{
+		try
+		{
+			securedModel.expandPrefix("foo");
+			if (!securityEvaluator.evaluate(Action.Read))
+			{
+				Assert.fail("Should have thrown AccessDenied Exception");
+			}
+		}
+		catch (final AccessDeniedException e)
+		{
+			if (securityEvaluator.evaluate(Action.Read))
+			{
+				Assert.fail(String
+						.format("Should not have thrown AccessDenied Exception: %s - %s",
+								e, e.getTriple()));
+			}
+		}
+	}
+
+	@Test
+	public void testGetAlt() throws Exception
+	{
+		final Resource a = baseModel
+				.createAlt("http://example.com/securedModel/alt");
+		try
+		{
+
+			securedModel.getAlt(a);
+			if (!securityEvaluator.evaluate(Action.Read))
+			{
+				Assert.fail("Should have thrown AccessDenied Exception");
+			}
+		}
+		catch (final AccessDeniedException e)
+		{
+			if (securityEvaluator.evaluate(Action.Read))
+			{
+				Assert.fail(String
+						.format("Should not have thrown AccessDenied Exception: %s - %s",
+								e, e.getTriple()));
+			}
+		}
+
+		try
+		{
+			securedModel.getAlt("http://example.com/securedModel/alt");
+			if (!securityEvaluator.evaluate(Action.Read))
+			{
+				Assert.fail("Should have thrown AccessDenied Exception");
+			}
+		}
+		catch (final AccessDeniedException e)
+		{
+			if (securityEvaluator.evaluate(Action.Read))
+			{
+				Assert.fail(String
+						.format("Should not have thrown AccessDenied Exception: %s - %s",
+								e, e.getTriple()));
+			}
+		}
+	}
+
+	@Test
+	public void testGetAnyReifiedStmt()
+	{
+		// first with create.
+		final Set<Action> UCR = SecurityEvaluator.Util.asSet(new Action[] {
+				Action.Update, Action.Create, Action.Read });
+		try
+		{
+			securedModel.getAnyReifiedStatement(baseModel.listStatements()
+					.next());
+			if (!securityEvaluator.evaluate(UCR))
+			{
+				Assert.fail("Should have thrown AccessDenied Exception");
+			}
+		}
+		catch (final AccessDeniedException e)
+		{
+			if (securityEvaluator.evaluate(UCR))
+			{
+				e.printStackTrace();
+				Assert.fail(String
+						.format("Should not have thrown AccessDenied Exception: %s - %s",
+								e, e.getTriple()));
+			}
+		}
+
+		final Statement st = baseModel.listStatements().next();
+		baseModel.createReifiedStatement(st);
+		// now it is there so try with read
+		try
+		{
+			securedModel.getAnyReifiedStatement(st);
+			if (!securityEvaluator.evaluate(Action.Read))
+			{
+				Assert.fail("Should have thrown AccessDenied Exception");
+			}
+		}
+		catch (final AccessDeniedException e)
+		{
+			if (securityEvaluator.evaluate(Action.Read))
+			{
+				Assert.fail(String
+						.format("Should not have thrown AccessDenied Exception: %s - %s",
+								e, e.getTriple()));
+			}
+		}
+	}
+
+	@Test
+	public void testGetBag()
+	{
+		final Resource b = baseModel
+				.createBag("http://example.com/securedModel/bag");
+		try
+		{
+			securedModel.getBag(b);
+			if (!securityEvaluator.evaluate(Action.Read))
+			{
+				Assert.fail("Should have thrown AccessDenied Exception");
+			}
+		}
+		catch (final AccessDeniedException e)
+		{
+			if (securityEvaluator.evaluate(Action.Read))
+			{
+				Assert.fail(String
+						.format("Should not have thrown AccessDenied Exception: %s - %s",
+								e, e.getTriple()));
+			}
+		}
+
+		try
+		{
+			securedModel.getBag("http://example.com/securedModel/bag");
+			if (!securityEvaluator.evaluate(Action.Read))
+			{
+				Assert.fail("Should have thrown AccessDenied Exception");
+			}
+		}
+		catch (final AccessDeniedException e)
+		{
+			if (securityEvaluator.evaluate(Action.Read))
+			{
+				Assert.fail(String
+						.format("Should not have thrown AccessDenied Exception: %s - %s",
+								e, e.getTriple()));
+			}
+		}
+	}
+
+	@Test
+	public void testGetGraph() throws Exception
+	{
+		final Graph g = securedModel.getGraph();
+		Assert.assertTrue(g instanceof SecuredGraph);
+		EqualityTester.testInequality("getGraph test", g, baseModel.getGraph());
+	}
+
+	@Test
+	public void testGetLock()
+	{
+		securedModel.getLock();
+	}
+
+	@Test
+	public void testGetProperty()
+	{
+
+		try
+		{
+			securedModel.getProperty("foo");
+			if (!securityEvaluator.evaluate(Action.Read))
+			{
+				Assert.fail("Should have thrown AccessDenied Exception");
+			}
+		}
+		catch (final AccessDeniedException e)
+		{
+			if (securityEvaluator.evaluate(Action.Read))
+			{
+				Assert.fail(String
+						.format("Should not have thrown AccessDenied Exception: %s - %s",
+								e, e.getTriple()));
+			}
+		}
+		try
+		{
+			securedModel.getProperty(s, p);
+			if (!securityEvaluator.evaluate(Action.Read))
+			{
+				Assert.fail("Should have thrown AccessDenied Exception");
+			}
+		}
+		catch (final AccessDeniedException e)
+		{
+			if (securityEvaluator.evaluate(Action.Read))
+			{
+				Assert.fail(String
+						.format("Should not have thrown AccessDenied Exception: %s - %s",
+								e, e.getTriple()));
+			}
+		}
+		try
+		{
+			securedModel.getProperty("fooNS", "foo");
+			if (!securityEvaluator.evaluate(Action.Read))
+			{
+				Assert.fail("Should have thrown AccessDenied Exception");
+			}
+		}
+		catch (final AccessDeniedException e)
+		{
+			if (securityEvaluator.evaluate(Action.Read))
+			{
+				Assert.fail(String
+						.format("Should not have thrown AccessDenied Exception: %s - %s",
+								e, e.getTriple()));
+			}
+		}
+	}
+
+	@Test
+	public void testGetQNameFor() throws Exception
+	{
+		try
+		{
+			securedModel.qnameFor("foo");
+			if (!securityEvaluator.evaluate(Action.Read))
+			{
+				Assert.fail("Should have thrown AccessDenied Exception");
+			}
+		}
+		catch (final AccessDeniedException e)
+		{
+			if (securityEvaluator.evaluate(Action.Read))
+			{
+				Assert.fail(String
+						.format("Should not have thrown AccessDenied Exception: %s - %s",
+								e, e.getTriple()));
+			}
+		}
+	}
+
+	@Test
+	public void testgetRDFNode()
+	{
+
+		try
+		{
+			securedModel.getRDFNode(NodeFactory.createURI("foo"));
+			if (!securityEvaluator.evaluate(Action.Update))
+			{
+				Assert.fail("Should have thrown AccessDenied Exception");
+			}
+		}
+		catch (final AccessDeniedException e)
+		{
+			if (securityEvaluator.evaluate(Action.Update))
+			{
+				Assert.fail(String
+						.format("Should not have thrown AccessDenied Exception: %s - %s",
+								e, e.getTriple()));
+			}
+		}
+	}
+
+	@Test
+	public void testGetReader()
+	{
+		securedModel.getReader();
+		securedModel.getReader("TURTLE");
+	}
+
+	@Test
+	public void testGetResource()
+	{
+		securedModel.getResource("foo");
+	}
+
+	@Test
+	public void testGetSeq()
+	{
+		final Resource s = baseModel
+				.createSeq("http://example.com/securedModel/seq");
+		try
+		{
+			securedModel.getSeq(s);
+			if (!securityEvaluator.evaluate(Action.Read))
+			{
+				Assert.fail("Should have thrown AccessDenied Exception");
+			}
+		}
+		catch (final AccessDeniedException e)
+		{
+			if (securityEvaluator.evaluate(Action.Read))
+			{
+				Assert.fail(String
+						.format("Should not have thrown AccessDenied Exception: %s - %s",
+								e, e.getTriple()));
+			}
+		}
+		try
+		{
+			securedModel.getSeq("http://example.com/securedModel/seq");
+			if (!securityEvaluator.evaluate(Action.Read))
+			{
+				Assert.fail("Should have thrown AccessDenied Exception");
+			}
+		}
+		catch (final AccessDeniedException e)
+		{
+			if (securityEvaluator.evaluate(Action.Read))
+			{
+				Assert.fail(String
+						.format("Should not have thrown AccessDenied Exception: %s - %s",
+								e, e.getTriple()));
+			}
+		}
+	}
+
+	@Test
+	public void testGetWriter()
+	{
+		securedModel.getWriter();
+		securedModel.getWriter("TURTLE");
+	}
+
+	@Test
+	public void testIndependent() throws Exception
+	{
+		Assert.assertFalse(securedModel.independent());
+	}
+
+	@Test
+	public void testIntersection() throws Exception
+	{
+		try
+		{
+			securedModel.intersection(baseModel);
+			if (!securityEvaluator.evaluate(Action.Read))
+			{
+				Assert.fail("Should have thrown AccessDenied Exception");
+			}
+		}
+		catch (final AccessDeniedException e)
+		{
+			if (securityEvaluator.evaluate(Action.Read))
+			{
+				Assert.fail(String
+						.format("Should not have thrown AccessDenied Exception: %s - %s",
