jena-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From a...@apache.org
Subject [11/24] jena git commit: Module jena-seurity becomes jena-permissions
Date Fri, 24 Apr 2015 12:20:09 GMT
http://git-wip-us.apache.org/repos/asf/jena/blob/b712fb28/jena-security/src/main/java/org/apache/jena/security/SecurityEvaluatorAssembler.java
----------------------------------------------------------------------
diff --git a/jena-security/src/main/java/org/apache/jena/security/SecurityEvaluatorAssembler.java b/jena-security/src/main/java/org/apache/jena/security/SecurityEvaluatorAssembler.java
deleted file mode 100644
index 57f6dfd..0000000
--- a/jena-security/src/main/java/org/apache/jena/security/SecurityEvaluatorAssembler.java
+++ /dev/null
@@ -1,183 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- * 
- * http://www.apache.org/licenses/LICENSE-2.0
- * 
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package org.apache.jena.security;
-
-import java.lang.reflect.Constructor;
-import java.lang.reflect.InvocationTargetException;
-import java.util.ArrayList;
-import java.util.List;
-
-import org.apache.jena.assembler.Assembler ;
-import org.apache.jena.assembler.Mode ;
-import org.apache.jena.assembler.assemblers.AssemblerBase ;
-import org.apache.jena.assembler.exceptions.AssemblerException ;
-import org.apache.jena.rdf.model.* ;
-
-/**
- * A simple assembler for a SecurityEvaluator
- *  <p>
- * This assembler load the specified class, locates the first constructor that accepts 
- * the number of arguments in the assembler file, and calls it passing the arguments.
- * Generally the result of this assembler is passed to a sec:Model construction. 
- * @see SecuredAssembler
- * </p>
- * <ul>
- * <li>The evaluator must have one and only one public constructor
- * that takes the number of arguments specified in the assembler file.
- * </li>
- * 
- *  <li>
- * The evaluator may have more constructors but they may not have the same
- * number of arguments as specified in the assembler file.
- * </li>
- * 
- * <li>
- * The arguments must be specified in the assembler file in the order that they
- * should be passed to the constructor.
- * </li>
- * </ul>
- * 
- * <p>
- * Literal arguments are converted to their data type before calling the constructor.  For example 
- * "13"^^xsd:int will be converted to an Integer with the value of 13.
- * </p>
- * The assembler file should include the following
- * <code><pre>
- * @prefix xsd:        <http://www.w3.org/2001/XMLSchema#>
- * 
- * <>; ja:loadClass	"org.apache.jena.security.SecuredAssembler" .
- * 
- * sec:Model rdfs:subClassOf ja:NamedModel .
- * 
- * </pre></code>
- * 
- * The model definition should include something like.
- * 
- * <code><pre>
- * ex:myEvaluator a sec:Evaluator ;
- *    sec:args [ rdf:_1 "argument 1 for my evaluator constructor" ;
- *    			 rdf:_2 "13"^^xsd:int ; ];
- *    sec:evaluatorClass "evaluatorClassname";
- *    .
- * </pre></code>
- * 
- * Terms used in above example:
- * 
- * <dl>
- * <dt>my:secEvaluator</dt>
- * <dd>The security evaluator as referenced in the assembler file.</dd>
- * 
- * <dt>sec:Evaluator</dt>
- * <dd>Identifies my:secEvaluator as a SecurityEvaluator</dd>
- * 
- * <dt>sec:args</dt>
- * <dd>Identifies the argument list</dd>
- * 
- * <dt>rdf:_1</dt>
- * <dd>The first argument</dd>
- * 
- * <dt>rdf:_2</dt>
- * <dd>The second argument (an integer in this case</dd>
- *  
- * <dt>sec:evaluatorClass</dt>
- * <dd>The fully qualified name of the SecurityEvaluator class to call.  This class must extend
- * SecurityEvaluator, and must have one and only one constructor that takes the number of arguments
- * specified in sec:args</dd>
- * 
- * </p>
- * 
- */
-public class SecurityEvaluatorAssembler extends AssemblerBase implements Assembler, AssemblerConstants {
-	// initialization and registration is performed by SecuredAssembler
-    
-	@Override
-	public SecurityEvaluator open(Assembler a, Resource root, Mode mode) {
-		
-		Literal className = getUniqueLiteral( root, EVALUATOR_CLASS );
-		if (className == null)
-		{
-			throw new AssemblerException( root, String.format( NO_X_PROVIDED, EVALUATOR_CLASS, root ));
-		}
-		
-		Class<?> clazz;
-		try {
-			clazz = Class.forName(className.getString());
-		} catch (ClassNotFoundException e1) {
-			throw new AssemblerException( root, String.format( "Can not locate class %s as specified by %s in %s", className, EVALUATOR_CLASS, root ));
-		}
-		if ( ! SecurityEvaluator.class.isAssignableFrom( clazz ))
-		{
-			throw new AssemblerException( root, String.format( "Class %s as specified by %s in %s does not implement SecurityEvaluator", className, EVALUATOR_CLASS, root ));
-		}
-		
-		// get the arguments as specified.
-		List<Object> args = new ArrayList<Object>();
-		Resource argRes = getUniqueResource( root, ARGUMENT_LIST );
-		if (argRes != null)
-		{
-			Seq seq = argRes.as( Seq.class );
-			NodeIterator iter = seq.iterator();
-			RDFNode n = null;
-			while (iter.hasNext())
-			{
-				n = iter.next();
-				if (n.isLiteral())
-				{
-					args.add( n.asLiteral().getValue());
-				}
-				else if (n.isResource())
-				{
-					args.add( a.open( a, n.asResource(), mode ) );
-				}
-				else
-				{
-					throw new AssemblerException( root, String.format( "%s must be a literal or a resource", n ));
-				}
-			}
-		}
-		
-		for (Constructor<?> c : clazz.getConstructors())
-		{
-			if (c.getParameterTypes().length == args.size())
-			{
-				try {
-					if (args.size() == 0)
-					{
-						return (SecurityEvaluator) c.newInstance();
-					}
-					else
-					{
-						return (SecurityEvaluator) c.newInstance( args.toArray() );
-					}
-				} catch (InstantiationException e) {
-					throw new AssemblerException( root, e.getMessage(), e );
-				} catch (IllegalAccessException e) {
-					throw new AssemblerException( root, e.getMessage(), e );
-				} catch (IllegalArgumentException e) {
-					throw new AssemblerException( root, e.getMessage(), e );
-				} catch (InvocationTargetException e) {
-					throw new AssemblerException( root, e.getMessage(), e );
-				}
-			}
-		
-		}
-		throw new AssemblerException( root, String.format( "Class %s does not have a %s argument constructor", className, args.size() ));
-			
-	}
-
-}

http://git-wip-us.apache.org/repos/asf/jena/blob/b712fb28/jena-security/src/main/java/org/apache/jena/security/graph/SecuredBulkUpdateHandler.java
----------------------------------------------------------------------
diff --git a/jena-security/src/main/java/org/apache/jena/security/graph/SecuredBulkUpdateHandler.java b/jena-security/src/main/java/org/apache/jena/security/graph/SecuredBulkUpdateHandler.java
deleted file mode 100644
index 6263af9..0000000
--- a/jena-security/src/main/java/org/apache/jena/security/graph/SecuredBulkUpdateHandler.java
+++ /dev/null
@@ -1,148 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- * 
- * http://www.apache.org/licenses/LICENSE-2.0
- * 
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package org.apache.jena.security.graph;
-
-import java.util.Iterator;
-import java.util.List;
-
-import org.apache.jena.graph.BulkUpdateHandler ;
-import org.apache.jena.graph.Graph ;
-import org.apache.jena.graph.Node ;
-import org.apache.jena.graph.Triple ;
-import org.apache.jena.security.AccessDeniedException;
-import org.apache.jena.security.impl.SecuredItem;
-
-/**
- * The interface for secured BulkUpdateHanlder instances.
- * 
- * Use the SecuredBulkUpdateHandler.Factory to create instances
- */
-public interface SecuredBulkUpdateHandler extends BulkUpdateHandler,
-		SecuredItem
-{
-
-	/**
-	 * @sec.graph Update
-	 * @sec.triple Create
-	 * @throws AccessDeniedException
-	 */
-	@Override
-	public void add( final Graph g ) throws AccessDeniedException;
-
-	/**
-	 * @sec.graph Update
-	 * @sec.triple Create
-	 * @throws AccessDeniedException
-	 */
-	@Override
-	@Deprecated
-	public void add( final Graph g, final boolean withReifications )
-			throws AccessDeniedException;
-
-	/**
-	 * @sec.graph Update
-	 * @sec.triple Create
-	 * @throws AccessDeniedException
-	 */
-	@Override
-	@Deprecated
-	public void add( final Iterator<Triple> it ) throws AccessDeniedException;
-
-	/**
-	 * @sec.graph Update
-	 * @sec.triple Create
-	 * @throws AccessDeniedException
-	 */
-	@Override
-	@Deprecated
-	public void add( final List<Triple> triples ) throws AccessDeniedException;
-
-	/**
-	 * @sec.graph Update
-	 * @sec.triple Create
-	 * @throws AccessDeniedException
-	 */
-	@Override
-	@Deprecated
-	public void add( final Triple[] triples ) throws AccessDeniedException;
-
-	/**
-	 * @sec.graph Update
-	 * @sec.triple Delete
-	 * @throws AccessDeniedException
-	 */
-	@Override
-	public void delete( final Graph g ) throws AccessDeniedException;
-
-	/**
-	 * @sec.graph Update
-	 * @sec.triple Delete
-	 * @throws AccessDeniedException
-	 */
-	@Override
-	@Deprecated
-	public void delete( final Graph g, final boolean withReifications )
-			throws AccessDeniedException;
-
-	/**
-	 * @sec.graph Update
-	 * @sec.triple Delete
-	 * @throws AccessDeniedException
-	 */
-	@Override
-	@Deprecated
-	public void delete( final Iterator<Triple> it )
-			throws AccessDeniedException;
-
-	/**
-	 * @sec.graph Update
-	 * @sec.triple Delete
-	 * @throws AccessDeniedException
-	 */
-	@Override
-	@Deprecated
-	public void delete( final List<Triple> triples )
-			throws AccessDeniedException;
-
-	/**
-	 * @sec.graph Update
-	 * @sec.triple Delete
-	 * @throws AccessDeniedException
-	 */
-	@Override
-	@Deprecated
-	public void delete( final Triple[] triples ) throws AccessDeniedException;
-
-	/**
-	 * @sec.graph Update
-	 * @sec.triple Delete
-	 * @throws AccessDeniedException
-	 */
-	@Override
-	public void remove( final Node s, final Node p, final Node o )
-			throws AccessDeniedException;
-
-	/**
-	 * @sec.graph Update
-	 * @sec.triple Delete
-	 * @throws AccessDeniedException
-	 */
-	@Override
-	public void removeAll() throws AccessDeniedException;
-
-}

http://git-wip-us.apache.org/repos/asf/jena/blob/b712fb28/jena-security/src/main/java/org/apache/jena/security/graph/SecuredCapabilities.java
----------------------------------------------------------------------
diff --git a/jena-security/src/main/java/org/apache/jena/security/graph/SecuredCapabilities.java b/jena-security/src/main/java/org/apache/jena/security/graph/SecuredCapabilities.java
deleted file mode 100644
index 6a12fa1..0000000
--- a/jena-security/src/main/java/org/apache/jena/security/graph/SecuredCapabilities.java
+++ /dev/null
@@ -1,151 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- * 
- * http://www.apache.org/licenses/LICENSE-2.0
- * 
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package org.apache.jena.security.graph;
-
-import org.apache.jena.graph.Capabilities ;
-import org.apache.jena.security.SecurityEvaluator;
-import org.apache.jena.security.SecurityEvaluator.Action;
-import org.apache.jena.security.SecurityEvaluator.SecNode;
-import org.apache.jena.security.SecurityEvaluator.SecTriple;
-import org.apache.jena.security.SecurityEvaluator.SecNode.Type;
-
-/**
- * The interface for secured Capabilities instances.
