jena-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From a...@apache.org
Subject [16/24] jena git commit: Module jena-seurity becomes jena-permissions
Date Fri, 24 Apr 2015 12:20:14 GMT
http://git-wip-us.apache.org/repos/asf/jena/blob/b712fb28/jena-permissions/src/test/java/org/apache/jena/security/ModelBasedSecurityEvaluator.java
----------------------------------------------------------------------
diff --git a/jena-permissions/src/test/java/org/apache/jena/security/ModelBasedSecurityEvaluator.java b/jena-permissions/src/test/java/org/apache/jena/security/ModelBasedSecurityEvaluator.java
new file mode 100644
index 0000000..0efc9be
--- /dev/null
+++ b/jena-permissions/src/test/java/org/apache/jena/security/ModelBasedSecurityEvaluator.java
@@ -0,0 +1,76 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ * 
+ * http://www.apache.org/licenses/LICENSE-2.0
+ * 
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.jena.security;
+
+import java.util.Set;
+
+import org.apache.jena.rdf.model.Model ;
+
+public class ModelBasedSecurityEvaluator implements SecurityEvaluator {
+
+	//private Model model;
+	
+	public ModelBasedSecurityEvaluator( Model model) {
+		//this.model = model;
+	}
+	
+	
+
+	@Override
+	public boolean evaluate(final Object principal, Action action, SecNode graphIRI) {
+		return true;
+	}
+
+	@Override
+	public boolean evaluate(final Object principal, Action action, SecNode graphIRI, SecTriple triple) {
+		return true;
+	}
+
+	@Override
+	public boolean evaluate(final Object principal, Set<Action> actions, SecNode graphIRI) {
+		return true;
+	}
+
+	@Override
+	public boolean evaluate(final Object principal, Set<Action> actions, SecNode graphIRI,
+			SecTriple triple) {
+		return true;
+	}
+
+	@Override
+	public boolean evaluateAny(final Object principal, Set<Action> actions, SecNode graphIRI) {
+		return true;
+	}
+
+	@Override
+	public boolean evaluateAny(final Object principal, Set<Action> actions, SecNode graphIRI,
+			SecTriple triple) {
+		return true;
+	}
+
+	@Override
+	public boolean evaluateUpdate(final Object principal, SecNode graphIRI, SecTriple from, SecTriple to) {
+		return true;
+	}
+
+	@Override
+	public Object getPrincipal() {
+		return null;
+	}
+
+}

http://git-wip-us.apache.org/repos/asf/jena/blob/b712fb28/jena-permissions/src/test/java/org/apache/jena/security/SecuredAssemblerTest.java
----------------------------------------------------------------------
diff --git a/jena-permissions/src/test/java/org/apache/jena/security/SecuredAssemblerTest.java b/jena-permissions/src/test/java/org/apache/jena/security/SecuredAssemblerTest.java
new file mode 100644
index 0000000..697c5f6
--- /dev/null
+++ b/jena-permissions/src/test/java/org/apache/jena/security/SecuredAssemblerTest.java
@@ -0,0 +1,84 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ * 
+ * http://www.apache.org/licenses/LICENSE-2.0
+ * 
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.jena.security;
+
+import java.net.URL;
+
+import org.junit.Assert;
+import org.apache.jena.assembler.Assembler ;
+import org.apache.jena.rdf.model.Model ;
+import org.apache.jena.rdf.model.ModelFactory ;
+import org.apache.jena.rdf.model.Resource ;
+import org.apache.jena.security.model.SecuredModel;
+import org.junit.Before;
+import org.junit.Test;
+
+public class SecuredAssemblerTest
+{
+    private Assembler assembler;
+	private Model model;
+	
+	public SecuredAssemblerTest() 
+	{
+		assembler = Assembler.general;
+	}
+	
+	@Before
+	public void setUp() throws Exception {
+		model = ModelFactory.createDefaultModel();
+		URL url = SecuredAssemblerTest.class.getClassLoader().getResource( SecuredAssemblerTest.class.getName().replace(".", "/")+".ttl");
+		model.read( url.toURI().toString(), "TURTLE" );
+		//model.write( System.out, "TURTLE" );
+	}
+	
+	@Test
+	public void testCreation() throws Exception {