+								e, e.getTriple()));
+			}
+		}
+	}
+
+	@Test
+	public void testIsClosed() throws Exception
+	{
+		securedModel.isClosed();
+	}
+
+	@Test
+	public void testIsEmpty() throws Exception
+	{
+		try
+		{
+			securedModel.isEmpty();
+			if (!securityEvaluator.evaluate(Action.Read))
+			{
+				Assert.fail("Should have thrown AccessDenied Exception");
+			}
+		}
+		catch (final AccessDeniedException e)
+		{
+			if (securityEvaluator.evaluate(Action.Read))
+			{
+				Assert.fail(String
+						.format("Should not have thrown AccessDenied Exception: %s - %s",
+								e, e.getTriple()));
+			}
+		}
+	}
+
+	@Test
+	public void testIsIsomorphicWith()
+	{
+		try
+		{
+			securedModel.isIsomorphicWith(baseModel);
+			if (!securityEvaluator.evaluate(Action.Read))
+			{
+				Assert.fail("Should have thrown AccessDenied Exception");
+			}
+		}
+		catch (final AccessDeniedException e)
+		{
+			if (securityEvaluator.evaluate(Action.Read))
+			{
+				Assert.fail(String
+						.format("Should not have thrown AccessDenied Exception: %s - %s",
+								e, e.getTriple()));
+			}
+		}
+
+		try
+		{
+			baseModel.isIsomorphicWith(securedModel);
+			if (!securityEvaluator.evaluate(Action.Read))
+			{
+				Assert.fail("Should have thrown AccessDenied Exception");
+			}
+		}
+		catch (final AccessDeniedException e)
+		{
+			if (securityEvaluator.evaluate(Action.Read))
+			{
+				Assert.fail(String
+						.format("Should not have thrown AccessDenied Exception: %s - %s",
+								e, e.getTriple()));
+			}
+		}
+	}
+
+	@Test
+	public void testIsReified()
+	{
+		try
+		{
+			securedModel.isReified(baseModel.listStatements().next());
+			if (!securityEvaluator.evaluate(Action.Read))
+			{
+				Assert.fail("Should have thrown AccessDenied Exception");
+			}
+		}
+		catch (final AccessDeniedException e)
+		{
+			if (securityEvaluator.evaluate(Action.Read))
+			{
+				Assert.fail(String
+						.format("Should not have thrown AccessDenied Exception: %s - %s",
+								e, e.getTriple()));
+			}
+		}
+
+	}
+
+	@Test
+	public void testListLiteralStatements() throws Exception
+	{
+		try
+		{
+			securedModel.listLiteralStatements(s, p, true);
+			if (!securityEvaluator.evaluate(Action.Read))
+			{
+				Assert.fail("Should have thrown AccessDenied Exception");
+			}
+		}
+		catch (final AccessDeniedException e)
+		{
+			if (securityEvaluator.evaluate(Action.Read))
+			{
+				Assert.fail(String
+						.format("Should not have thrown AccessDenied Exception: %s - %s",
+								e, e.getTriple()));
+			}
+		}
+		try
+		{
+			securedModel.listLiteralStatements(s, p, '0');
+			if (!securityEvaluator.evaluate(Action.Read))
+			{
+				Assert.fail("Should have thrown AccessDenied Exception");
+			}
+		}
+		catch (final AccessDeniedException e)
+		{
+			if (securityEvaluator.evaluate(Action.Read))
+			{
+				Assert.fail(String
+						.format("Should not have thrown AccessDenied Exception: %s - %s",
+								e, e.getTriple()));
+			}
+		}
+		try
+		{
+			securedModel.listLiteralStatements(s, p, 2.0d);
+			if (!securityEvaluator.evaluate(Action.Read))
+			{
+				Assert.fail("Should have thrown AccessDenied Exception");
+			}
+		}
+		catch (final AccessDeniedException e)
+		{
+			if (securityEvaluator.evaluate(Action.Read))
+			{
+				Assert.fail(String
+						.format("Should not have thrown AccessDenied Exception: %s - %s",
+								e, e.getTriple()));
+			}
+		}
+		try
+		{
+			securedModel.listLiteralStatements(s, p, 2.0f);
+			if (!securityEvaluator.evaluate(Action.Read))
+			{
+				Assert.fail("Should have thrown AccessDenied Exception");
+			}
+		}
+		catch (final AccessDeniedException e)
+		{
+			if (securityEvaluator.evaluate(Action.Read))
+			{
+				Assert.fail(String
+						.format("Should not have thrown AccessDenied Exception: %s - %s",
+								e, e.getTriple()));
+			}
+		}
+		try
+		{
+			securedModel.listLiteralStatements(s, p, 1);
+			if (!securityEvaluator.evaluate(Action.Read))
+			{
+				Assert.fail("Should have thrown AccessDenied Exception");
+			}
+		}
+		catch (final AccessDeniedException e)
+		{
+			if (securityEvaluator.evaluate(Action.Read))
+			{
+				Assert.fail(String
+						.format("Should not have thrown AccessDenied Exception: %s - %s",
+								e, e.getTriple()));
+			}
+		}
+	}
+
+	@Test
+	public void testLock() throws Exception
+	{
+		try
+		{
+			securedModel.lock();
+			if (!securityEvaluator.evaluate(Action.Update))
+			{
+				Assert.fail("Should have thrown AccessDenied Exception");
+			}
+		}
+		catch (final AccessDeniedException e)
+		{
+			if (securityEvaluator.evaluate(Action.Update))
+			{
+				Assert.fail(String
+						.format("Should not have thrown AccessDenied Exception: %s - %s",
+								e, e.getTriple()));
+			}
+		}
+	}
+
+	@Test
+	public void testPrefixMapping() throws Exception
+	{
+		SecuredPrefixMappingTest.runTests(securityEvaluator, securedModel);
+	}
+
+	@Test
+	public void testQuery() throws Exception
+	{
+		final Selector s = new SimpleSelector();
+		try
+		{
+			securedModel.query(s);
+			if (!securityEvaluator.evaluate(Action.Read))
+			{
+				Assert.fail("Should have thrown AccessDenied Exception");
+			}
+		}
+		catch (final AccessDeniedException e)
+		{
+			if (securityEvaluator.evaluate(Action.Read))
+			{
+				Assert.fail(String
+						.format("Should not have thrown AccessDenied Exception: %s - %s",
+								e, e.getTriple()));
+			}
+		}
+	}
+
+	@Test
+	public void testRDFNodeInModel()
+	{
+		// test uri
+		final RDFNode rdfNode = ResourceFactory
+				.createResource("http://exmple.com/testInModel");
+		final RDFNode rdfNode2 = rdfNode.inModel(securedModel);
+		Assert.assertEquals(
+				"Should have placed RDFNode in secured securedModel",
+				securedModel, rdfNode2.getModel());
+	}
+
+	@Test
+	public void testReadEmpty() throws Exception
+	{
+		final Set<Action> createAndUpdate = SecurityEvaluator.Util
+				.asSet(new Action[] { Action.Update, Action.Create });
+
+		final String XML_INPUT = "<rdf:RDF"
+				+ "   xmlns:rdf='http://www.w3.org/1999/02/22-rdf-syntax-ns#' "
+				+ "   xmlns:rt='http://example.com/readTest#' "
+				+ "   xmlns:j.0='http://example.com/readTest#3' > "
+				+ "  <rdf:Description rdf:about='http://example.com/readTest#1'> "
+				+ "    <rdf:type rdf:resource='http://example.com/readTest#3'/>"
+				+ "  </rdf:Description>" + "</rdf:RDF>";
+		final String TTL_INPUT = "@prefix rt: <http://example.com/readTest#> . rt:1 a rt:3 .";
+		final String base = "http://example.com/test";
+		final String lang = "TURTLE";
+		try
+		{
+			final URL url = SecuredModelTest.class.getResource("./test.xml");
+			securedModel.read(url.toString());
+			if (!securityEvaluator.evaluate(createAndUpdate))
+			{
+				Assert.fail("Should have thrown AccessDenied Exception");
+			}
+		}
+		catch (final AccessDeniedException e)
+		{
+			if (securityEvaluator.evaluate(createAndUpdate))
+			{
+				Assert.fail(String
+						.format("Should not have thrown AccessDenied Exception: %s - %s",
+								e, e.getTriple()));
+			}
+		}
+		finally
+		{
+			baseModel.removeAll();
+		}
+
+		try
+		{
+			final InputStream in = new ByteArrayInputStream(
+					XML_INPUT.getBytes());
+			securedModel.read(in, base);
+			if (!securityEvaluator.evaluate(createAndUpdate))
+			{
+				Assert.fail("Should have thrown AccessDenied Exception");
+			}
+		}
+		catch (final AccessDeniedException e)
+		{
+			if (securityEvaluator.evaluate(createAndUpdate))
+			{
+				Assert.fail(String
+						.format("Should not have thrown AccessDenied Exception: %s - %s",
+								e, e.getTriple()));
+			}
+		}
+		finally
+		{
+			baseModel.removeAll();
+		}
+
+		try
+		{
+			final Reader reader = new StringReader(XML_INPUT);
+			securedModel.read(reader, base);
+			if (!securityEvaluator.evaluate(createAndUpdate))
+			{
+				Assert.fail("Should have thrown AccessDenied Exception");
+			}
+		}
+		catch (final AccessDeniedException e)
+		{
+			if (securityEvaluator.evaluate(createAndUpdate))
+			{
+				Assert.fail(String
+						.format("Should not have thrown AccessDenied Exception: %s - %s",
+								e, e.getTriple()));