- * 
- */
-public class SecuredCapabilities implements Capabilities
-{
-	// the security evaluator in use
-	private final SecurityEvaluator securityEvaluator;
-	// the graphIRI that the capabilities belong to.
-	private final SecNode graphIRI;
-	// the unsecured capabilities.
-	private final Capabilities capabilities;
-
-	/**
-	 * Constructor.
-	 * 
-	 * @param securityEvaluator
-	 *            The security evaluator in use.
-	 * @param graphURI
-	 *            The graphIRI that the capabilities describe.
-	 * @param capabilities
-	 *            The unsecured capabilities.
-	 */
-	public SecuredCapabilities( final SecurityEvaluator securityEvaluator,
-			final String graphURI, final Capabilities capabilities )
-	{
-		this.securityEvaluator = securityEvaluator;
-		this.graphIRI = new SecNode(Type.URI, graphURI);
-		this.capabilities = capabilities;
-	}
-
-	/**
-	 * @sec.graph Update
-	 */
-	@Override
-	public boolean addAllowed()
-	{
-		return securityEvaluator.evaluate(securityEvaluator.getPrincipal(), Action.Update, graphIRI)
-				&& capabilities.addAllowed();
-	}
-
-	/**
-	 * @sec.graph Update
-	 * @sec.triple Create (if everyTriple is true)
-	 */
-	@Override
-	public boolean addAllowed( final boolean everyTriple )
-	{
-		Object principal = securityEvaluator.getPrincipal();
-		
-		boolean retval = securityEvaluator.evaluate(principal, Action.Update, graphIRI)
-				&& capabilities.addAllowed(everyTriple);
-		if (retval && everyTriple)
-		{
-			// special security check
-			retval = securityEvaluator.evaluate(principal, Action.Create, graphIRI,
-					SecTriple.ANY);
-		}
-		return retval;
-	}
-
-	@Override
-	public boolean canBeEmpty()
-	{
-		return capabilities.canBeEmpty();
-	}
-
-	/**
-	 * @sec.graph Update
-	 */
-	@Override
-	public boolean deleteAllowed()
-	{
-		return securityEvaluator.evaluate(securityEvaluator.getPrincipal(), Action.Update, graphIRI)
-				&& capabilities.deleteAllowed();
-	}
-
-	/**
-	 * @sec.graph Update
-	 * @sec.triple Delete (if everyTriple is true)
-	 */
-	@Override
-	public boolean deleteAllowed( final boolean everyTriple )
-	{
-		Object principal = securityEvaluator.getPrincipal();
-		
-		boolean retval = securityEvaluator.evaluate(principal, Action.Update, graphIRI)
-				&& capabilities.addAllowed(everyTriple);
-		if (retval && everyTriple)
-		{
-			// special security check
-			retval = securityEvaluator.evaluate(principal, Action.Delete, graphIRI,
-					SecTriple.ANY);
-		}
-		return retval;
-	}
-
-	@Override
-	public boolean findContractSafe()
-	{
-		return capabilities.findContractSafe();
-	}
-
-	@Override
-	public boolean handlesLiteralTyping()
-	{
-		return capabilities.handlesLiteralTyping();
-	}
-
-	/**
-	 * @sec.graph Update
-	 */
-	@Override
-	public boolean iteratorRemoveAllowed()
-	{
-		return securityEvaluator.evaluate(securityEvaluator.getPrincipal(), Action.Update, graphIRI)
-				&& capabilities.iteratorRemoveAllowed();
-	}
-
-	@Override
-	public boolean sizeAccurate()
-	{
-		return capabilities.sizeAccurate();
-	}
-}
\ No newline at end of file

http://git-wip-us.apache.org/repos/asf/jena/blob/b712fb28/jena-security/src/main/java/org/apache/jena/security/graph/SecuredGraph.java
----------------------------------------------------------------------
diff --git a/jena-security/src/main/java/org/apache/jena/security/graph/SecuredGraph.java b/jena-security/src/main/java/org/apache/jena/security/graph/SecuredGraph.java
deleted file mode 100644
index afdfdc8..0000000
--- a/jena-security/src/main/java/org/apache/jena/security/graph/SecuredGraph.java
+++ /dev/null
@@ -1,176 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- * 
- * http://www.apache.org/licenses/LICENSE-2.0
- * 
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package org.apache.jena.security.graph;
-
-import org.apache.jena.graph.Graph ;
-import org.apache.jena.graph.GraphStatisticsHandler ;
-import org.apache.jena.graph.Node ;
-import org.apache.jena.graph.Triple ;
-import org.apache.jena.security.AccessDeniedException ;
-import org.apache.jena.security.SecurityEvaluator ;
-import org.apache.jena.security.SecurityEvaluator.SecNode ;
-import org.apache.jena.shared.AddDeniedException ;
-import org.apache.jena.shared.DeleteDeniedException ;
-import org.apache.jena.util.iterator.ExtendedIterator ;
-
-/**
- * The interface for secured Graph instances.
- * 
- * Use the SecuredGraph.Factory to create instances
- */
-public interface SecuredGraph extends Graph
-{
-
-	/**
-	 * @sec.graph Update
-	 * @sec.triple Create
-	 * @throws AccessDeniedException
-	 * @throws AddDeniedException
-	 */
-	@Override
-	public void add( final Triple t ) throws AddDeniedException,
-			AccessDeniedException;
-
-	/**
-	 * @sec.graph Read
-	 * @sec.triple Read
-	 * @throws AccessDeniedException
-	 */
-	@Override
-	public boolean contains( final Node s, final Node p, final Node o )
-			throws AccessDeniedException;
-
-	/**
-	 * @sec.graph Read
-	 * @sec.triple Read
-	 * @throws AccessDeniedException
-	 */
-	@Override
-	public boolean contains( final Triple t ) throws AccessDeniedException;
-
-	/**
-	 * @sec.graph Update
-	 * @sec.triple Delete
-	 * @throws AccessDeniedException
-	 * @throws DeleteDeniedException
-	 */
-	@Override
-	public void delete( final Triple t ) throws DeleteDeniedException,
-			AccessDeniedException;
-
-	/**
-	 * @sec.graph Read
-	 * @throws AccessDeniedException
-	 */
-	@Override
-	public boolean dependsOn( final Graph other ) throws AccessDeniedException;
-
-	/**
-	 * @sec.graph Read
-	 * @sec.triple Read, otherwise filtered from iterator.
-	 * @throws AccessDeniedException
-	 */
-	@Override
-	public ExtendedIterator<Triple> find( final Node s, final Node p,
-			final Node o ) throws AccessDeniedException;
-
-    /**
-     * @sec.graph Read
-     * @sec.triple Read, otherwise filtered from iterator.
-     * @throws AccessDeniedException
-     * @deprecated Use {@link #find(Triple)}
-     */
-	@Deprecated
-    @Override
-    public ExtendedIterator<Triple> find( final org.apache.jena.graph.TripleMatch triple )
-            throws AccessDeniedException;
-
-    /**
-	 * @sec.graph Read
-	 * @sec.triple Read, otherwise filtered from iterator.
-	 * @throws AccessDeniedException
-	 */
-	@Override
-	public ExtendedIterator<Triple> find( final Triple triple )
-			throws AccessDeniedException;
-
-	@Override
-	public SecuredBulkUpdateHandler getBulkUpdateHandler();
-
-	@Override
-	public SecuredCapabilities getCapabilities();
-
-	@Override
-	public SecuredGraphEventManager getEventManager();
-
-	public SecNode getModelNode();
-
-	@Override
-	public SecuredPrefixMapping getPrefixMapping();
-
-	public SecurityEvaluator getSecurityEvaluator();
-
-	/**
-	 * @sec.graph Read
-	 * @throws AccessDeniedException
-	 */
-	@Override
-	public GraphStatisticsHandler getStatisticsHandler()
-			throws AccessDeniedException;
-
-	/**
-	 * @sec.graph Read
-	 * @throws AccessDeniedException
-	 */
-	@Override
-	public boolean isEmpty() throws AccessDeniedException;
-
-	/**
-	 * @sec.graph Read
-	 * @sec.triple Read
-	 * @throws AccessDeniedException
-	 */
-	@Override
-	public boolean isIsomorphicWith( final Graph g )
-			throws AccessDeniedException;
-
-
-	/**
-	 * @sec.graph Read
-	 * @throws AccessDeniedException
-	 */
-	@Override
-	public int size() throws AccessDeniedException;
-	
-	/**
-	 * @sec.graph Update
-	 * @sec.triple Delete for every triple
-	 * @throws AccessDeniedException
-	 */
-	@Override
-	public void clear();
-
-	/**
-	 * @sec.graph Update
-	 * @sec.triple Delete (s, p, o )
-	 * @throws AccessDeniedException
-	 */
-	@Override
-	public void remove( Node s, Node p, Node o );
-
-}

http://git-wip-us.apache.org/repos/asf/jena/blob/b712fb28/jena-security/src/main/java/org/apache/jena/security/graph/SecuredGraphEventManager.java
----------------------------------------------------------------------
diff --git a/jena-security/src/main/java/org/apache/jena/security/graph/SecuredGraphEventManager.java b/jena-security/src/main/java/org/apache/jena/security/graph/SecuredGraphEventManager.java
deleted file mode 100644
index 9c62127..0000000
--- a/jena-security/src/main/java/org/apache/jena/security/graph/SecuredGraphEventManager.java
+++ /dev/null
@@ -1,608 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package org.apache.jena.security.graph;
-
-import java.util.Arrays;
-import java.util.Collection;
-import java.util.Collections;
-import java.util.HashMap;
-import java.util.HashSet;
-import java.util.Iterator;
-import java.util.List;
-import java.util.Map;
-import java.util.Set;
-import java.util.Stack;
-
-import org.apache.jena.graph.Graph ;
-import org.apache.jena.graph.GraphEventManager ;
-import org.apache.jena.graph.GraphListener ;
-import org.apache.jena.graph.Triple ;
-import org.apache.jena.graph.impl.CollectionGraph ;
-import org.apache.jena.security.SecurityEvaluator;
-import org.apache.jena.security.SecurityEvaluator.Action;
-import org.apache.jena.security.graph.impl.SecuredGraphImpl;
-import org.apache.jena.security.impl.CachedSecurityEvaluator;
-import org.apache.jena.security.impl.SecuredItemImpl;
-import org.apache.jena.security.utils.PermTripleFilter;
-import org.apache.jena.util.iterator.ExtendedIterator ;
-import org.apache.jena.util.iterator.NiceIterator ;
-import org.apache.jena.util.iterator.WrappedIterator ;
-
-/**
- * Since we sit between the graph and other items we have to determine when the
- * message is first seen and send it to the underlying graph if necessary.