+		
+		Resource r = model.createResource( "http://apache.org/jena/security/test#secModel");
+		Object o = assembler.open( r );
+		Assert.assertTrue( o instanceof Model);
+		Assert.assertTrue( o instanceof SecuredModel );
+	}
+
+	@Test
+	public void testCreationWithArgs() throws Exception {
+		
+		Resource r = model.createResource( "http://apache.org/jena/security/test#secModel2");
+		Object o = assembler.open( r );
+		Assert.assertTrue( o instanceof Model);
+		Assert.assertTrue( o instanceof SecuredModel );
+	}
+	
+	@Test
+	public void testSecurityEvaluatorWithStringArgs() throws Exception {
+		
+		Resource r = model.createResource( "http://apache.org/jena/security/test#secEvaluator");
+		Object o = assembler.open( r );
+		Assert.assertTrue( o instanceof SecurityEvaluator );
+		Assert.assertTrue( o instanceof StaticSecurityEvaluator );
+	}
+	
+	@Test
+	public void testSecurityEvaluatorWithModelArgs() throws Exception {
+		
+		Resource r = model.createResource( "http://apache.org/jena/security/test#secEvaluator2");
+		Object o = assembler.open( r );
+		Assert.assertTrue( o instanceof SecurityEvaluator );
+		Assert.assertTrue( o instanceof ModelBasedSecurityEvaluator );
+	}
+}

http://git-wip-us.apache.org/repos/asf/jena/blob/b712fb28/jena-permissions/src/test/java/org/apache/jena/security/SecurityEvaluatorParameters.java
----------------------------------------------------------------------
diff --git a/jena-permissions/src/test/java/org/apache/jena/security/SecurityEvaluatorParameters.java b/jena-permissions/src/test/java/org/apache/jena/security/SecurityEvaluatorParameters.java
new file mode 100644
index 0000000..d6de485
--- /dev/null
+++ b/jena-permissions/src/test/java/org/apache/jena/security/SecurityEvaluatorParameters.java
@@ -0,0 +1,135 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ * 
+ * http://www.apache.org/licenses/LICENSE-2.0
+ * 
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.jena.security;
+
+import java.lang.annotation.Annotation;
+import java.util.ArrayList;
+import java.util.Collections;
+import java.util.List;
+
+import org.junit.runner.Runner;
+import org.junit.runner.notification.RunNotifier;
+import org.junit.runners.BlockJUnit4ClassRunner;
+import org.junit.runners.Suite;
+import org.junit.runners.model.FrameworkMethod;
+import org.junit.runners.model.InitializationError;
+import org.junit.runners.model.Statement;
+
+public class SecurityEvaluatorParameters extends Suite
+{
+
+	private class TestClassRunnerForParameters extends BlockJUnit4ClassRunner
+	{
+		private final int fParameterSetNumber;
+
+		private final List<Object[]> fParameterList;
+
+		TestClassRunnerForParameters( final Class<?> type,
+				final List<Object[]> parameterList, final int i )
+				throws InitializationError
+		{
+			super(type);
+			fParameterList = parameterList;
+			fParameterSetNumber = i;
+		}
+
+		@Override
+		protected Statement classBlock( final RunNotifier notifier )
+		{
+			return childrenInvoker(notifier);
+		}
+
+		@Override
+		public Object createTest() throws Exception
+		{
+			return getTestClass().getOnlyConstructor().newInstance(
+					fParameterList.get(fParameterSetNumber));
+		}
+
+		@Override
+		protected String getName()
+		{
+			return String.format("[%s]", fParameterSetNumber);
+		}
+
+		@Override
+		protected Annotation[] getRunnerAnnotations()
+		{
+			return new Annotation[0];
+		}
+
+		@Override
+		protected String testName( final FrameworkMethod method )
+		{
+			return String.format("%s[%s]", method.getName(),
+					fParameterList.get(fParameterSetNumber)[0]);
+		}
+
+		@Override
+		protected void validateConstructor( final List<Throwable> errors )
+		{
+			validateOnlyOneConstructor(errors);
+		}
+	}
+
+	private final ArrayList<Runner> runners = new ArrayList<Runner>();
+
+	/**
+	 * Only called reflectively. Do not use programmatically.