+			}
+		}
+		finally
+		{
+			baseModel.removeAll();
+		}
+
+		try
+		{
+			final URL url = SecuredModelTest.class.getResource("./test.ttl");
+			securedModel.read(url.toString(), lang);
+			if (!securityEvaluator.evaluate(createAndUpdate))
+			{
+				Assert.fail("Should have thrown AccessDenied Exception");
+			}
+		}
+		catch (final AccessDeniedException e)
+		{
+			if (securityEvaluator.evaluate(createAndUpdate))
+			{
+				Assert.fail(String
+						.format("Should not have thrown AccessDenied Exception: %s - %s",
+								e, e.getTriple()));
+			}
+		}
+		finally
+		{
+			baseModel.removeAll();
+		}
+
+		try
+		{
+			final InputStream in = new ByteArrayInputStream(
+					TTL_INPUT.getBytes());
+			securedModel.read(in, base, lang);
+			if (!securityEvaluator.evaluate(createAndUpdate))
+			{
+				Assert.fail("Should have thrown AccessDenied Exception");
+			}
+		}
+		catch (final AccessDeniedException e)
+		{
+			if (securityEvaluator.evaluate(createAndUpdate))
+			{
+				Assert.fail(String
+						.format("Should not have thrown AccessDenied Exception: %s - %s",
+								e, e.getTriple()));
+			}
+		}
+		finally
+		{
+			baseModel.removeAll();
+		}
+
+		try
+		{
+			final Reader reader = new StringReader(TTL_INPUT);
+			securedModel.read(reader, base, lang);
+			if (!securityEvaluator.evaluate(createAndUpdate))
+			{
+				Assert.fail("Should have thrown AccessDenied Exception");
+			}
+		}
+		catch (final AccessDeniedException e)
+		{
+			if (securityEvaluator.evaluate(createAndUpdate))
+			{
+				Assert.fail(String
+						.format("Should not have thrown AccessDenied Exception: %s - %s",
+								e, e.getTriple()));
+			}
+		}
+		finally
+		{
+			baseModel.removeAll();
+		}
+
+		try
+		{
+			final URL url = SecuredModelTest.class.getResource("./test.ttl");
+			securedModel.read(url.toString(), base, lang);
+			if (!securityEvaluator.evaluate(createAndUpdate))
+			{
+				Assert.fail("Should have thrown AccessDenied Exception");
+			}
+		}
+		catch (final AccessDeniedException e)
+		{
+			if (securityEvaluator.evaluate(createAndUpdate))
+			{
+				Assert.fail(String
+						.format("Should not have thrown AccessDenied Exception: %s - %s",
+								e, e.getTriple()));
+			}
+		}
+		finally
+		{
+			baseModel.removeAll();
+		}
+
+	}
+
+	@Test
+	public void testRemove() throws Exception
+	{
+		final Set<Action> DU = SecurityEvaluator.Util.asSet(new Action[] {
+				Action.Delete, Action.Update });
+
+		final List<Statement> stmt = baseModel.listStatements().toList();
+		try
+		{
+			securedModel.remove(baseModel.listStatements().toList());
+			if (!securityEvaluator.evaluate(DU))
+			{
+				Assert.fail("Should have thrown AccessDenied Exception");
+			}
+		}
+		catch (final AccessDeniedException e)
+		{
+			if (securityEvaluator.evaluate(DU))
+			{
+				Assert.fail(String
+						.format("Should not have thrown AccessDenied Exception: %s - %s",
+								e, e.getTriple()));
+			}
+		}
+
+		try
+		{
+			securedModel.remove(baseModel);
+			if (!securityEvaluator.evaluate(DU))
+			{
+				Assert.fail("Should have thrown AccessDenied Exception");
+			}
+		}
+		catch (final AccessDeniedException e)
+		{
+			if (securityEvaluator.evaluate(DU))
+			{
+				Assert.fail(String
+						.format("Should not have thrown AccessDenied Exception: %s - %s",
+								e, e.getTriple()));
+			}
+		}
+		try
+		{
+			securedModel.remove(stmt.get(0));
+			if (!securityEvaluator.evaluate(DU))
+			{
+				Assert.fail("Should have thrown AccessDenied Exception");
+			}
+		}
+		catch (final AccessDeniedException e)
+		{
+			if (securityEvaluator.evaluate(DU))
+			{
+				Assert.fail(String
+						.format("Should not have thrown AccessDenied Exception: %s - %s",
+								e, e.getTriple()));
+			}
+		}
+
+		try
+		{
+			securedModel.remove(stmt.toArray(new Statement[stmt.size()]));
+			if (!securityEvaluator.evaluate(DU))
+			{
+				Assert.fail("Should have thrown AccessDenied Exception");
+			}
+		}
+		catch (final AccessDeniedException e)
+		{
+			if (securityEvaluator.evaluate(DU))
+			{
+				Assert.fail(String
+						.format("Should not have thrown AccessDenied Exception: %s - %s",
+								e, e.getTriple()));
+			}
+		}
+
+		try
+		{
+			securedModel.remove(baseModel.listStatements());
+			if (!securityEvaluator.evaluate(DU))
+			{
+				Assert.fail("Should have thrown AccessDenied Exception");
+			}
+		}
+		catch (final AccessDeniedException e)
+		{
+			if (securityEvaluator.evaluate(DU))
+			{
+				Assert.fail(String
+						.format("Should not have thrown AccessDenied Exception: %s - %s",
+								e, e.getTriple()));
+			}
+		}
+
+		try
+		{
+			securedModel.remove(baseModel);
+			if (!securityEvaluator.evaluate(DU))
+			{
+				Assert.fail("Should have thrown AccessDenied Exception");
+			}
+		}
+		catch (final AccessDeniedException e)
+		{
+			if (securityEvaluator.evaluate(DU))
+			{
+				Assert.fail(String
+						.format("Should not have thrown AccessDenied Exception: %s - %s",
+								e, e.getTriple()));
+			}
+		}
+
+		try
+		{
+			securedModel.remove(s, p, o);
+			if (!securityEvaluator.evaluate(DU))
+			{
+				Assert.fail("Should have thrown AccessDenied Exception");
+			}
+		}
+		catch (final AccessDeniedException e)
+		{
+			if (securityEvaluator.evaluate(DU))
+			{
+				Assert.fail(String
+						.format("Should not have thrown AccessDenied Exception: %s - %s",
+								e, e.getTriple()));
+			}
+		}
+
+	}
+
+	@Test
+	public void testRemoveAll() throws Exception
+	{
+		final Set<Action> DU = SecurityEvaluator.Util.asSet(new Action[] {
+				Action.Delete, Action.Update });
+
+		try
+		{
+			securedModel.removeAll();
+			if (!securityEvaluator.evaluate(DU))
+			{
+				Assert.fail("Should have thrown AccessDenied Exception");
+			}
+		}
+		catch (final AccessDeniedException e)
+		{
+			if (securityEvaluator.evaluate(DU))
+			{
+				Assert.fail(String
+						.format("Should not have thrown AccessDenied Exception: %s - %s",
+								e, e.getTriple()));
+			}
+		}
+
+		// put some data back
+		baseModel.add(s, p, o);
+		try
+		{
+			securedModel.removeAll(s, p, o);
+			if (!securityEvaluator.evaluate(DU))
+			{
+				Assert.fail("Should have thrown AccessDenied Exception");
+			}
+		}
+		catch (final AccessDeniedException e)
+		{
+			if (securityEvaluator.evaluate(DU))
+			{
+				Assert.fail(String
+						.format("Should not have thrown AccessDenied Exception: %s - %s",
+								e, e.getTriple()));
+			}
+		}
+	}
+
+	@Test
+	public void testRemoveAllReifications()
+	{
+		final Set<Action> DU = SecurityEvaluator.Util.asSet(new Action[] {
+				Action.Delete, Action.Update });
+
+		final List<Statement> stmt = baseModel.listStatements().toList();
+		baseModel.createReifiedStatement(stmt.get(0));
+
+		try
+		{
+			securedModel.removeAllReifications(stmt.get(0));
+			if (!securityEvaluator.evaluate(DU))
+			{
+				Assert.fail("Should have thrown AccessDenied Exception");
+			}
+		}
+		catch (final AccessDeniedException e)
+		{
+			if (securityEvaluator.evaluate(DU))
+			{
+				Assert.fail(String
+						.format("Should not have thrown AccessDenied Exception: %s - %s",
+								e, e.getTriple()));
+			}
+		}
+	}
+
+	@Test
+	public void testRequiredProperty()
+	{
+
+		try
+		{
+			securedModel.getRequiredProperty(s, p);
+			if (!securityEvaluator.evaluate(Action.Read))
+			{
+				Assert.fail("Should have thrown AccessDenied Exception");
+			}
+		}
+		catch (final AccessDeniedException e)
+		{
+			if (securityEvaluator.evaluate(Action.Read))
+			{
+				Assert.fail(String
+						.format("Should not have thrown AccessDenied Exception: %s - %s",
+								e, e.getTriple()));
+			}
+		}
+	}
+
+	@Test
+	public void testSize() throws Exception
+	{
+		try
+		{
+			securedModel.size();
+			if (!securityEvaluator.evaluate(Action.Read))
+			{
+				Assert.fail("Should have thrown AccessDenied Exception");
+			}
+		}
+		catch (final AccessDeniedException e)
+		{
+			if (securityEvaluator.evaluate(Action.Read))
+			{
+				Assert.fail(String
+						.format("Should not have thrown AccessDenied Exception: %s - %s",
+								e, e.getTriple()));
+			}
+		}
+	}
+
+	@Test