- */
-public class SecuredGraphEventManager implements GraphEventManager {
-	private class SecuredGraphListener implements GraphListener {
-		private final GraphListener wrapped;
-		private final Object runAs;
-
-		SecuredGraphListener(final GraphListener wrapped) {
-			if (wrapped == null) {
-				throw new IllegalArgumentException(
-						"Wrapped listener may not be null");
-			}
-			this.wrapped = wrapped;
-			this.runAs = securedGraph.getSecurityEvaluator().getPrincipal();
-		}
-
-		private Triple[] getArray(final Graph g, final Triple[] triples,
-				final Set<Action> perms) {
-			Triple[] retval = triples;
-			if (g instanceof SecuredGraphImpl) {
-				final SecuredGraphImpl sg = (SecuredGraphImpl) g;
-				final SecurityEvaluator evaluator = new CachedSecurityEvaluator(sg.getSecurityEvaluator(), runAs);
-				if (evaluator.evaluateAny(runAs, perms, sg.getModelNode())) {
-					if (!evaluator.evaluateAny(runAs, perms, sg.getModelNode(),
-							SecuredItemImpl.convert(Triple.ANY))) {
-						final List<Triple> list = wrapPermIterator(sg,
-								Arrays.asList(triples).iterator(), perms)
-								.toList();
-						retval = list.toArray(new Triple[list.size()]);
-					}
-					else {
-						retval = triples;
-					}
-				}
-				else {
-					retval = new Triple[0];
-				}
-			}
-			return retval;
-		}
-
-		@Override
-		public void notifyAddArray(final Graph g, final Triple[] triples) {
-			final Triple[] added = getArray(g, triples,
-					SecuredGraphEventManager.ADD);
-
-			if (added.length > 0) {
-				wrapped.notifyAddArray(g, added);
-			}
-		}
-
-		@Override
-		public void notifyAddGraph(final Graph g, final Graph added) {
-			Graph addGraph = added;
-			if (g instanceof SecuredGraph) {
-				final SecuredGraph sg = (SecuredGraph) g;
-				final SecurityEvaluator evaluator = new CachedSecurityEvaluator(sg.getSecurityEvaluator(), runAs);
-				if (evaluator.evaluateAny(runAs, SecuredGraphEventManager.ADD,
-						sg.getModelNode())) {
-					if (!evaluator.evaluateAny(runAs,
-							SecuredGraphEventManager.ADD, sg.getModelNode(),
-							SecuredItemImpl.convert(Triple.ANY))) {
-						final List<Triple> lst = added.find(Triple.ANY)
-								.toList();
-						addGraph = new CollectionGraph(Arrays.asList(getArray(
-								g, lst.toArray(new Triple[lst.size()]),
-								SecuredGraphEventManager.ADD)));
-					}
-					else {
-						addGraph = added;
-					}
-				}
-				else {
-					addGraph = new CollectionGraph(
-							Collections.<Triple> emptyList());
-				}
-			}
-			if (addGraph.size() > 0) {
-				wrapped.notifyAddGraph(g, addGraph);
-
-			}
-		}
-
-		@Override
-		public void notifyAddIterator(final Graph g, final Iterator<Triple> it) {
-
-			if (g instanceof SecuredGraphImpl) {
-				final SecuredGraphImpl sg = (SecuredGraphImpl) g;
-				final SecurityEvaluator evaluator = new CachedSecurityEvaluator(sg.getSecurityEvaluator(), runAs);
-				// only report if we can write to the graph
-				if (evaluator.evaluateAny(runAs, SecuredGraphEventManager.ADD,
-						sg.getModelNode())) {
-					final ExtendedIterator<Triple> iter = wrapPermIterator(sg,
-							it, SecuredGraphEventManager.ADD);
-					try {
-						wrapped.notifyAddIterator(g, iter);
-					} finally {
-						iter.close();
-					}
-				}
-			}
-			else {
-				wrapped.notifyAddIterator(g, it);
-			}
-
-		}
-
-		@Override
-		public void notifyAddList(final Graph g, final List<Triple> triples) {
-			List<Triple> list = triples;
-			if (g instanceof SecuredGraphImpl) {
-				final SecuredGraphImpl sg = (SecuredGraphImpl) g;
-				final SecurityEvaluator evaluator = new CachedSecurityEvaluator(sg.getSecurityEvaluator(), runAs);
-				if (evaluator.evaluateAny(runAs, SecuredGraphEventManager.ADD,
-						sg.getModelNode())) {
-					if (!evaluator.evaluateAny(runAs,
-							SecuredGraphEventManager.ADD, sg.getModelNode(),
-							SecuredItemImpl.convert(Triple.ANY))) {
-						list = wrapPermIterator(sg, triples.iterator(),
-								SecuredGraphEventManager.ADD).toList();
-					}
-					else {
-						list = triples;
-					}
-				}
-				else {
-					list = Collections.emptyList();
-				}
-			}
-
-			if (list.size() > 0) {
-
-				wrapped.notifyAddList(g, list);
-			}
-		}
-
-		@Override
-		public void notifyAddTriple(final Graph g, final Triple t) {
-			boolean notify = false;
-			if (g instanceof SecuredGraph) {
-				final SecuredGraph sg = (SecuredGraph) g;
-				final SecurityEvaluator evaluator = new CachedSecurityEvaluator(sg.getSecurityEvaluator(), runAs);
-				notify = evaluator.evaluateAny(runAs,
-						SecuredGraphEventManager.ADD, sg.getModelNode());
-				if (notify) {
-					notify = evaluator.evaluateAny(runAs,
-							SecuredGraphEventManager.ADD, sg.getModelNode(),
-							SecuredItemImpl.convert(t));
-				}
-			}
-			else {
-				notify = true;
-			}
-			if (notify) {
-				wrapped.notifyAddTriple(g, t);
-			}
-		}
-
-		@Override
-		public void notifyDeleteArray(final Graph g, final Triple[] triples) {
-			Triple[] deleted = triples;
-			if (g instanceof SecuredGraphImpl) {
-				final SecuredGraphImpl sg = (SecuredGraphImpl) g;
-				final SecurityEvaluator evaluator = new CachedSecurityEvaluator(sg.getSecurityEvaluator(), runAs);
-				if (evaluator.evaluateAny(runAs,
-						SecuredGraphEventManager.DELETE, sg.getModelNode())) {
-					if (!evaluator.evaluateAny(runAs,
-							SecuredGraphEventManager.DELETE, sg.getModelNode(),
-							SecuredItemImpl.convert(Triple.ANY))) {
-						final List<Triple> list = wrapPermIterator(sg,
-								Arrays.asList(triples).iterator(),
-								SecuredGraphEventManager.DELETE).toList();
-						deleted = list.toArray(new Triple[list.size()]);
-					}
-					else {
-						deleted = triples;
-					}
-				}
-				else {
-					deleted = new Triple[0];
-				}
-			}
-
-			if (deleted.length > 0) {
-				wrapped.notifyDeleteArray(g, deleted);
-			}
-		}
-
-		@Override
-		public void notifyDeleteGraph(final Graph g, final Graph removed) {
-			if (g instanceof SecuredGraphImpl) {
-				final SecuredGraphImpl sg = (SecuredGraphImpl) g;
-				final SecurityEvaluator evaluator = new CachedSecurityEvaluator(sg.getSecurityEvaluator(), runAs);
-				if (evaluator.evaluateAny(runAs,
-						SecuredGraphEventManager.DELETE, sg.getModelNode())) {
-					Graph g2 = removed;
-					if (!evaluator.evaluateAny(runAs,
-							SecuredGraphEventManager.DELETE, sg.getModelNode(),
-							SecuredItemImpl.convert(Triple.ANY))) {
-						g2 = new CollectionGraph(
-								removed.find(Triple.ANY)
-								.filterKeep(
-										new PermTripleFilter(
-												SecuredGraphEventManager.DELETE,
-												sg, evaluator))
-												.toList());
-
-					}
-					wrapped.notifyDeleteGraph(g, g2);
-				}
-				else {
-					// do nothing.
-				}
-			}
-			else {
-				wrapped.notifyDeleteGraph(g, removed);
-			}
-		}
-
-		@Override
-		public void notifyDeleteIterator(final Graph g,
-				final Iterator<Triple> it) {
-			Iterator<Triple> iter = it;
-			if (g instanceof SecuredGraphImpl) {
-				final SecuredGraphImpl sg = (SecuredGraphImpl) g;
-				final SecurityEvaluator evaluator = new CachedSecurityEvaluator(sg.getSecurityEvaluator(), runAs);
-				if (evaluator.evaluateAny(runAs,
-						SecuredGraphEventManager.DELETE, sg.getModelNode())) {
-
-					if (!evaluator.evaluateAny(runAs,
-							SecuredGraphEventManager.DELETE, sg.getModelNode(),
-							SecuredItemImpl.convert(Triple.ANY))) {
-						iter = WrappedIterator.create(it).filterKeep(
-								new PermTripleFilter(
-										SecuredGraphEventManager.DELETE, sg,
-										evaluator));
-					}
-					// else use the default list as all can bee seen
-					wrapped.notifyDeleteIterator(g, iter);
-				}
-				else {
-					// do nothing.