+	 */
+	public SecurityEvaluatorParameters( final Class<?> klass ) throws Throwable
+	{
+		super(klass, Collections.<Runner> emptyList());
+		final List<Object[]> parametersList = new ArrayList<Object[]>();
+
+		final boolean[] bSet = { true, false };
+
+		for (final boolean create : bSet)
+		{
+			for (final boolean read : bSet)
+			{
+				for (final boolean update : bSet)
+				{
+					for (final boolean delete : bSet)
+					{
+						for (final boolean forceTripleCheck : bSet)
+						{
+							parametersList
+									.add(new Object[] { new MockSecurityEvaluator(
+											true, create, read, update, delete,
+											forceTripleCheck) });
+						}
+					}
+				}
+			}
+		}
+
+		for (int i = 0; i < parametersList.size(); i++)
+		{
+			runners.add(new TestClassRunnerForParameters(getTestClass()
+					.getJavaClass(), parametersList, i));
+		}
+	}
+
+	@Override
+	protected List<Runner> getChildren()
+	{
+		return runners;
+	}
+
+}
\ No newline at end of file

http://git-wip-us.apache.org/repos/asf/jena/blob/b712fb28/jena-permissions/src/test/java/org/apache/jena/security/StaticSecurityEvaluator.java
----------------------------------------------------------------------
diff --git a/jena-permissions/src/test/java/org/apache/jena/security/StaticSecurityEvaluator.java b/jena-permissions/src/test/java/org/apache/jena/security/StaticSecurityEvaluator.java
new file mode 100644
index 0000000..d59b89c
--- /dev/null
+++ b/jena-permissions/src/test/java/org/apache/jena/security/StaticSecurityEvaluator.java
@@ -0,0 +1,78 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ * 
+ * http://www.apache.org/licenses/LICENSE-2.0
+ * 
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.jena.security;
+
+import java.util.Set;
+
+public class StaticSecurityEvaluator implements SecurityEvaluator {
+
+	private String user;
+	
+	public StaticSecurityEvaluator( String user) {
+		this.user = user;
+	}
+	
+	public void setUser( String user )
+	{
+		this.user = user;
+	}
+
+	@Override
+	public boolean evaluate(final Object principal, Action action, SecNode graphIRI) {
+		return true;
+	}
+
+	@Override
+	public boolean evaluate(final Object principal, Action action, SecNode graphIRI, SecTriple triple) {
+		return triple.getSubject().getValue().equals( "urn:"+principal );
+	}
+
+	@Override
+	public boolean evaluate(final Object principal, Set<Action> actions, SecNode graphIRI) {
+		return true;
+	}
+
+	@Override
+	public boolean evaluate(final Object principal, Set<Action> actions, SecNode graphIRI,
+			SecTriple triple) {
+		return triple.getSubject().getValue().equals( "urn:"+principal );
+	}
+
+	@Override
+	public boolean evaluateAny(final Object principal, Set<Action> actions, SecNode graphIRI) {
+		return true;
+	}
+
+	@Override
+	public boolean evaluateAny(final Object principal, Set<Action> actions, SecNode graphIRI,
+			SecTriple triple) {
+		return triple.getSubject().getValue().equals( "urn:"+principal );
+	}
+
+	@Override
+	public boolean evaluateUpdate(final Object principal, SecNode graphIRI, SecTriple from, SecTriple to) {
+		return from.getSubject().getValue().equals( "urn:"+principal ) && 
+				to.getSubject().getValue().equals( "urn:"+principal );
+	}
+
+	@Override
+	public Object getPrincipal() {
+		return user;
+	}
+
+}

http://git-wip-us.apache.org/repos/asf/jena/blob/b712fb28/jena-permissions/src/test/java/org/apache/jena/security/contract/graph/CachedSecurityEvaluatorTest.java
----------------------------------------------------------------------
diff --git a/jena-permissions/src/test/java/org/apache/jena/security/contract/graph/CachedSecurityEvaluatorTest.java b/jena-permissions/src/test/java/org/apache/jena/security/contract/graph/CachedSecurityEvaluatorTest.java
new file mode 100644
index 0000000..6201b5c
--- /dev/null
+++ b/jena-permissions/src/test/java/org/apache/jena/security/contract/graph/CachedSecurityEvaluatorTest.java