+	public void testUnion() throws Exception
+	{
+		try
+		{
+			securedModel.union(baseModel);
+			if (!securityEvaluator.evaluate(Action.Read))
+			{
+				Assert.fail("Should have thrown AccessDenied Exception");
+			}
+		}
+		catch (final AccessDeniedException e)
+		{
+			if (securityEvaluator.evaluate(Action.Read))
+			{
+				Assert.fail(String
+						.format("Should not have thrown AccessDenied Exception: %s - %s",
+								e, e.getTriple()));
+			}
+		}
+
+		try
+		{
+			baseModel.union(securedModel);
+			if (!securityEvaluator.evaluate(Action.Read))
+			{
+				Assert.fail("Should have thrown AccessDenied Exception");
+			}
+		}
+		catch (final AccessDeniedException e)
+		{
+			if (securityEvaluator.evaluate(Action.Read))
+			{
+				Assert.fail(String
+						.format("Should not have thrown AccessDenied Exception: %s - %s",
+								e, e.getTriple()));
+			}
+		}
+	}
+
+	@Test
+	public void testVariableInModel()
+	{
+		try
+		{
+			final RDFNode rdfNode = ResourceFactory
+					.createTypedLiteral("yeehaw");
+			final RDFNode rdfNode2 = rdfNode.inModel(securedModel);
+			if (!securityEvaluator.evaluate(Action.Update))
+			{
+				Assert.fail("Should have thrown AccessDenied Exception");
+			}
+			Assert.assertEquals(
+					"Should have placed RDFNode in secured securedModel",
+					securedModel, rdfNode2.getModel());
+
+		}
+		catch (final AccessDeniedException e)
+		{
+			if (securityEvaluator.evaluate(Action.Update))
+			{
+				Assert.fail(String
+						.format("Should not have thrown AccessDenied Exception: %s - %s",
+								e, e.getTriple()));
+			}
+		}
+	}
+
+	@Test
+	public void testWrapAsResource() throws Exception
+	{
+		securedModel.wrapAsResource(NodeFactory.createURI("http://example.com/rdfNode"));
+	}
+
+	@Test
+	public void testWrite() throws Exception
+	{
+		final OutputStream out = new ByteArrayOutputStream();
+		final Writer writer = new CharArrayWriter();
+		final String lang = "TURTLE";
+		try
+		{
+			securedModel.write(out);
+			if (!securityEvaluator.evaluate(Action.Read))
+			{
+				Assert.fail("Should have thrown AccessDenied Exception");
+			}
+		}
+		catch (final AccessDeniedException e)
+		{
+			if (securityEvaluator.evaluate(Action.Read))
+			{
+				Assert.fail(String
+						.format("Should not have thrown AccessDenied Exception: %s - %s",
+								e, e.getTriple()));
+			}
+		}
+		try
+		{
+			securedModel.write(writer);
+			if (!securityEvaluator.evaluate(Action.Read))
+			{
+				Assert.fail("Should have thrown AccessDenied Exception");
+			}
+		}
+		catch (final AccessDeniedException e)
+		{
+			if (securityEvaluator.evaluate(Action.Read))
+			{
+				Assert.fail(String
+						.format("Should not have thrown AccessDenied Exception: %s - %s",
+								e, e.getTriple()));
+			}
+		}
+		try
+		{
+			securedModel.write(out, lang);
+			if (!securityEvaluator.evaluate(Action.Read))
+			{
+				Assert.fail("Should have thrown AccessDenied Exception");
+			}
+		}
+		catch (final AccessDeniedException e)
+		{
+			if (securityEvaluator.evaluate(Action.Read))
+			{
+				Assert.fail(String
+						.format("Should not have thrown AccessDenied Exception: %s - %s",
+								e, e.getTriple()));
+			}
+		}
+		try
+		{
+			securedModel.write(writer, lang);
+			if (!securityEvaluator.evaluate(Action.Read))
+			{
+				Assert.fail("Should have thrown AccessDenied Exception");
+			}
+		}
+		catch (final AccessDeniedException e)
+		{
+			if (securityEvaluator.evaluate(Action.Read))
+			{
+				Assert.fail(String
+						.format("Should not have thrown AccessDenied Exception: %s - %s",
+								e, e.getTriple()));
+			}
+		}
+		try
+		{
+			securedModel.write(out, lang, "http://example.com/securedGraph");
+			if (!securityEvaluator.evaluate(Action.Read))
+			{
+				Assert.fail("Should have thrown AccessDenied Exception");
+			}
+		}
+		catch (final AccessDeniedException e)
+		{
+			if (securityEvaluator.evaluate(Action.Read))
+			{
+				Assert.fail(String
+						.format("Should not have thrown AccessDenied Exception: %s - %s",
+								e, e.getTriple()));
+			}
+		}
+		try
+		{
+			securedModel.write(writer, lang, "http://example.com/securedGraph");
+			if (!securityEvaluator.evaluate(Action.Read))
+			{
+				Assert.fail("Should have thrown AccessDenied Exception");
+			}
+		}
+		catch (final AccessDeniedException e)
+		{
+			if (securityEvaluator.evaluate(Action.Read))
+			{
+				Assert.fail(String
+						.format("Should not have thrown AccessDenied Exception: %s - %s",
+								e, e.getTriple()));
+			}
+		}
+
+	}
+}
\ No newline at end of file

http://git-wip-us.apache.org/repos/asf/jena/blob/b712fb28/jena-permissions/src/test/java/org/apache/jena/security/model/SecuredPropertyTest.java
----------------------------------------------------------------------
diff --git a/jena-permissions/src/test/java/org/apache/jena/security/model/SecuredPropertyTest.java b/jena-permissions/src/test/java/org/apache/jena/security/model/SecuredPropertyTest.java
new file mode 100644
index 0000000..d035bae
--- /dev/null
+++ b/jena-permissions/src/test/java/org/apache/jena/security/model/SecuredPropertyTest.java
@@ -0,0 +1,79 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ * 
+ * http://www.apache.org/licenses/LICENSE-2.0
+ * 
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.jena.security.model;
+
+import org.apache.jena.rdf.model.Property ;
+import org.apache.jena.rdf.model.ResourceFactory ;
+import org.apache.jena.security.AccessDeniedException;
+import org.apache.jena.security.MockSecurityEvaluator;
+import org.apache.jena.security.SecurityEvaluatorParameters;
+import org.apache.jena.security.SecurityEvaluator.Action;
+import org.apache.jena.security.model.SecuredProperty;
+import org.apache.jena.security.model.impl.SecuredPropertyImpl;
+import org.junit.Assert;
+import org.junit.Before;
+import org.junit.Test;
+import org.junit.runner.RunWith;
+
+@RunWith( value = SecurityEvaluatorParameters.class )
+public class SecuredPropertyTest extends SecuredResourceTest
+{
+
+	public SecuredPropertyTest( final MockSecurityEvaluator securityEvaluator )
+	{
+		super(securityEvaluator);
+	}
+
+	private SecuredProperty getSecuredProperty()
+	{
+		return (SecuredProperty) getSecuredRDFNode();
+	}
+
+	@Override
+	@Before
+	public void setup()
+	{
+		super.setup();
+		final Property p = ResourceFactory
+				.createProperty("http://example.com/testProperty");
+		setSecuredRDFNode(SecuredPropertyImpl.getInstance(securedModel, p), p);
+	}
+
+	@Test
+	public void testGetOrdinal()
+	{
+		try
+		{
+			getSecuredProperty().getOrdinal();
+			if (!securityEvaluator.evaluate(Action.Read))
+			{
+				Assert.fail("Should have thrown AccessDenied Exception");
+			}
+		}
+		catch (final AccessDeniedException e)
+		{
+			if (securityEvaluator.evaluate(Action.Read))
+			{
+				Assert.fail(String
+						.format("Should not have thrown AccessDenied Exception: %s - %s",
+								e, e.getTriple()));
+			}
+		}
+	}
+
+}

http://git-wip-us.apache.org/repos/asf/jena/blob/b712fb28/jena-permissions/src/test/java/org/apache/jena/security/model/SecuredRDFListTest.java
----------------------------------------------------------------------
diff --git a/jena-permissions/src/test/java/org/apache/jena/security/model/SecuredRDFListTest.java b/jena-permissions/src/test/java/org/apache/jena/security/model/SecuredRDFListTest.java
new file mode 100644
index 0000000..d1c32aa
--- /dev/null
+++ b/jena-permissions/src/test/java/org/apache/jena/security/model/SecuredRDFListTest.java
@@ -0,0 +1,970 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ * 
+ * http://www.apache.org/licenses/LICENSE-2.0
+ * 
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.jena.security.model;
+
+import java.util.ArrayList;
+import java.util.Iterator;
+import java.util.List;
+import java.util.Set;
+
+import org.apache.jena.rdf.model.* ;
+import org.apache.jena.rdf.model.RDFList.ApplyFn ;
+import org.apache.jena.rdf.model.RDFList.ReduceFn ;
+import org.apache.jena.security.AccessDeniedException;
+import org.apache.jena.security.MockSecurityEvaluator;
+import org.apache.jena.security.SecurityEvaluator;