-				}
-			}
-			else {
-				wrapped.notifyDeleteIterator(g, iter);
-			}
-
-		}
-
-		@Override
-		public void notifyDeleteList(final Graph g, final List<Triple> triples) {
-			List<Triple> list = triples;
-			if (g instanceof SecuredGraphImpl) {
-				final SecuredGraphImpl sg = (SecuredGraphImpl) g;
-				final SecurityEvaluator evaluator = new CachedSecurityEvaluator(sg.getSecurityEvaluator(), runAs);
-				if (evaluator.evaluateAny(runAs,
-						SecuredGraphEventManager.DELETE, sg.getModelNode())) {
-					if (!evaluator.evaluateAny(runAs,
-							SecuredGraphEventManager.DELETE, sg.getModelNode(),
-							SecuredItemImpl.convert(Triple.ANY))) {
-						list = WrappedIterator
-								.create(triples.iterator())
-								.filterKeep(
-										new PermTripleFilter(
-												SecuredGraphEventManager.DELETE,
-												sg, evaluator)).toList();
-					}
-					// else use the default list as all can bee seen
-				}
-				else {
-					list = Collections.emptyList();
-				}
-			}
-
-			if (list.size() > 0) {
-				wrapped.notifyDeleteList(g, list);
-			}
-		}
-
-		@Override
-		public void notifyDeleteTriple(final Graph g, final Triple t) {
-			boolean notify = false;
-			if (g instanceof SecuredGraph) {
-				final SecuredGraph sg = (SecuredGraph) g;
-				final SecurityEvaluator evaluator = new CachedSecurityEvaluator(sg.getSecurityEvaluator(), runAs);
-				notify = evaluator.evaluateAny(runAs,
-						SecuredGraphEventManager.DELETE, sg.getModelNode());
-				if (notify) {
-					notify = evaluator.evaluateAny(runAs,
-							SecuredGraphEventManager.DELETE, sg.getModelNode(),
-							SecuredItemImpl.convert(t));
-				}
-			}
-			else {
-				notify = true;
-			}
-			if (notify) {
-				wrapped.notifyDeleteTriple(g, t);
-			}
-		}
-
-		@Override
-		public void notifyEvent(final Graph source, final Object value) {
-			wrapped.notifyEvent(source, value);
-		}
-
-		private ExtendedIterator<Triple> wrapPermIterator(
-				final SecuredGraphImpl sg, final Iterator<Triple> it,
-				final Set<Action> perms) {
-			final SecurityEvaluator evaluator = new CachedSecurityEvaluator(sg.getSecurityEvaluator(), runAs);
-			if (!evaluator.evaluateAny(runAs, perms, sg.getModelNode(),
-					SecuredItemImpl.convert(Triple.ANY))) {
-				// nope so wrap the iterator with security iterator
-				return WrappedIterator.create(it).filterKeep(
-						new PermTripleFilter(perms, sg, evaluator));
-			}
-			return WrappedIterator.create(it);
-				}
-
-	}
-
-	// the security evaluator in use
-	private final SecuredGraph securedGraph;
-	private final Graph baseGraph;
-	private final Map<GraphListener, Stack<SecuredGraphListener>> listenerMap = new HashMap<GraphListener, Stack<SecuredGraphListener>>();
-	private static Set<Action> DELETE;
-
-	private static Set<Action> ADD;
-
-	static {
-		SecuredGraphEventManager.ADD = new HashSet<Action>(
-				Arrays.asList(new Action[] {
-						Action.Create, Action.Read
-				}));
-		SecuredGraphEventManager.DELETE = new HashSet<Action>(
-				Arrays.asList(new Action[] {
-						Action.Delete, Action.Read
-				}));
-	}
-
-	public SecuredGraphEventManager(final SecuredGraph securedGraph,
-			final Graph baseGraph, final GraphEventManager manager) {
-		this.securedGraph = securedGraph;
-		this.baseGraph = baseGraph;
-		manager.register(this);
-	}
-
-	private synchronized Collection<SecuredGraphListener> getListenerCollection() {
-		ExtendedIterator<SecuredGraphListener> retval = NiceIterator
-				.emptyIterator();
-		for (final Collection<SecuredGraphListener> coll : listenerMap.values()) {
-			retval = retval.andThen(coll.iterator());
-		}
-		return retval.toList();
-	}
-
-	@Override
-	public boolean listening() {
-		return !listenerMap.isEmpty();
-	}
-
-	@Override
-	public void notifyAddArray(final Graph g, final Triple[] triples) {
-		final boolean wrap = baseGraph.equals(g);
-
-		for (final SecuredGraphListener sgl : getListenerCollection()) {
-			if (wrap) {
-				sgl.notifyAddArray(securedGraph, triples);
-			}
-			else {
-				sgl.notifyAddArray(g, triples);
-			}
-		}
-	}
-
-	@Override
-	public void notifyAddGraph(final Graph g, final Graph added) {
-		final boolean wrap = baseGraph.equals(g);
-
-		for (final SecuredGraphListener sgl : getListenerCollection()) {
-			if (wrap) {
-				sgl.notifyAddGraph(securedGraph, added);
-			}
-			else {
-				sgl.notifyAddGraph(g, added);
-			}
-		}
-	}
-
-	@Override
-	public void notifyAddIterator(final Graph g, final Iterator<Triple> it) {
-		notifyAddIterator(g, WrappedIterator.create(it).toList());
-		baseGraph.equals(g);
-	}
-
-	@Override
-	public void notifyAddIterator(final Graph g, final List<Triple> triples) {
-		final boolean wrap = baseGraph.equals(g);
-
-		for (final SecuredGraphListener sgl : getListenerCollection()) {
-			if (wrap) {
-				sgl.notifyAddIterator(securedGraph, triples.iterator());
-			}
-			else {
-				sgl.notifyAddIterator(g, triples.iterator());
-			}
-		}
-	}
-
-	@Override
-	public void notifyAddList(final Graph g, final List<Triple> triples) {
-		final boolean wrap = baseGraph.equals(g);
-
-		for (final SecuredGraphListener sgl : getListenerCollection()) {
-			if (wrap) {
-				sgl.notifyAddList(securedGraph, triples);
-			}
-			else {
-				sgl.notifyAddList(g, triples);
-			}
-		}
-	}
-
-	@Override
-	public void notifyAddTriple(final Graph g, final Triple t) {
-		final boolean wrap = baseGraph.equals(g);
-
-		for (final SecuredGraphListener sgl : getListenerCollection()) {
-			if (wrap) {
-				sgl.notifyAddTriple(securedGraph, t);
-			}
-			else {
-				sgl.notifyAddTriple(g, t);
-			}
-		}
-	}
-
-	@Override
-	public void notifyDeleteArray(final Graph g, final Triple[] triples) {
-		final boolean wrap = baseGraph.equals(g);
-
-		for (final SecuredGraphListener sgl : getListenerCollection()) {
-			if (wrap) {
-				sgl.notifyDeleteArray(securedGraph, triples);
-			}
-			else {
-				sgl.notifyDeleteArray(g, triples);
-			}
-		}
-	}
-
-	@Override
-	public void notifyDeleteGraph(final Graph g, final Graph removed) {
-		final boolean wrap = baseGraph.equals(g);
-
-		for (final SecuredGraphListener sgl : getListenerCollection()) {
-			if (wrap) {
-				sgl.notifyDeleteGraph(securedGraph, removed);
-			}
-			else {
-				sgl.notifyDeleteGraph(g, removed);
-			}
-		}
-	}
-
-	@Override
-	public void notifyDeleteIterator(final Graph g, final Iterator<Triple> it) {
-		notifyDeleteIterator(g, WrappedIterator.create(it).toList());
-	}
-
-	@Override
-	public void notifyDeleteIterator(final Graph g, final List<Triple> triples) {
-		final boolean wrap = baseGraph.equals(g);
-
-		for (final SecuredGraphListener sgl : getListenerCollection()) {
-			if (wrap) {
-				sgl.notifyDeleteIterator(securedGraph, triples.iterator());
-			}
-			else {
-				sgl.notifyDeleteIterator(g, triples.iterator());
-			}
-		}
-	}
-
-	@Override
-	public void notifyDeleteList(final Graph g, final List<Triple> L) {
-		final boolean wrap = baseGraph.equals(g);
-
-		for (final SecuredGraphListener sgl : getListenerCollection()) {
-			if (wrap) {
-				sgl.notifyDeleteList(securedGraph, L);
-			}
-			else {
-				sgl.notifyDeleteList(g, L);
-			}
-		}
-	}
-
-	@Override
-	public void notifyDeleteTriple(final Graph g, final Triple t) {
-		final boolean wrap = baseGraph.equals(g);
-
-		for (final SecuredGraphListener sgl : getListenerCollection()) {
-			if (wrap) {
-				sgl.notifyDeleteTriple(securedGraph, t);
-			}
-			else {
-				sgl.notifyDeleteTriple(g, t);
-			}
-		}
-	}
-
-	@Override
-	public void notifyEvent(final Graph source, final Object value) {
-		if ((source instanceof SecuredGraph) && securedGraph.equals(source)) {
-			baseGraph.getEventManager().notifyEvent(baseGraph, value);
-		}
-		else {
-
-			final boolean wrap = baseGraph.equals(source);
-
-			for (final SecuredGraphListener sgl : getListenerCollection()) {
-				if (wrap) {
-					sgl.notifyEvent(securedGraph, value);
-				}
-				else {
-					sgl.notifyEvent(source, value);
-				}
-			}
-		}
-	}
-
-	@Override
-	public synchronized GraphEventManager register(final GraphListener listener) {
-		Stack<SecuredGraphListener> sgl = listenerMap.get(listener);
-		if (sgl == null) {
-			sgl = new Stack<SecuredGraphListener>();
-		}
-		sgl.push(new SecuredGraphListener(listener));
-		listenerMap.put(listener, sgl);
-		return this;
-	}
-
-	@Override
-	public synchronized GraphEventManager unregister(
-			final GraphListener listener) {
-		final Stack<SecuredGraphListener> sgl = listenerMap.get(listener);
-		if (sgl != null) {
-			if (sgl.size() == 1) {
-				listenerMap.remove(listener);
-			}
-			else {
-				sgl.pop();
-				listenerMap.put(listener, sgl);
-			}
-		}
-		return this;
-	}
-
-}

http://git-wip-us.apache.org/repos/asf/jena/blob/b712fb28/jena-security/src/main/java/org/apache/jena/security/graph/SecuredPrefixMapping.java
----------------------------------------------------------------------
diff --git a/jena-security/src/main/java/org/apache/jena/security/graph/SecuredPrefixMapping.java b/jena-security/src/main/java/org/apache/jena/security/graph/SecuredPrefixMapping.java
deleted file mode 100644
index 61c2544..0000000
--- a/jena-security/src/main/java/org/apache/jena/security/graph/SecuredPrefixMapping.java
+++ /dev/null
@@ -1,133 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- * 
- * http://www.apache.org/licenses/LICENSE-2.0
- * 
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package org.apache.jena.security.graph;
-
-import java.util.Map;
-
-import org.apache.jena.security.AccessDeniedException;
-import org.apache.jena.security.impl.SecuredItem;
-import org.apache.jena.shared.PrefixMapping ;
-
-/**
- * The interface for secured PrefixMapping instances.