+import org.apache.jena.security.SecurityEvaluatorParameters;
+import org.apache.jena.security.SecurityEvaluator.Action;
+import org.apache.jena.security.model.SecuredRDFList;
+import org.apache.jena.security.model.impl.SecuredRDFListImpl;
+import org.apache.jena.security.utils.RDFListIterator;
+import org.apache.jena.security.utils.RDFListSecFilter;
+import org.apache.jena.util.iterator.WrappedIterator ;
+import org.junit.Assert;
+import org.junit.Before;
+import org.junit.Test;
+import org.junit.runner.RunWith;
+
+@RunWith( value = SecurityEvaluatorParameters.class )
+public class SecuredRDFListTest extends SecuredResourceTest
+{
+	private RDFList baseList;
+	
+	public SecuredRDFListTest( final MockSecurityEvaluator securityEvaluator )
+	{
+		super(securityEvaluator);
+	}
+
+	private int count( final Action action )
+	{
+		final Iterator<RDFList> iter = new RDFListIterator(
+				(RDFList) getBaseRDFNode());
+		return WrappedIterator.create(iter)
+				.filterKeep(new RDFListSecFilter<RDFList>(getSecuredRDFList(), action))
+				.toList().size();
+	}
+
+	private int count( final Set<Action> action )
+	{
+		final Iterator<RDFList> iter = new RDFListIterator(
+				(RDFList) getBaseRDFNode());
+		return WrappedIterator.create(iter)
+				.filterKeep(new RDFListSecFilter<RDFList>(getSecuredRDFList(), action))
+				.toList().size();
+	}
+
+	private SecuredRDFList getSecuredRDFList()
+	{
+		return (SecuredRDFList) getSecuredRDFNode();
+	}
+
+	@Override
+	@Before
+	public void setup()
+	{
+		super.setup();
+		final RDFNode[] listElements = {
+				ResourceFactory.createResource("http://example.com/ListNode1"),
+				ResourceFactory.createResource("http://example.com/ListNode2"),
+				ResourceFactory.createResource("http://example.com/ListNode3"),
+				ResourceFactory.createResource("http://example.com/ListNode4") };
+		baseList = baseModel.createList(listElements);
+		setSecuredRDFNode(SecuredRDFListImpl.getInstance(securedModel, baseList), baseList);
+	}
+
+	@Test
+	public void testAdd()
+	{
+		final Set<Action> perms = SecurityEvaluator.Util.asSet(new Action[] {
+				Action.Update, Action.Create });
+		try
+		{
+			getSecuredRDFList().add(baseModel.createResource());
+			if (!securityEvaluator.evaluate(perms))
+			{
+				Assert.fail("Should have thrown AccessDenied Exception");
+			}
+		}
+		catch (final AccessDeniedException e)
+		{
+			if (securityEvaluator.evaluate(perms))
+			{
+				Assert.fail(String
+						.format("Should not have thrown AccessDenied Exception: %s - %s",
+								e, e.getTriple()));
+			}
+		}
+
+	}
+
+	@Test
+	public void testAppendNodeIterator()
+	{
+		final Set<Action> perms = SecurityEvaluator.Util.asSet(new Action[] {
+				Action.Update, Action.Create });
+		try
+		{
+			getSecuredRDFList().append(baseModel.listObjects());
+			if (!securityEvaluator.evaluate(perms))
+			{
+				Assert.fail("Should have thrown AccessDenied Exception");
+			}
+		}
+		catch (final AccessDeniedException e)
+		{
+			if (securityEvaluator.evaluate(perms))
+			{
+				Assert.fail(String
+						.format("Should not have thrown AccessDenied Exception: %s - %s",
+								e, e.getTriple()));
+			}
+		}
+	}
+	
+	@Test
+	public void testAppendRDFList()
+	{
+		final Set<Action> perms = SecurityEvaluator.Util.asSet(new Action[] {
+				Action.Update, Action.Create });
+
+		try {
+			getSecuredRDFList().append(baseModel.createList());
+			if (!securityEvaluator.evaluate(Action.Update))
+			{
+				Assert.fail("Should have thrown AccessDenied Exception");
+			}
+			if (!securityEvaluator.evaluate(Action.Create) && (baseList.size()>0 && securityEvaluator.evaluate(Action.Read) ))
+			{
+				Assert.fail("Should have thrown AccessDenied Exception");
+			}
+
+		}
+		catch (final AccessDeniedException e)
+		{
+			if (securityEvaluator.evaluate(perms))
+			{
+				Assert.fail(String
+						.format("Should not have thrown AccessDenied Exception: %s - %s",
+								e, e.getTriple()));
+			}
+		}
+	}
+
+	@Test
+	public void testApply()
+	{
+
+		final ApplyFn fn = new ApplyFn() {
+
+			@Override
+			public void apply( final RDFNode node )
+			{
+				// do nothing
+			}
+		};
+
+		try
+		{
+			getSecuredRDFList().apply(fn);
+			if (!securityEvaluator.evaluate(Action.Read))
+			{
+				Assert.fail("Should have thrown AccessDenied Exception");
+			}
+		}
+		catch (final AccessDeniedException e)
+		{
+			if (securityEvaluator.evaluate(Action.Read))
+			{
+				Assert.fail(String
+						.format("Should not have thrown AccessDenied Exception: %s - %s",
+								e, e.getTriple()));
+			}
+		}
+
+		final Set<Action> perms = SecurityEvaluator.Util.asSet(new Action[] {
+				Action.Update, Action.Read });
+		try
+		{
+			getSecuredRDFList().apply(perms, fn);
+			if (!securityEvaluator.evaluate(Action.Read))
+			{
+				Assert.fail("Should have thrown AccessDenied Exception");
+			}
+		}
+		catch (final AccessDeniedException e)
+		{
+			if (securityEvaluator.evaluate(Action.Read))
+			{
+				Assert.fail(String
+						.format("Should not have thrown AccessDenied Exception: %s - %s",
+								e, e.getTriple()));
+			}
+		}
+	}
+
+	@Test
+	public void testAsJaveList()
+	{
+		try
+		{
+			getSecuredRDFList().asJavaList();
+			if (!securityEvaluator.evaluate(Action.Read))
+			{
+				Assert.fail("Should have thrown AccessDenied Exception");
+			}
+		}
+		catch (final AccessDeniedException e)
+		{
+			if (securityEvaluator.evaluate(Action.Read))
+			{
+				Assert.fail(String
+						.format("Should not have thrown AccessDenied Exception: %s - %s",
+								e, e.getTriple()));
+			}
+		}
+
+	}
+
+	@Test
+	public void testConcatenate()
+	{
+		final Set<Action> perms = SecurityEvaluator.Util.asSet(new Action[] {
+				Action.Update, Action.Create });
+		try
+		{
+			getSecuredRDFList().concatenate(baseModel.listObjects());
+			if (!securityEvaluator.evaluate(perms))
+			{
+				Assert.fail("Should have thrown AccessDenied Exception");
+			}
+		}
+		catch (final AccessDeniedException e)
+		{
+			if (securityEvaluator.evaluate(perms))
+			{
+				Assert.fail(String
+						.format("Should not have thrown AccessDenied Exception: %s - %s",
+								e, e.getTriple()));
+			}
+		}
+
+		try
+		{
+			final List<Resource> lst = new ArrayList<Resource>();
+			lst.add(ResourceFactory
+					.createResource("http://example.com/dummyList"));
+			getSecuredRDFList().concatenate(
+					baseModel.createList(lst.iterator()));
+			if (!securityEvaluator.evaluate(perms))
+			{
+				Assert.fail("Should have thrown AccessDenied Exception");
+			}
+		}
+		catch (final AccessDeniedException e)
+		{
+			if (securityEvaluator.evaluate(perms))
+			{
+				Assert.fail(String
+						.format("Should not have thrown AccessDenied Exception: %s - %s",
+								e, e.getTriple()));
+			}
+		}
+	}
+
+	@Test
+	public void testCons()
+	{
+		final Set<Action> perms = SecurityEvaluator.Util.asSet(new Action[] {
+				Action.Update, Action.Create });
+		try
+		{
+			getSecuredRDFList().cons(SecuredRDFNodeTest.s);
+			if (!securityEvaluator.evaluate(perms))
+			{
+				Assert.fail("Should have thrown AccessDenied Exception");
+			}
+		}
+		catch (final AccessDeniedException e)
+		{
+			if (securityEvaluator.evaluate(perms))
+			{
+				Assert.fail(String
+						.format("Should not have thrown AccessDenied Exception: %s - %s",
+								e, e.getTriple()));
+			}
+		}
+	}
+
+	@Test
+	public void testContains()
+	{
+		try
+		{
+			getSecuredRDFList().contains(SecuredRDFNodeTest.s);
+			if (!securityEvaluator.evaluate(Action.Read))
+			{
+				Assert.fail("Should have thrown AccessDenied Exception");
+			}
+		}
+		catch (final AccessDeniedException e)
+		{
+			if (securityEvaluator.evaluate(Action.Read))
+			{
+				Assert.fail(String
+						.format("Should not have thrown AccessDenied Exception: %s - %s",
+								e, e.getTriple()));
+			}
+		}
+	}
+	
+	@Test
+	public void testCopy()
+	{
+		final Set<Action> perms = SecurityEvaluator.Util.asSet(new Action[] {
+				Action.Read, Action.Update, Action.Create });
+		try
+		{
+			getSecuredRDFList().copy();
+		}
+		catch (final AccessDeniedException e)
+		{
+			if (securityEvaluator.evaluate(perms) ) 
+			{
+				Assert.fail(String
+						.format("Should not have thrown AccessDenied Exception: %s - %s",
+								e, e.getTriple()));
+			}
+		}
+	}
+
+	@Test
+	public void testGet()
+	{
+		try
+		{
+			getSecuredRDFList().get(0);
+			if (!securityEvaluator.evaluate(Action.Read))
+			{
+				Assert.fail("Should have thrown AccessDenied Exception");
+			}
+		}
+		catch (final AccessDeniedException e)
+		{
+			if (securityEvaluator.evaluate(Action.Read))
+			{
+				Assert.fail(String
+						.format("Should not have thrown AccessDenied Exception: %s - %s",
+								e, e.getTriple()));
+			}
+		}
+		catch (final ListIndexException e)
+		{
+			if (((RDFList) getBaseRDFNode()).size() < 0)
+			{
+				// acceptable exception
+			}
+			else
+			{
+				throw e;
+			}
+		}
+	}
+
+	@Test
+	public void testGetHead()
+	{
+		try
+		{
+			getSecuredRDFList().getHead();
+			if (!securityEvaluator.evaluate(Action.Read))
+			{
+				Assert.fail("Should have thrown AccessDenied Exception");
+			}
+		}
+		catch (final AccessDeniedException e)
+		{
+			if (securityEvaluator.evaluate(Action.Read))
+			{
+				Assert.fail(String
+						.format("Should not have thrown AccessDenied Exception: %s - %s",
+								e, e.getTriple()));
+			}
+		}
+		catch (final ListIndexException e)
+		{
+			if (((RDFList) getBaseRDFNode()).size() == 0)
+			{
+				// acceptable exception
+			}
+			else
+			{
+				throw e;
+			}
+		}
+	}
+
+	@Test
+	public void testGetTail()
+	{
+		try
+		{
+			getSecuredRDFList().getTail();
+			if (!securityEvaluator.evaluate(Action.Read))
+			{
+				Assert.fail("Should have thrown AccessDenied Exception");
+			}
+		}
+		catch (final AccessDeniedException e)
+		{
+			if (securityEvaluator.evaluate(Action.Read))
+			{
+				Assert.fail(String
+						.format("Should not have thrown AccessDenied Exception: %s - %s",
+								e, e.getTriple()));
+			}
+		}
+		catch (final ListIndexException e)
+		{
+			if (((RDFList) getBaseRDFNode()).size() == 0)
+			{
+				// acceptable exception
+			}
+			else
+			{
+				throw e;
+			}
+		}
+	}
+
+	@Test
+	public void testGetValidityErrorMessage()
+	{
+		try
+		{
+			getSecuredRDFList().getValidityErrorMessage();
+			if (!securityEvaluator.evaluate(Action.Read))
+			{
+				Assert.fail("Should have thrown AccessDenied Exception");
+			}
+		}
+		catch (final AccessDeniedException e)
+		{
+			if (securityEvaluator.evaluate(Action.Read))
+			{
+				Assert.fail(String
+						.format("Should not have thrown AccessDenied Exception: %s - %s",
+								e, e.getTriple()));
+			}
+		}
+	}
+
+	@Test
+	public void testIndexOf()
+	{
+		try
+		{
+			getSecuredRDFList().indexOf(SecuredRDFNodeTest.s);
+			if (!securityEvaluator.evaluate(Action.Read))
+			{
+				Assert.fail("Should have thrown AccessDenied Exception");
+			}
+		}
+		catch (final AccessDeniedException e)
+		{
+			if (securityEvaluator.evaluate(Action.Read))
+			{
+				Assert.fail(String
+						.format("Should not have thrown AccessDenied Exception: %s - %s",
+								e, e.getTriple()));
+			}
+		}
+		catch (final ListIndexException e)
+		{
+			if (((RDFList) getBaseRDFNode()).size() == 0)
+			{
+				// acceptable exception
+			}
+			else
+			{
+				throw e;
+			}
+		}
+
+		try
+		{
+			getSecuredRDFList().indexOf(SecuredRDFNodeTest.s, 1);
+			if (!securityEvaluator.evaluate(Action.Read))
+			{
+				Assert.fail("Should have thrown AccessDenied Exception");
+			}
+		}
+		catch (final AccessDeniedException e)
+		{
+			if (securityEvaluator.evaluate(Action.Read))
+			{
+				Assert.fail(String
+						.format("Should not have thrown AccessDenied Exception: %s - %s",
+								e, e.getTriple()));
+			}
+		}
+		catch (final ListIndexException e)
+		{
+			if (((RDFList) getBaseRDFNode()).size() <= 0)
+
+			{
+				// acceptable exception
+			}
+			else
+			{
+				throw e;
+			}
+		}
+	}
+
+	@Test
+	public void testIsEmpty()
+	{
+		try
+		{
+			getSecuredRDFList().isEmpty();
+			if (!securityEvaluator.evaluate(Action.Read))
+			{
+				Assert.fail("Should have thrown AccessDenied Exception");
+			}
+		}
+		catch (final AccessDeniedException e)
+		{
+			if (securityEvaluator.evaluate(Action.Read))
+			{
+				Assert.fail(String
+						.format("Should not have thrown AccessDenied Exception: %s - %s",
+								e, e.getTriple()));
+			}
+		}
+	}
+
+	@Test
+	public void testIterator()
+	{
+		try
+		{
+			getSecuredRDFList().iterator();
+			if (!securityEvaluator.evaluate(Action.Read))
+			{
+				Assert.fail("Should have thrown AccessDenied Exception");
+			}
+		}
+		catch (final AccessDeniedException e)
+		{
+			if (securityEvaluator.evaluate(Action.Read))
+			{
+				Assert.fail(String
+						.format("Should not have thrown AccessDenied Exception: %s - %s",
+								e, e.getTriple()));
+			}
+		}
+
+		final Set<Action> perms = SecurityEvaluator.Util.asSet(new Action[] {
+				Action.Update, Action.Create });
+
+		try
+		{
+			getSecuredRDFList().iterator(perms);
+			if (!securityEvaluator.evaluate(Action.Read))
+			{
+				Assert.fail("Should have thrown AccessDenied Exception");
+			}
+		}
+		catch (final AccessDeniedException e)
+		{
+			if (securityEvaluator.evaluate(Action.Read))
+			{
+				Assert.fail(String
+						.format("Should not have thrown AccessDenied Exception: %s - %s",
+								e, e.getTriple()));
+			}
+		}
+	}
+
+	@Test
+	public void testReduce()
+	{
+		final ReduceFn fn = new ReduceFn() {
+
+			@Override
+			public Object reduce( final RDFNode node, final Object accumulator )
+			{
+				return accumulator;
+			}
+		};
+
+		try
+		{
+			getSecuredRDFList().reduce(fn, "Hello");
+			if (!securityEvaluator.evaluate(Action.Read))
+			{
+				Assert.fail("Should have thrown AccessDenied Exception");
+			}
+		}
+		catch (final AccessDeniedException e)
+		{
+			if (securityEvaluator.evaluate(Action.Read))
+			{
+				Assert.fail(String
+						.format("Should not have thrown AccessDenied Exception: %s - %s",
+								e, e.getTriple()));
+			}
+		}
+
+		final Set<Action> perms = SecurityEvaluator.Util.asSet(new Action[] {
+				Action.Update, Action.Create });
+
+		try
+		{
+			getSecuredRDFList().reduce(perms, fn, "Hello");
+			if (!securityEvaluator.evaluate(Action.Read))
+			{
+				Assert.fail("Should have thrown AccessDenied Exception");
+			}
+		}
+		catch (final AccessDeniedException e)
+		{
+			if (securityEvaluator.evaluate(Action.Read))
+			{
+				Assert.fail(String
+						.format("Should not have thrown AccessDenied Exception: %s - %s",
+								e, e.getTriple()));
+			}
+		}
+	}
+
+	@Test
+	public void testRemove()
+	{
+		final Set<Action> perms = SecurityEvaluator.Util.asSet(new Action[] {
+				Action.Update, Action.Delete });
+
+		try
+		{
+			final int count = count(Action.Delete);
+			getSecuredRDFList().remove(SecuredRDFNodeTest.s);
+			if (!securityEvaluator.evaluate(Action.Update)
+					|| ((count > 0) && !securityEvaluator
+							.evaluate(Action.Delete)))
+			{
+				Assert.fail("Should have thrown AccessDenied Exception");
+			}
+		}
+		catch (final AccessDeniedException e)
+		{
+			if (securityEvaluator.evaluate(perms))
+			{
+				Assert.fail(String
+						.format("Should not have thrown AccessDenied Exception: %s - %s",
+								e, e.getTriple()));
+			}
+		}
+	}
+
+	@SuppressWarnings("deprecation")
+    @Override
+	@Test
+	public void testRemoveAll()
+	{
+		final Set<Action> perms = SecurityEvaluator.Util.asSet(new Action[] {
+				Action.Update, Action.Delete });
+
+		try
+		{
+			final int count = count(SecurityEvaluator.Util.asSet(new Action[] {
+					Action.Delete, Action.Read }));
+			getSecuredRDFList().removeAll();
+			if (!securityEvaluator.evaluate(Action.Update)
+					|| ((count > 0) && !securityEvaluator
+							.evaluate(Action.Delete)))
+			{
+				Assert.fail("Should have thrown AccessDenied Exception");
+			}
+		}
+		catch (final AccessDeniedException e)
+		{
+			if (securityEvaluator.evaluate(perms))
+			{
+				Assert.fail(String
+						.format("Should not have thrown AccessDenied Exception: %s - %s",
+								e, e.getTriple()));
+			}
+		}
+		catch (final EmptyListException e)
+		{
+			if (count(Action.Read) == 0)
+			{
+				// expected.