- * 
- * Use the SecuredPrefixMapping.Factory to create instances
- */
-public interface SecuredPrefixMapping extends PrefixMapping, SecuredItem
-{
-	/**
-	 * @sec.graph Read
-	 * @throws AccessDeniedException
-	 */
-	@Override
-	public String expandPrefix( final String prefixed )
-			throws AccessDeniedException;
-
-	/**
-	 * @sec.graph Read
-	 * @throws AccessDeniedException
-	 */
-	@Override
-	public Map<String, String> getNsPrefixMap() throws AccessDeniedException;
-
-	/**
-	 * @sec.graph Read
-	 * @throws AccessDeniedException
-	 */
-	@Override
-	public String getNsPrefixURI( final String prefix )
-			throws AccessDeniedException;
-
-	/**
-	 * @sec.graph Read
-	 * @throws AccessDeniedException
-	 */
-	@Override
-	public String getNsURIPrefix( final String uri )
-			throws AccessDeniedException;
-
-	/**
-	 * @sec.graph Update
-	 * @throws AccessDeniedException
-	 */
-	@Override
-	public SecuredPrefixMapping lock() throws AccessDeniedException;
-
-	/**
-	 * @sec.graph Read
-	 * @throws AccessDeniedException
-	 */
-	@Override
-	public String qnameFor( final String uri ) throws AccessDeniedException;
-
-	/**
-	 * @sec.graph Update
-	 * @throws AccessDeniedException
-	 */
-	@Override
-	public SecuredPrefixMapping removeNsPrefix( final String prefix )
-			throws AccessDeniedException;
-
-	/**
-	 * @sec.graph Read
-	 * @throws AccessDeniedException
-	 */
-	@Override
-	public boolean samePrefixMappingAs( final PrefixMapping other )
-			throws AccessDeniedException;
-
-	/**
-	 * @sec.graph Update
-	 * @throws AccessDeniedException
-	 */
-	@Override
-	public SecuredPrefixMapping setNsPrefix( final String prefix,
-			final String uri ) throws AccessDeniedException;
-
-	/**
-	 * @sec.graph Update
-	 * @throws AccessDeniedException
-	 */
-	@Override
-	public SecuredPrefixMapping setNsPrefixes( final Map<String, String> map )
-			throws AccessDeniedException;
-
-	/**
-	 * @sec.graph Update
-	 * @throws AccessDeniedException
-	 */
-	@Override
-	public SecuredPrefixMapping setNsPrefixes( final PrefixMapping other )
-			throws AccessDeniedException;
-
-	/**
-	 * @sec.graph Read
-	 * @throws AccessDeniedException
-	 */
-	@Override
-	public String shortForm( final String uri ) throws AccessDeniedException;
-
-	/**
-	 * @sec.graph Update
-	 * @throws AccessDeniedException
-	 */
-	@Override
-	public SecuredPrefixMapping withDefaultMappings( final PrefixMapping map )
-			throws AccessDeniedException;
-
-}

http://git-wip-us.apache.org/repos/asf/jena/blob/b712fb28/jena-security/src/main/java/org/apache/jena/security/graph/impl/Factory.java
----------------------------------------------------------------------
diff --git a/jena-security/src/main/java/org/apache/jena/security/graph/impl/Factory.java b/jena-security/src/main/java/org/apache/jena/security/graph/impl/Factory.java
deleted file mode 100644
index d66d46e..0000000
--- a/jena-security/src/main/java/org/apache/jena/security/graph/impl/Factory.java
+++ /dev/null
@@ -1,129 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- * 
- * http://www.apache.org/licenses/LICENSE-2.0
- * 
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package org.apache.jena.security.graph.impl;
-
-import org.apache.jena.graph.BulkUpdateHandler ;
-import org.apache.jena.graph.Graph ;
-import org.apache.jena.security.SecurityEvaluator;
-import org.apache.jena.security.graph.SecuredBulkUpdateHandler;
-import org.apache.jena.security.graph.SecuredGraph;
-import org.apache.jena.security.graph.SecuredPrefixMapping;
-import org.apache.jena.security.impl.ItemHolder;
-import org.apache.jena.security.impl.SecuredItemInvoker;
-import org.apache.jena.shared.PrefixMapping ;
-
-public class Factory
-{
-
-	/**
-	 * Create an instance of the SecuredBulkUpdateHandler
-	 * 
-	 * @param graph
-	 *            The SecuredGraph that created the handler
-	 * @param handler
-	 *            The unsecured handler from the base graph.
-	 * @return SecuredBulkUpdateHandler.
-	 */
-	static SecuredBulkUpdateHandler getInstance( final SecuredGraphImpl graph,
-			final Graph baseGraph, final BulkUpdateHandler handler )
-	{
-		final ItemHolder<BulkUpdateHandler, SecuredBulkUpdateHandler> holder = new ItemHolder<BulkUpdateHandler, SecuredBulkUpdateHandler>(
-				handler);
-
-		final SecuredBulkUpdateHandlerImpl checker = new SecuredBulkUpdateHandlerImpl(
-				graph, baseGraph, holder);
-
-		// if we are going to create a duplicate proxy, just return this
-		// one.
-		if (handler instanceof SecuredBulkUpdateHandler)
-		{
-			if (checker.isEquivalent((SecuredBulkUpdateHandler) handler))
-			{
-				return (SecuredBulkUpdateHandler) handler;
-			}
-		}
-
-		return holder.setSecuredItem(new SecuredItemInvoker(handler.getClass(),
-				checker));
-	}
-
-	/**
-	 * Create an instance of SecuredPrefixMapping
-	 * 
-	 * @param graph
-	 *            The SecuredGraph that contains the prefixmapping.
-	 * @param prefixMapping
-	 *            The prefixmapping returned from the base graph.
-	 * @return The SecuredPrefixMapping.
-	 */
-	static SecuredPrefixMapping getInstance( final SecuredGraphImpl graph,
-			final PrefixMapping prefixMapping )
-	{
-
-		final ItemHolder<PrefixMapping, SecuredPrefixMapping> holder = new ItemHolder<PrefixMapping, SecuredPrefixMapping>(
-				prefixMapping);
-		final SecuredPrefixMappingImpl checker = new SecuredPrefixMappingImpl(
-				graph, holder);
-		// if we are going to create a duplicate proxy just return this one.
-		if (prefixMapping instanceof SecuredPrefixMapping)
-		{
-			if (checker.isEquivalent((SecuredPrefixMapping) prefixMapping))
-			{
-				return (SecuredPrefixMapping) prefixMapping;
-			}
-		}
-
-		return holder.setSecuredItem(new SecuredItemInvoker(prefixMapping
-				.getClass(), checker));
-	}
-
-	/**
-	 * Create an instance of the SecuredGraph
-	 * 
-	 * @param securityEvaluator
-	 *            The security evaluator to use
-	 * @param graphIRI
-	 *            The IRI for the graph.
-	 * @param graph
-	 *            The graph that we are wrapping.
-	 * @return the secured graph
-	 */
-	public static SecuredGraph getInstance(
-			final SecurityEvaluator securityEvaluator, final String graphIRI,
-			final Graph graph )
-	{
-
-		final ItemHolder<Graph, SecuredGraphImpl> holder = new ItemHolder<Graph, SecuredGraphImpl>(
-				graph);
-		final SecuredGraphImpl checker = new SecuredGraphImpl(
-				securityEvaluator, graphIRI, holder) {
-		};
-
-		// If we going to create a duplicate proxy return this one.
-		if (graph instanceof SecuredGraphImpl)
-		{
-			if (checker.isEquivalent((SecuredGraphImpl) graph))
-			{
-				return (SecuredGraph) graph;
-			}
-		}
-		return holder.setSecuredItem(new SecuredItemInvoker(graph.getClass(),
-				checker));
-	}
-
-}

http://git-wip-us.apache.org/repos/asf/jena/blob/b712fb28/jena-security/src/main/java/org/apache/jena/security/graph/impl/SecuredBulkUpdateHandlerImpl.java
----------------------------------------------------------------------
diff --git a/jena-security/src/main/java/org/apache/jena/security/graph/impl/SecuredBulkUpdateHandlerImpl.java b/jena-security/src/main/java/org/apache/jena/security/graph/impl/SecuredBulkUpdateHandlerImpl.java
deleted file mode 100644
index 9d0d990..0000000
--- a/jena-security/src/main/java/org/apache/jena/security/graph/impl/SecuredBulkUpdateHandlerImpl.java
+++ /dev/null
@@ -1,242 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- * 
- * http://www.apache.org/licenses/LICENSE-2.0
- * 
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package org.apache.jena.security.graph.impl;
-
-import java.util.Arrays;
-import java.util.Iterator;
-import java.util.List;
-
-import org.apache.jena.graph.BulkUpdateHandler ;
-import org.apache.jena.graph.Graph ;
-import org.apache.jena.graph.Node ;
-import org.apache.jena.graph.Triple ;
-import org.apache.jena.security.graph.SecuredBulkUpdateHandler;
-import org.apache.jena.security.graph.SecuredGraph;
-import org.apache.jena.security.impl.ItemHolder;
-import org.apache.jena.security.impl.SecuredItemImpl;
-import org.apache.jena.util.iterator.ExtendedIterator ;
-import org.apache.jena.util.iterator.WrappedIterator ;
-
-/**
- * Implementation of SecuredBulkUpdateHandler to be used by a SecuredItemInvoker
- * proxy.
- */
-@SuppressWarnings("deprecation")
-public class SecuredBulkUpdateHandlerImpl extends SecuredItemImpl implements
-		SecuredBulkUpdateHandler
-{
-	// the base graph for he secured graph.
-	private final Graph baseGraph;
-	// the graph this handler is for.
-	private final SecuredGraph graph;
-	// the item holder holding this SecuredBulkUpdateHandler.
-	private final ItemHolder<BulkUpdateHandler, SecuredBulkUpdateHandler> holder;
-
-	/**
-	 * Constructor.
-	 * 
-	 * @param graph
-	 *            The graph handler is for.
-	 * @param holder
-	 *            The item holder that will hold this SecuredBulkUpdateHandler.
-	 */
-	SecuredBulkUpdateHandlerImpl( final SecuredGraphImpl graph,
-			final Graph baseGraph,
-			final ItemHolder<BulkUpdateHandler, SecuredBulkUpdateHandler> holder )
-	{
-		super(graph, holder);
-		this.holder = holder;
-		this.graph = graph;
-		this.baseGraph = baseGraph;
-	}
-
-	@Override
-	public void add( final Graph g )
-	{
-		checkUpdate();
-		final Graph g2 = g;
-		if (!canCreate(Triple.ANY))
-		{
-			checkCreateTriples(g.find(Triple.ANY));
-		}
-		holder.getBaseItem().add(g2);
-	}
-
-	@Override
-	@Deprecated
-	public void add( final Graph g, final boolean withReifications )
-	{
-		checkUpdate();
-
-		if (!canCreate(Triple.ANY))
-		{
-			checkCreateTriples(g.find(Triple.ANY));
-		}
-		holder.getBaseItem().add(g, withReifications);
-	}
-
-	@Override
-	@Deprecated
-	public void add( final Iterator<Triple> it )
-	{
-		checkUpdate();
-		if (canCreate(Triple.ANY))
-		{
-			holder.getBaseItem().add(it);
-		}
-		else
-		{
-			final List<Triple> lst = WrappedIterator.create(it).toList();
-			for (final Triple t : lst)
-			{
-				checkCreate(t);
-			}
-			holder.getBaseItem().add(lst.iterator());
-		}
-	}
-
-	@Override
-	@Deprecated
-	public void add( final List<Triple> triples )
-	{
-		checkUpdate();
-		if (!canCreate(Triple.ANY))
-		{
-			checkCreateTriples(WrappedIterator.create(triples.iterator()));
-		}
-		holder.getBaseItem().add(triples);
-	}
-
-	@Override
-	@Deprecated
-	public void add( final Triple[] triples )
-	{
-		checkUpdate();
-		if (!canCreate(Triple.ANY))
-		{
-			checkCreateTriples(WrappedIterator.create(Arrays.asList(triples)
-					.iterator()));
-		}
-		holder.getBaseItem().add(triples);
-	}
-
-	private void checkExtendedTripleDelete( final Triple t )
-	{
-		final ExtendedIterator<Triple> iter = baseGraph.find(t);
-		try
-		{
-			while (iter.hasNext())
-			{
-				checkDelete(iter.next());
-			}
-		}
-		finally
-		{
-			iter.close();
-		}
-	}
-
-	@Override
-	public void delete( final Graph g )
-	{
-		checkUpdate();
-		if (!canDelete(Triple.ANY))
-		{
-			checkDeleteTriples(g.find(Triple.ANY));
-		}
-		holder.getBaseItem().delete(g);
-
-	}
-
-	@Override
-	@Deprecated
-	public void delete( final Graph g, final boolean withReifications )
-	{
-		checkUpdate();
-		if (!canDelete(Triple.ANY))
-		{
-			checkDeleteTriples(g.find(Triple.ANY));
-		}
-		holder.getBaseItem().delete(g, withReifications);
-
-	}
-
-	@Override
-	@Deprecated
-	public void delete( final Iterator<Triple> it )
-	{
-		checkUpdate();
-		final List<Triple> lst = WrappedIterator.create(it).toList();
-		if (!canDelete(Triple.ANY))
-		{
-			checkDeleteTriples(WrappedIterator.create(lst.iterator()));
-		}
-		holder.getBaseItem().delete(lst.iterator());
-	}
-
-	@Override
-	@Deprecated
-	public void delete( final List<Triple> triples )
-	{
-		checkUpdate();
-		if (!canDelete(Triple.ANY))
-		{
-			checkDeleteTriples(WrappedIterator.create(triples.iterator()));
-		}
-		holder.getBaseItem().delete(triples);
-	}
-
-	@Override
-	@Deprecated
-	public void delete( final Triple[] triples )
-	{
-		checkUpdate();
-		if (!canDelete(Triple.ANY))
-		{
-			checkDeleteTriples(WrappedIterator.create(Arrays.asList(triples)
-					.iterator()));
-		}
-		holder.getBaseItem().delete(triples);
-	}
-
-    @Override
-	public void remove( final Node s, final Node p, final Node o )
-	{
-		checkUpdate();
-		if (!canDelete(Triple.ANY))
-		{
-			// the remove can be a pattern so expand it.
-			checkExtendedTripleDelete(new Triple(s, p, o));
-		}
-		holder.getBaseItem().remove(s, p, o);
-	}
-
-	@Override
-	public void removeAll()
-	{
-		checkUpdate();
-
-		if (!canDelete(Triple.ANY))
-		{
-			checkDeleteTriples(graph.find(Triple.ANY));
-		}
-
-		holder.getBaseItem().removeAll();
-	}
-
-}

http://git-wip-us.apache.org/repos/asf/jena/blob/b712fb28/jena-security/src/main/java/org/apache/jena/security/graph/impl/SecuredGraphImpl.java
----------------------------------------------------------------------
diff --git a/jena-security/src/main/java/org/apache/jena/security/graph/impl/SecuredGraphImpl.java b/jena-security/src/main/java/org/apache/jena/security/graph/impl/SecuredGraphImpl.java
deleted file mode 100644
index 9725236..0000000
--- a/jena-security/src/main/java/org/apache/jena/security/graph/impl/SecuredGraphImpl.java
+++ /dev/null
@@ -1,303 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- * 
- * http://www.apache.org/licenses/LICENSE-2.0
- * 
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package org.apache.jena.security.graph.impl;
-
-import org.apache.jena.graph.* ;
-import org.apache.jena.security.SecurityEvaluator ;
-import org.apache.jena.security.SecurityEvaluator.Action ;
-import org.apache.jena.security.graph.* ;
-import org.apache.jena.security.impl.ItemHolder ;
-import org.apache.jena.security.impl.SecuredItem ;
-import org.apache.jena.security.impl.SecuredItemImpl ;
-import org.apache.jena.security.utils.PermTripleFilter ;
-import org.apache.jena.shared.AddDeniedException ;
-import org.apache.jena.shared.DeleteDeniedException ;
-import org.apache.jena.util.iterator.ExtendedIterator ;
-
-/**
- * Implementation of SecuredGraph to be used by a SecuredItemInvoker proxy.
- */
-public class SecuredGraphImpl extends SecuredItemImpl implements SecuredGraph
-{
-
-	// the prefixMapping for this graph.
-	private SecuredPrefixMapping prefixMapping;
-	// the item holder that contains this SecuredGraph
-	private final ItemHolder<Graph, SecuredGraphImpl> holder;
-
-	private final SecuredGraphEventManager eventManager;
-
-	/**
-	 * Constructor
-	 * 
-	 * @param securityEvaluator
-	 *            The security evaluator to use
-	 * @param graphIRI
-	 *            The IRI for the graph
-	 * @param holder
-	 *            The item holder that will contain this SecuredGraph.
-	 */
-	SecuredGraphImpl( final SecuredItem securedItem,
-			final ItemHolder<Graph, SecuredGraphImpl> holder )
-	{
-		super(securedItem, holder);
-		this.holder = holder;
-		this.eventManager = new SecuredGraphEventManager(this,
-				holder.getBaseItem(), holder.getBaseItem().getEventManager());
-	}
-
-	SecuredGraphImpl( final SecurityEvaluator securityEvaluator,
-			final String modelURI,
-			final ItemHolder<Graph, SecuredGraphImpl> holder )
-	{
-		super(securityEvaluator, modelURI, holder);
-		this.holder = holder;
-		this.eventManager = new SecuredGraphEventManager(this,
-				holder.getBaseItem(), holder.getBaseItem().getEventManager());
-	}
-
-	@Override
-	public void add( final Triple t ) throws AddDeniedException
-	{
-		checkUpdate();
-		checkCreate(t);
-		holder.getBaseItem().add(t);
-	}
-
-	@Override
-	public void close()
-	{
-		holder.getBaseItem().close();
-	}
-
-	@Override
-	public boolean contains( final Node s, final Node p, final Node o )
-	{
-		return contains(new Triple(s, p, o));
-	}
-
-	@Override
-	public boolean contains( final Triple t )
-	{
-		checkRead();
-		if (canRead(t))
-		{
-			return holder.getBaseItem().contains(t);
-		}
-		final ExtendedIterator<Triple> iter = holder.getBaseItem().find(t);
-		try
-		{
-			while (iter.hasNext())
-			{
-				if (canRead(iter.next()))
-				{
-					return true;
-				}
-			}
-			return false;
-		}
-		finally
-		{
-			iter.close();
-		}
-
-	}
-
-	private synchronized void createPrefixMapping()
-	{
-		if (prefixMapping == null)
-		{
-			prefixMapping = org.apache.jena.security.graph.impl.Factory
-					.getInstance(this, holder.getBaseItem().getPrefixMapping());
-		}
-	}
-
-	@Override
-	public void delete( final Triple t ) throws DeleteDeniedException
-	{
-		checkUpdate();
-		checkDelete(t);
-		holder.getBaseItem().delete(t);
-	}
-
-	@Override
-	public boolean dependsOn( final Graph other )
-	{
-		checkRead();
-		if (other.equals(holder.getBaseItem()))
-		{
-			return true;
-		}
-		return holder.getBaseItem().dependsOn(other);
-	}
-
-	@Override
-	public ExtendedIterator<Triple> find( final Node s, final Node p,
-			final Node o )
-	{
-		checkRead();
-		ExtendedIterator<Triple> retval = holder.getBaseItem().find(s, p, o);
-		if (!canRead(Triple.ANY))
-		{
-			retval = retval.filterKeep(new PermTripleFilter(Action.Read, this));
-		}
-		return retval;
-	}
-
-	/** @deprecated Use/implement {@link #find(Triple)} */
-	@Deprecated
-    @Override
-    public ExtendedIterator<Triple> find( final TripleMatch m ) {
-	    return find(Triple.createMatch(m.getMatchSubject(),
-	                                   m.getMatchPredicate(),
-	                                   m.getMatchObject())) ;
-    }
-	
-    @Override
-    public ExtendedIterator<Triple> find( final Triple m )
-    {
-        checkRead();
-        ExtendedIterator<Triple> retval = holder.getBaseItem().find(m);
-        if (!canRead(Triple.ANY))
-        {
-            retval = retval.filterKeep(new PermTripleFilter(Action.Read, this));
-        }
-        return retval;
-    }
-
-    @SuppressWarnings("deprecation")
-    @Override
-	public SecuredBulkUpdateHandler getBulkUpdateHandler()
-	{
-		return org.apache.jena.security.graph.impl.Factory.getInstance(this,
-				holder.getBaseItem(), holder.getBaseItem()
-						.getBulkUpdateHandler());
-	}
-
-	@Override
-	public SecuredCapabilities getCapabilities()
-	{
-		return new SecuredCapabilities(getSecurityEvaluator(), getModelIRI(),
-				holder.getBaseItem().getCapabilities());
-	}
-
-	@Override
-	public SecuredGraphEventManager getEventManager()
-	{
-		return eventManager;
-	}
-
-	@Override
-	public SecuredPrefixMapping getPrefixMapping()
-	{
-		if (prefixMapping == null)
-		{
-			createPrefixMapping();
-		}
-		return prefixMapping;
-	}
-
-	@Override
-	public GraphStatisticsHandler getStatisticsHandler()
-	{
-		checkRead();
-		return holder.getBaseItem().getStatisticsHandler();