+			}
+			else
+			{
+				throw e;
+			}
+		}
+	}
+
+	@Test
+	public void testRemoveHead()
+	{
+		final Set<Action> perms = SecurityEvaluator.Util.asSet(new Action[] {
+				Action.Update, Action.Delete });
+
+		try
+		{
+			getSecuredRDFList().removeHead();
+			if (!securityEvaluator.evaluate(perms))
+			{
+				Assert.fail("Should have thrown AccessDenied Exception");
+			}
+		}
+		catch (final AccessDeniedException e)
+		{
+			if (securityEvaluator.evaluate(perms))
+			{
+				Assert.fail(String
+						.format("Should not have thrown AccessDenied Exception: %s - %s",
+								e, e.getTriple()));
+			}
+		}
+		catch (final EmptyListException e)
+		{
+			if (count(Action.Read) == 0)
+			{
+				// expected.
+			}
+			else
+			{
+				throw e;
+			}
+		}
+	}
+
+	@Test
+	public void testRemoveList()
+	{
+		final Set<Action> perms = SecurityEvaluator.Util.asSet(new Action[] {
+				Action.Update, Action.Delete });
+
+		try
+		{
+			final int count = count(Action.Delete);
+			getSecuredRDFList().removeList();
+			if (!securityEvaluator.evaluate(Action.Update)
+					|| ((count > 0) && !securityEvaluator
+							.evaluate(Action.Delete)))
+			{
+				Assert.fail("Should have thrown AccessDenied Exception");
+			}
+		}
+		catch (final AccessDeniedException e)
+		{
+			if (securityEvaluator.evaluate(perms))
+			{
+				Assert.fail(String
+						.format("Should not have thrown AccessDenied Exception: %s - %s",
+								e, e.getTriple()));
+			}
+		}
+	}
+
+	@Test
+	public void testReplace()
+	{
+		try
+		{
+			getSecuredRDFList().replace(1, SecuredRDFNodeTest.s);
+			if (!securityEvaluator.evaluate(Action.Update))
+			{
+				Assert.fail("Should have thrown AccessDenied Exception");
+			}
+		}
+		catch (final AccessDeniedException e)
+		{
+			if (securityEvaluator.evaluate(Action.Update))
+			{
+				Assert.fail(String
+						.format("Should not have thrown AccessDenied Exception: %s - %s",
+								e, e.getTriple()));
+			}
+		}
+		catch (final ListIndexException e)
+		{
+			if (count(Action.Read) == 0)
+			{
+				// expected.
+			}
+			else
+			{
+				throw e;
+			}
+		}
+	}
+
+	@Test
+	public void testSameListAs()
+	{
+		try
+		{
+			getSecuredRDFList().sameListAs(baseModel.createList());
+			if (!securityEvaluator.evaluate(Action.Read))
+			{
+				Assert.fail("Should have thrown AccessDenied Exception");
+			}
+		}
+		catch (final AccessDeniedException e)
+		{
+			if (securityEvaluator.evaluate(Action.Read))
+			{
+				Assert.fail(String
+						.format("Should not have thrown AccessDenied Exception: %s - %s",
+								e, e.getTriple()));
+			}
+		}
+	}
+
+	@Test
+	public void testSetHead()
+	{
+
+		try
+		{
+			getSecuredRDFList().setHead(SecuredRDFNodeTest.s);
+			if (!securityEvaluator.evaluate(Action.Update))
+			{
+				Assert.fail("Should have thrown AccessDenied Exception");
+			}
+		}
+		catch (final AccessDeniedException e)
+		{
+			if (securityEvaluator.evaluate(Action.Update))
+			{
+				Assert.fail(String
+						.format("Should not have thrown AccessDenied Exception: %s - %s",
+								e, e.getTriple()));
+			}
+		}
+		catch (final EmptyListException e)
+		{
+			if (count(Action.Read) == 0)
+			{
+				// expected.
+			}
+			else
+			{
+				throw e;
+			}
+		}
+	}
+
+	@Test
+	public void testSetStrict()
+	{
+		try
+		{
+			getSecuredRDFList().setStrict(true);
+			if (!securityEvaluator.evaluate(Action.Update))
+			{
+				Assert.fail("Should have thrown AccessDenied Exception");
+			}
+		}
+		catch (final AccessDeniedException e)
+		{
+			if (securityEvaluator.evaluate(Action.Update))
+			{
+				Assert.fail(String
+						.format("Should not have thrown AccessDenied Exception: %s - %s",
+								e, e.getTriple()));
+			}
+		}
+	}
+
+	@Test
+	public void testSize()
+	{
+		try
+		{
+			getSecuredRDFList().size();
+			if (!securityEvaluator.evaluate(Action.Read))
+			{
+				Assert.fail("Should have thrown AccessDenied Exception");
+			}
+		}
+		catch (final AccessDeniedException e)
+		{
+			if (securityEvaluator.evaluate(Action.Read))
+			{
+				Assert.fail(String
+						.format("Should not have thrown AccessDenied Exception: %s - %s",
+								e, e.getTriple()));
+			}
+		}
+	}
+
+	@Test
+	public void testValid()
+	{
+		try
+		{
+			getSecuredRDFList().isValid();
+			if (!securityEvaluator.evaluate(Action.Read))
+			{
+				Assert.fail("Should have thrown AccessDenied Exception");
+			}
+		}
+		catch (final AccessDeniedException e)
+		{
+			if (securityEvaluator.evaluate(Action.Read))
+			{
+				Assert.fail(String
+						.format("Should not have thrown AccessDenied Exception: %s - %s",
+								e, e.getTriple()));
+			}
+		}
+	}
+
+	@Test
+	public void testWith()
+	{
+		final Set<Action> perms = SecurityEvaluator.Util.asSet(new Action[] {
+				Action.Update, Action.Create });
+
+		try
+		{
+			getSecuredRDFList().with(SecuredRDFNodeTest.s);
+			if (!securityEvaluator.evaluate(perms))
+			{
+				Assert.fail("Should have thrown AccessDenied Exception");
+			}
+		}
+		catch (final AccessDeniedException e)
+		{
+			if (securityEvaluator.evaluate(perms))
+			{
+				Assert.fail(String
+						.format("Should not have thrown AccessDenied Exception: %s - %s",
+								e, e.getTriple()));
+			}
+		}
+	}
+
+}

http://git-wip-us.apache.org/repos/asf/jena/blob/b712fb28/jena-permissions/src/test/java/org/apache/jena/security/model/SecuredRDFNodeTest.java
----------------------------------------------------------------------
diff --git a/jena-permissions/src/test/java/org/apache/jena/security/model/SecuredRDFNodeTest.java b/jena-permissions/src/test/java/org/apache/jena/security/model/SecuredRDFNodeTest.java
new file mode 100644
index 0000000..79ba3e2
--- /dev/null
+++ b/jena-permissions/src/test/java/org/apache/jena/security/model/SecuredRDFNodeTest.java
@@ -0,0 +1,209 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ * 
+ * http://www.apache.org/licenses/LICENSE-2.0
+ * 
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.jena.security.model;
+
+import org.apache.jena.rdf.model.* ;
+import org.apache.jena.security.AccessDeniedException;
+import org.apache.jena.security.Factory;
+import org.apache.jena.security.MockSecurityEvaluator;
+import org.apache.jena.security.SecurityEvaluatorParameters;
+import org.apache.jena.security.SecurityEvaluator.Action;
+import org.apache.jena.security.model.SecuredModel;
+import org.apache.jena.security.model.SecuredRDFNode;
+import org.apache.jena.security.model.impl.SecuredRDFNodeImpl;
+import org.junit.After;
+import org.junit.Assert;
+import org.junit.Before;
+import org.junit.Test;
+import org.junit.runner.RunWith;
+
+@RunWith( value = SecurityEvaluatorParameters.class )
+public class SecuredRDFNodeTest
+{
+	protected final MockSecurityEvaluator securityEvaluator;
+	protected Model baseModel;
+	protected SecuredModel securedModel;