-	}
-
-	@Override
-	public TransactionHandler getTransactionHandler()
-	{
-		return holder.getBaseItem().getTransactionHandler();
-	}
-
-	@Override
-	public boolean isClosed()
-	{
-		return holder.getBaseItem().isClosed();
-	}
-
-	@Override
-	public boolean isEmpty()
-	{
-		checkRead();
-		return holder.getBaseItem().isEmpty();
-	}
-
-	@Override
-	public boolean isIsomorphicWith( final Graph g )
-	{
-		checkRead();
-		if (g.size() != holder.getBaseItem().size())
-		{
-			return false;
-		}
-		final Triple t = new Triple(Node.ANY, Node.ANY, Node.ANY);
-		if (!canRead(t))
-		{
-			final ExtendedIterator<Triple> iter = g.find(t);
-			while (iter.hasNext())
-			{
-				checkRead(iter.next());
-			}
-		}
-		return holder.getBaseItem().isIsomorphicWith(g);
-	}
-
-	@Override
-	public int size()
-	{
-		checkRead();
-		return holder.getBaseItem().size();
-	}
-
-	@Override
-	public void clear()
-	{
-		checkUpdate();
-		if (! canDelete( Triple.ANY ))
-		{
-			ExtendedIterator<Triple> iter = holder.getBaseItem().find( Triple.ANY );
-			while (iter.hasNext())
-			{
-				checkDelete( iter.next() );
-			}
-		}
-		holder.getBaseItem().clear();
-	}
-
-	@Override
-	public void remove( Node s, Node p, Node o )
-	{
-		checkUpdate();
-		Triple t = new Triple( s, p, o );
-		if (t.isConcrete())
-		{
-			checkDelete( t );
-		}
-		else
-		{
-			ExtendedIterator<Triple> iter = holder.getBaseItem().find( Triple.ANY );
-			while (iter.hasNext())
-			{
-				checkDelete( iter.next() );
-			}
-		}
-		holder.getBaseItem().remove(s, p, o);
-	}
-
-}
\ No newline at end of file

http://git-wip-us.apache.org/repos/asf/jena/blob/b712fb28/jena-security/src/main/java/org/apache/jena/security/graph/impl/SecuredPrefixMappingImpl.java
----------------------------------------------------------------------
diff --git a/jena-security/src/main/java/org/apache/jena/security/graph/impl/SecuredPrefixMappingImpl.java b/jena-security/src/main/java/org/apache/jena/security/graph/impl/SecuredPrefixMappingImpl.java
deleted file mode 100644
index 46d9657..0000000
--- a/jena-security/src/main/java/org/apache/jena/security/graph/impl/SecuredPrefixMappingImpl.java
+++ /dev/null
@@ -1,167 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- * 
- * http://www.apache.org/licenses/LICENSE-2.0
- * 
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package org.apache.jena.security.graph.impl;
-
-import java.util.Map;
-import java.util.Map.Entry;
-
-import org.apache.jena.security.graph.SecuredPrefixMapping;
-import org.apache.jena.security.impl.ItemHolder;
-import org.apache.jena.security.impl.SecuredItemImpl;
-import org.apache.jena.shared.PrefixMapping ;
-import org.apache.jena.shared.impl.PrefixMappingImpl ;
-
-/**
- * Implementation of SecuredPrefixMapping to be used by a SecuredItemInvoker
- * proxy.
- */
-public class SecuredPrefixMappingImpl extends SecuredItemImpl implements
-		SecuredPrefixMapping
-{
-	// the item holder that holds this SecuredPrefixMapping
-	private final ItemHolder<PrefixMapping, SecuredPrefixMapping> holder;
-
-	/**
-	 * Constructor
-	 * 
-	 * @param graph
-	 *            The Secured graph this mapping is for.
-	 * @param holder
-	 *            The item holder that will contain this SecuredPrefixMapping.
-	 */
-	SecuredPrefixMappingImpl( final SecuredGraphImpl graph,
-			final ItemHolder<PrefixMapping, SecuredPrefixMapping> holder )
-	{
-		super(graph, holder);
-		this.holder = holder;
-	}
-
-	@Override
-	public String expandPrefix( final String prefixed )
-	{
-		checkRead();
-		return holder.getBaseItem().expandPrefix(prefixed);
-	}
-
-	@Override
-	public Map<String, String> getNsPrefixMap()
-	{
-		checkRead();
-		return holder.getBaseItem().getNsPrefixMap();
-	}
-
-	@Override
-	public String getNsPrefixURI( final String prefix )
-	{
-		checkRead();
-		return holder.getBaseItem().getNsPrefixURI(prefix);
-	}
-
-	@Override
-	public String getNsURIPrefix( final String uri )
-	{
-		checkRead();
-		return holder.getBaseItem().getNsURIPrefix(uri);
-	}
-
-	@Override
-	public SecuredPrefixMapping lock()
-	{
-		checkUpdate();
-		holder.getBaseItem().lock();
-		return holder.getSecuredItem();
-	}
-
-	@Override
-	public String qnameFor( final String uri )
-	{
-		checkRead();
-		return holder.getBaseItem().qnameFor(uri);
-	}
-
-	@Override
-	public SecuredPrefixMapping removeNsPrefix( final String prefix )
-	{
-		checkUpdate();
-		holder.getBaseItem().removeNsPrefix(prefix);
-		return holder.getSecuredItem();
-	}
-
-	@Override
-	public boolean samePrefixMappingAs( final PrefixMapping other )
-	{
-		checkRead();
-		return holder.getBaseItem().samePrefixMappingAs(other);
-	}
-
-	@Override
-	public SecuredPrefixMapping setNsPrefix( final String prefix,
-			final String uri )
-	{
-		checkUpdate();
-		holder.getBaseItem().setNsPrefix(prefix, uri);
-		return holder.getSecuredItem();
-	}
-
-	@Override
-	public SecuredPrefixMapping setNsPrefixes( final Map<String, String> map )
-	{
-		checkUpdate();
-		holder.getBaseItem().setNsPrefixes(map);
-		return holder.getSecuredItem();
-	}
-
-	@Override
-	public SecuredPrefixMapping setNsPrefixes( final PrefixMapping other )
-	{
-		checkUpdate();
-		holder.getBaseItem().setNsPrefixes(other);
-		return holder.getSecuredItem();
-	}
-
-	@Override
-	public String shortForm( final String uri )
-	{
-		checkRead();
-		return holder.getBaseItem().shortForm(uri);
-	}
-
-	@Override
-	public SecuredPrefixMapping withDefaultMappings( final PrefixMapping map )
-	{
-		// mapping only updates if there are map entries to add.  Since this gets called
-		// when we are doing deep triple checks while writing we need to attempt the 
-		// update only if there are new updates to add.
-		
-		PrefixMapping m = holder.getBaseItem();
-		PrefixMappingImpl pm = new PrefixMappingImpl();
-		for ( Entry<String, String> e : map.getNsPrefixMap().entrySet())
-		{
-			if (m.getNsPrefixURI(e.getKey()) == null && m.getNsURIPrefix(e.getValue()) == null )
-			{
-				pm.setNsPrefix( e.getKey(), e.getValue() );
-			}
-		}
-		if ( !pm.getNsPrefixMap().isEmpty())
-		{
-			checkUpdate();
-			holder.getBaseItem().withDefaultMappings(pm);
-		}
-		return holder.getSecuredItem();
-	}
-}
\ No newline at end of file

http://git-wip-us.apache.org/repos/asf/jena/blob/b712fb28/jena-security/src/main/java/org/apache/jena/security/graph/package-info.java
----------------------------------------------------------------------
diff --git a/jena-security/src/main/java/org/apache/jena/security/graph/package-info.java b/jena-security/src/main/java/org/apache/jena/security/graph/package-info.java
deleted file mode 100644
index d787688..0000000
--- a/jena-security/src/main/java/org/apache/jena/security/graph/package-info.java
+++ /dev/null
@@ -1,50 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- * 
- * http://www.apache.org/licenses/LICENSE-2.0
- * 
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-/**
- * Secured implementation of the Graph interface and associated classes.
- * <p>
- * 
- * The SecurityEvaluator class must be implemented.  This class provides the interface to the 
- * authentication results (e.g. getPrincipal())) and the authorization system.
- * </p><p>
- * Create a SecuredGraph by calling Factory.getInstance( SecurityEvaluator, String, Graph );
- * Create a SecuredModel by calling Factory.getInstance( SecurityEvaluator, String, Model ) 
- * or ModelFactory.createModelForGraph( SecuredGraph );
- * </p><p>
- * NOTE: when creating a model by wrapping a secured graph (e.g. 
- * ModelFactory.createModelForGraph( SecuredGraph );) the resulting Model does not
- * have the same security requirements that the standard secured model does. 
- * </p><p>
- * For instance when creating a list on a secured model calling model.createList( RDFNode[] ); 
- * The standard secured model verifies that the user
- * has the right to update the triples and allows or denies the entire operation accordingly.  
- * The wrapped secured graph does not have visibility
- * to the createList() command and can only operate on the instructions issued by the
- * model.createList() implementation.  In the standard implementation
- * the model requests the graph to delete one triple and then insert another.  
- * Thus the user must have delete and add permissions, not the update permission.
- * </p><p>
- * There are several other cases where the difference in the layer can trip up the security system.  
- * In all known cases the result is a tighter 
- * security definition than was requested.  For simplicity sake we recommend that the wrapped 
- * secured graph only be used in cases where access to the
- * graph as a whole is granted/denied.  In these cases the user either has all CRUD capabilities or 
- * none.
- * </p>
- */
-package org.apache.jena.security.graph;
\ No newline at end of file

http://git-wip-us.apache.org/repos/asf/jena/blob/b712fb28/jena-security/src/main/java/org/apache/jena/security/impl/CachedSecurityEvaluator.java
----------------------------------------------------------------------
diff --git a/jena-security/src/main/java/org/apache/jena/security/impl/CachedSecurityEvaluator.java b/jena-security/src/main/java/org/apache/jena/security/impl/CachedSecurityEvaluator.java
deleted file mode 100644
index ffc2868..0000000
--- a/jena-security/src/main/java/org/apache/jena/security/impl/CachedSecurityEvaluator.java
+++ /dev/null
@@ -1,90 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package org.apache.jena.security.impl;
-
-import java.util.Set;
-
-import org.apache.jena.security.SecurityEvaluator;
-
-/**
- * A SecurityEvaluator that can be cached for later use.
- */
-public class CachedSecurityEvaluator implements SecurityEvaluator {
-	private final SecurityEvaluator wrapped;
-	private final Object origPrincipal;
-
-	/**
-	 *
-	 * @param wrapped
-	 * @param runAs
-	 */
-	public CachedSecurityEvaluator(final SecurityEvaluator wrapped,
-			final Object runAs) {
-		this.origPrincipal = runAs;
-		this.wrapped = wrapped;
-	}
-
-	@Override
-	public boolean evaluate(final Object principal, final Action action,
-			final SecNode graphIRI) {
-		return wrapped.evaluate(principal, action, graphIRI);
-	}
-
-	@Override
-	public boolean evaluate(final Object principal, final Action action,
-			final SecNode graphIRI, final SecTriple triple) {
-		return wrapped.evaluate(principal, action, graphIRI, triple);
-	}
-
-	@Override
-	public boolean evaluate(final Object principal, final Set<Action> actions,
-			final SecNode graphIRI) {
-		return wrapped.evaluate(principal, actions, graphIRI);
-	}
-
-	@Override
-	public boolean evaluate(final Object principal, final Set<Action> actions,
-			final SecNode graphIRI, final SecTriple triple) {
-		return wrapped.evaluate(principal, actions, graphIRI, triple);
-	}
-
-	@Override
-	public boolean evaluateAny(final Object principal,
-			final Set<Action> actions, final SecNode graphIRI) {
-		return wrapped.evaluateAny(principal, actions, graphIRI);
-	}
-
-	@Override
-	public boolean evaluateAny(final Object principal,
-			final Set<Action> actions, final SecNode graphIRI,
-			final SecTriple triple) {
-		return wrapped.evaluateAny(principal, actions, graphIRI, triple);
-	}
-
-	@Override
-	public boolean evaluateUpdate(final Object principal,
-			final SecNode graphIRI, final SecTriple from, final SecTriple to) {
-		return wrapped.evaluateUpdate(principal, graphIRI, from, to);
-	}
-
-	@Override
-	public Object getPrincipal() {
-		return origPrincipal;
-	}
-
-}

http://git-wip-us.apache.org/repos/asf/jena/blob/b712fb28/jena-security/src/main/java/org/apache/jena/security/impl/ItemHolder.java
----------------------------------------------------------------------
diff --git a/jena-security/src/main/java/org/apache/jena/security/impl/ItemHolder.java b/jena-security/src/main/java/org/apache/jena/security/impl/ItemHolder.java
deleted file mode 100644
index 0262001..0000000
--- a/jena-security/src/main/java/org/apache/jena/security/impl/ItemHolder.java
+++ /dev/null
@@ -1,117 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- * 
- * http://www.apache.org/licenses/LICENSE-2.0
- * 
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package org.apache.jena.security.impl;
-
-import java.lang.reflect.Proxy;
-import java.util.LinkedHashSet;
-import java.util.Set;
-
-import org.apache.commons.lang3.ClassUtils;
-
-/**
- * A class that holds the original item and the secured version of it.
- * 
- * This class is used by the Invoker to return secured versions of the object
- * during
- * calls that return the called class for cascading.
- * 
- * @param <Base>
- *            The base class that is being secured
- * @param <Secured>
- *            The implementation (proxy) of the secured class.
- */
-public class ItemHolder<Base, Secured extends SecuredItem>
-{
-	/**
-	 * The base item that is being secured
-	 */
-	private final Base baseItem;
-	/**
-	 * The proxy to the base class that implements the security.
-	 */
-	private Secured securedItem;
-
-	/**
-	 * Constructor.
-	 * 
-	 * @param baseItem
-	 *            The base item.
-	 */
-	public ItemHolder( final Base baseItem )
-	{
-		super();
-		this.baseItem = baseItem;
-	}
-
-	/**
-	 * Get the base item.
-	 * 
-	 * This method is used in the proxy to get call to the underlying instance.
-	 * 
-	 * @return The instance that is being protected.
-	 */
-	public Base getBaseItem()
-	{
-		return baseItem;
-	}
-
-	/**
-	 * Get the secured item.
-	 * 
-	 * This method is used in the invocation handler to get the instance of the
-	 * proxy that made the
-	 * on which a method call was made. Generally used in returing the original
-	 * object to support
-	 * cascading.
-	 * 
-	 * @return the proxy.
-	 */
-	public Secured getSecuredItem()
-	{
-		return securedItem;
-	}
-
-	/**
-	 * Creates the proxy, saves it as the securedItem and returns it.
-	 * 
-	 * @param handler
-	 *            The SecuredItemInvoker to create the proxy with.
-	 * @return The proxy.
-	 */
-	@SuppressWarnings( "unchecked" )
-	public final Secured setSecuredItem( final SecuredItemInvoker handler )
-	{
-		final Set<Class<?>> ifac = new LinkedHashSet<Class<?>>();
-		if (baseItem.getClass().isInterface())
-		{
-			ifac.add(baseItem.getClass());
-		}
-		ifac.addAll(ClassUtils.getAllInterfaces(baseItem.getClass()));
-		if (handler.securedItem.getClass().isInterface())
-		{
-			ifac.add(handler.securedItem.getClass());
-		}
-		ifac.addAll(ClassUtils.getAllInterfaces(handler.securedItem.getClass()));
-
-		securedItem = (Secured) Proxy.newProxyInstance(
-				SecuredItemImpl.class.getClassLoader(),
-				ifac.toArray(new Class<?>[ifac.size()]), handler);
-		return securedItem;
-	}
-
-}

http://git-wip-us.apache.org/repos/asf/jena/blob/b712fb28/jena-security/src/main/java/org/apache/jena/security/impl/SecuredItem.java
----------------------------------------------------------------------
diff --git a/jena-security/src/main/java/org/apache/jena/security/impl/SecuredItem.java b/jena-security/src/main/java/org/apache/jena/security/impl/SecuredItem.java
deleted file mode 100644
index 7c12d19..0000000
--- a/jena-security/src/main/java/org/apache/jena/security/impl/SecuredItem.java
+++ /dev/null
@@ -1,185 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- * 
- * http://www.apache.org/licenses/LICENSE-2.0
- * 
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package org.apache.jena.security.impl;
-
-import org.apache.jena.security.SecurityEvaluator;
-import org.apache.jena.security.SecurityEvaluator.SecNode;
-import org.apache.jena.security.SecurityEvaluator.SecTriple;
-
-/**
- * The secured item interface is mixed into instances of secured objects by the
- * proxy. It provides the security context for the security checks as well as
- * several useful shorthand methods for common checks.
- */
-public interface SecuredItem
-{
-
-	/**
-	 * Utilities for SecuredItem implementations.
-	 */
-	public static class Util
-	{
-		/**
-		 * Secured items are equivalent if their security evaluators and
-		 * modelIRIs are equal.
-		 * 
-		 * @param si1
-		 *            A secured item to check
-		 * @param si2
-		 *            A second secured item to check
-		 * @return true if si1 is equivalent to si2.
-		 */
-		public static boolean isEquivalent( final SecuredItem si1,
-				final SecuredItem si2 )
-		{
-			return si1.getSecurityEvaluator()
-					.equals(si2.getSecurityEvaluator())
-					&& si1.getModelIRI().equals(si2.getModelIRI());
-		}
-	}
-
-	/**
-	 * @return true if the securedModel allows items to to be created.
-	 */
-	public boolean canCreate();
-
-	/**
-	 * Return true if the triple can be created.
-	 * If any s,p or o is SecNode.ANY then this method must return false if
-	 * there
-	 * are
-	 * any restrictions where the remaining nodes and held constant and the ANY
-	 * node
-	 * is allowed to vary.
-	 * 
-	 * See canRead(SecTriple t)
-	 * 
-	 * @param t
-	 *            The triple to check
-	 * @return true if the triple can be created.
-	 */
-	public boolean canCreate( SecTriple t );
-
-	/**
-	 * @return true if the securedModel allows items to to be deleted.
-	 */
-	public boolean canDelete();
-
-	/**
-	 * Return true if the triple can be deleted.
-	 * If any s,p or o is SecNode.ANY then this method must return false if
-	 * there
-	 * are
-	 * any restrictions where the remaining nodes and held constant and the ANY
-	 * node
-	 * is allowed to vary.
-	 * 
-	 * See canRead(SecTriple t)
-	 * 
-	 * @param t
-	 *            The triple to check
-	 * @return true if the triple can be deleted.
-	 */
-	public boolean canDelete( SecTriple t );
-
-	/**
-	 * @return true if the securedModel allows items to to be read.
-	 */
-	public boolean canRead();
-
-	/**
-	 * Return true if the triple can be read.
-	 * If any s,p or o is SecNode.ANY then this method must return false if
-	 * there
-	 * are
-	 * any restrictions where the remaining nodes and held constant and the ANY
-	 * node
-	 * is allowed to vary.
-	 * 
-	 * (S, P, O) check if S,P,O can be read.
-	 * (S, P, ANY) check if there are any S,P,x restrictions.
-	 * (S, ANY, P) check if there are any S,x,P restrictions.
-	 * (ANY, ANY, ANY) check if there are any restricitons on reading.
-	 * 
-	 * @param t
-	 *            The triple to check
-	 * @return true if the triple can be read.
-	 */
-	public boolean canRead( SecTriple t );
-
-	/**
-	 * @return true if the securedModel allows items to to be updated.
-	 */
-	public boolean canUpdate();
-
-	/**
-	 * Return true if the triple can be updated.
-	 * If any s,p or o is SecNode.ANY then this method must return false if
-	 * there
-	 * are
-	 * any restrictions where the remaining nodes and held constant and the ANY
-	 * node
-	 * is allowed to vary.
-	 * 
-	 * See canRead(SecTriple t)
-	 * 
-	 * @param from
-	 *            The triple that will be changed
-	 * @param to
-	 *            The resulting triple.
-	 * @return true if the from triple can be updated as the to triple.
-	 */
-	public boolean canUpdate( SecTriple from, SecTriple to );
-
-	@Override
-	public boolean equals( Object o );
-
-	/**
-	 * @return the base item that is being secured.
-	 */
-	public Object getBaseItem();
-
-	/**
-	 * @return The IRI of the securedModel that the item belongs to.
-	 */
-	public String getModelIRI();
-
-	/**
-	 * @return The node represnetation of the securedModel IRI.
-	 */
-	public SecNode getModelNode();
-
-	/**
-	 * The SecurityEvaluator implementation that is being used to determine
-	 * access.
-	 * 
-	 * @return The SecurityEvaluator implementation.
-	 */
-	public SecurityEvaluator getSecurityEvaluator();
-
-	/**
-	 * Return true if this secured item is equivalent to another secured item.
-	 * Generally implemented by calling SecuredItem.Util.isEquivalent
-	 * 
-	 * @param securedItem
-	 *            the other secured item.
-	 * @return True if they are equivalent, false otherwise.
-	 */
-	public boolean isEquivalent( SecuredItem securedItem );
-
-}
\ No newline at end of file


Mime
View raw message