+	private SecuredRDFNode securedRDFNode;
+	private RDFNode baseRDFNode;
+
+	public static Resource s = ResourceFactory
+			.createResource("http://example.com/graph/s");
+	public static Property p = ResourceFactory
+			.createProperty("http://example.com/graph/p");
+	public static Property p2 = ResourceFactory
+			.createProperty("http://example.com/graph/p2");
+	public static Resource o = ResourceFactory
+			.createResource("http://example.com/graph/o");
+
+	public SecuredRDFNodeTest( final MockSecurityEvaluator securityEvaluator )
+	{
+		this.securityEvaluator = securityEvaluator;
+	}
+
+	protected Model createModel()
+	{
+		return ModelFactory.createDefaultModel();
+	}
+
+	protected RDFNode getBaseRDFNode()
+	{
+		return baseRDFNode;
+	}
+
+	protected SecuredRDFNode getSecuredRDFNode()
+	{
+		return securedRDFNode;
+	}
+
+	protected void setSecuredRDFNode( final SecuredRDFNode securedRDFNode,
+			final RDFNode baseRDFNode )
+	{
+		this.securedRDFNode = securedRDFNode;
+		this.baseRDFNode = baseRDFNode;
+	}
+
+	@Before
+	public void setup()
+	{
+		baseModel = createModel();
+		baseModel.removeAll();
+		baseModel.add(SecuredRDFNodeTest.s, SecuredRDFNodeTest.p,
+				SecuredRDFNodeTest.o);
+		baseModel.add(SecuredRDFNodeTest.s, SecuredRDFNodeTest.p2, "yeehaw");
+		securedModel = Factory.getInstance(securityEvaluator,
+				"http://example.com/securedGraph", baseModel);
+		securedRDFNode = SecuredRDFNodeImpl.getInstance(
+				securedModel,
+				baseModel.listObjectsOfProperty(SecuredRDFNodeTest.s,
+						SecuredRDFNodeTest.p).next());
+	}
+
+	@After
+	public void teardown()
+	{
+		securedModel.close();
+		securedModel = null;
+	}
+
+	@Test
+	public void testAsNode()
+	{
+		try
+		{
+			securedRDFNode.asNode();
+			if (!securityEvaluator.evaluate(Action.Read))
+			{
+				Assert.fail("Should have thrown AccessDenied Exception");
+			}
+		}
+		catch (final AccessDeniedException e)
+		{
+			if (securityEvaluator.evaluate(Action.Read))
+			{
+				Assert.fail(String
+						.format("Should not have thrown AccessDenied Exception: %s - %s",
+								e, e.getTriple()));
+			}
+		}
+	}
+
+	@Test
+	public void testCanAs()
+	{
+		try
+		{
+			securedRDFNode.canAs(Resource.class);
+			if (!securityEvaluator.evaluate(Action.Read))
+			{
+				Assert.fail("Should have thrown AccessDenied Exception");
+			}
+		}
+		catch (final AccessDeniedException e)
+		{
+			if (securityEvaluator.evaluate(Action.Read))
+			{
+				Assert.fail(String
+						.format("Should not have thrown AccessDenied Exception: %s - %s",
+								e, e.getTriple()));
+			}
+		}
+	}
+
+	@Test
+	public void testGetModel()
+	{
+		final Model m2 = securedRDFNode.getModel();
+		Assert.assertTrue("Model should have been secured",
+				m2 instanceof SecuredModel);
+	}
+
+	@Test
+	public void testInModel()
+	{
+		final Model m2 = ModelFactory.createDefaultModel();
+		try
+		{
+			final RDFNode n2 = securedRDFNode.inModel(m2);
+			if (!securityEvaluator.evaluate(Action.Read))
+			{
+				Assert.fail("Should have thrown AccessDenied Exception");
+			}
+			Assert.assertFalse("RDFNode should not have been secured",
+					n2 instanceof SecuredRDFNode);
+			Assert.assertEquals("Wrong securedModel returned", n2.getModel(),
+					m2);
+		}
+		catch (final AccessDeniedException e)
+		{
+			if (securityEvaluator.evaluate(Action.Read))
+			{
+				Assert.fail(String
+						.format("Should not have thrown AccessDenied Exception: %s - %s",
+								e, e.getTriple()));
+			}
+		}
+
+		m2.removeAll();
+		final SecuredModel m3 = Factory.getInstance(securityEvaluator,
+				"http://example.com/securedGraph2", m2);
+
+		try
+		{
+			final RDFNode n2 = securedRDFNode.inModel(m3);
+			if (!securityEvaluator.evaluate(Action.Read))
+			{
+				Assert.fail("Should have thrown AccessDenied Exception");
+			}
+			Assert.assertTrue("RDFNode should have been secured",
+					n2 instanceof SecuredRDFNode);
+			Assert.assertEquals("Wrong securedModel returned", n2.getModel(),
+					m3);
+		}
+		catch (final AccessDeniedException e)
+		{
+			if (securityEvaluator.evaluate(Action.Read))
+			{
+				Assert.fail(String
+						.format("Should not have thrown AccessDenied Exception: %s - %s",
+								e, e.getTriple()));
+			}
+		}
+
+	}
+
+}

http://git-wip-us.apache.org/repos/asf/jena/blob/b712fb28/jena-permissions/src/test/java/org/apache/jena/security/model/SecuredReifiedStatementTest.java
----------------------------------------------------------------------
diff --git a/jena-permissions/src/test/java/org/apache/jena/security/model/SecuredReifiedStatementTest.java b/jena-permissions/src/test/java/org/apache/jena/security/model/SecuredReifiedStatementTest.java
new file mode 100644
index 0000000..00aceb2
--- /dev/null
+++ b/jena-permissions/src/test/java/org/apache/jena/security/model/SecuredReifiedStatementTest.java
@@ -0,0 +1,84 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ * 
+ * http://www.apache.org/licenses/LICENSE-2.0
+ * 
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.jena.security.model;
+
+import org.apache.jena.rdf.model.ReifiedStatement ;
+import org.apache.jena.security.AccessDeniedException;
+import org.apache.jena.security.MockSecurityEvaluator;
+import org.apache.jena.security.SecurityEvaluatorParameters;
+import org.apache.jena.security.SecurityEvaluator.Action;
+import org.apache.jena.security.model.SecuredReifiedStatement;
+import org.apache.jena.security.model.impl.SecuredReifiedStatementImpl;
+import org.junit.Assert;
+import org.junit.Before;
+import org.junit.Test;
+import org.junit.runner.RunWith;
+
+@RunWith( value = SecurityEvaluatorParameters.class )
+public class SecuredReifiedStatementTest extends SecuredResourceTest
+{
+
+	public SecuredReifiedStatementTest(
+			final MockSecurityEvaluator securityEvaluator )
+	{
+		super(securityEvaluator);
+	}
+
+	private SecuredReifiedStatement getSecuredReifiedStatement()
+	{
+		return (SecuredReifiedStatement) getSecuredRDFNode();
+	}
+
+	@Override
+	@Before
+	public void setup()
+	{
+		super.setup();
+		final ReifiedStatement stmt = baseModel.listStatements().next()
+				.createReifiedStatement();
+		setSecuredRDFNode(
+				SecuredReifiedStatementImpl.getInstance(securedModel, stmt),
+				stmt);
+	}
+
+	/**
+	 * @sec.graph Read
+	 * @throws AccessDeniedException
+	 */
+	@Test
+	public void testGetStatement()
+	{
+		try
+		{
+			getSecuredReifiedStatement().getStatement();
+			if (!securityEvaluator.evaluate(Action.Read))
+			{
+				Assert.fail("Should have thrown AccessDenied Exception");
+			}
+		}
+		catch (final AccessDeniedException e)
+		{
+			if (securityEvaluator.evaluate(Action.Read))
+			{
+				Assert.fail(String
+						.format("Should not have thrown AccessDenied Exception: %s - %s",
+								e, e.getTriple()));
+			}
+		}
+	}
+}


Mime
View raw message