@@ -0,0 +1,45 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ * 
+ * http://www.apache.org/licenses/LICENSE-2.0
+ * 
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.jena.security.contract.graph;
+
+import org.apache.jena.security.SecurityEvaluator;
+import org.apache.jena.security.StaticSecurityEvaluator;
+import org.apache.jena.security.impl.CachedSecurityEvaluator;
+import org.junit.Test;
+import static org.junit.Assert.*;
+
+public class CachedSecurityEvaluatorTest {
+
+	private StaticSecurityEvaluator securityEvaluator;
+	private SecurityEvaluator cachedEvaluator;
+	
+	public CachedSecurityEvaluatorTest() {
+		securityEvaluator = new StaticSecurityEvaluator( "bob" );
+		cachedEvaluator = new CachedSecurityEvaluator( securityEvaluator, "ted" );
+		
+	}
+	
+	@Test
+	public void testGetPrincipal()
+	{
+		assertEquals( "bob", securityEvaluator.getPrincipal());
+		assertEquals( "ted", cachedEvaluator.getPrincipal());
+	}
+
+}

http://git-wip-us.apache.org/repos/asf/jena/blob/b712fb28/jena-permissions/src/test/java/org/apache/jena/security/contract/graph/SecuredGraphContractTests.java
----------------------------------------------------------------------
diff --git a/jena-permissions/src/test/java/org/apache/jena/security/contract/graph/SecuredGraphContractTests.java b/jena-permissions/src/test/java/org/apache/jena/security/contract/graph/SecuredGraphContractTests.java
new file mode 100644
index 0000000..e903d75
--- /dev/null
+++ b/jena-permissions/src/test/java/org/apache/jena/security/contract/graph/SecuredGraphContractTests.java
@@ -0,0 +1,51 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ * 
+ * http://www.apache.org/licenses/LICENSE-2.0
+ * 
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.jena.security.contract.graph;
+
+import org.apache.jena.graph.Factory ;
+import org.apache.jena.graph.Graph ;
+import org.apache.jena.graph.test.MetaTestGraph ;
+import org.apache.jena.security.MockSecurityEvaluator;
+import org.apache.jena.security.SecurityEvaluator;
+
+public class SecuredGraphContractTests extends MetaTestGraph
+{
+
+	private final SecurityEvaluator eval;
+
+	public SecuredGraphContractTests( final Class<? extends Graph> graphClass,
+			final String name )
+	{
+		super(graphClass, name);
+		eval = new MockSecurityEvaluator(true, true, true, true, true, true);
+	}
+
+	public SecuredGraphContractTests( final String name )
+	{
+		super(name);
+		eval = new MockSecurityEvaluator(true, true, true, true, true, true);
+	}
+
+	@Override
+	public Graph getGraph()
+	{
+		return org.apache.jena.security.Factory.getInstance(eval, getName(),
+				Factory.createDefaultGraph());
+	}
+
+}

http://git-wip-us.apache.org/repos/asf/jena/blob/b712fb28/jena-permissions/src/test/java/org/apache/jena/security/contract/graph/SecuredGraphListenerTest.java
----------------------------------------------------------------------
diff --git a/jena-permissions/src/test/java/org/apache/jena/security/contract/graph/SecuredGraphListenerTest.java b/jena-permissions/src/test/java/org/apache/jena/security/contract/graph/SecuredGraphListenerTest.java
new file mode 100644
index 0000000..fb7f805
--- /dev/null
+++ b/jena-permissions/src/test/java/org/apache/jena/security/contract/graph/SecuredGraphListenerTest.java
@@ -0,0 +1,51 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ * 
+ * http://www.apache.org/licenses/LICENSE-2.0
+ * 
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.jena.security.contract.graph;
+
+import org.apache.jena.graph.Factory ;
+import org.apache.jena.graph.Graph ;
+import org.apache.jena.graph.test.TestGraphListener ;
+import org.apache.jena.security.MockSecurityEvaluator;
+import org.apache.jena.security.SecurityEvaluator;
+
+public class SecuredGraphListenerTest extends TestGraphListener
+{
+	private final SecurityEvaluator eval;
+
+	public SecuredGraphListenerTest( final Class<? extends Graph> graphClass,
+			final String name )
+	{
+		super(graphClass, name);
+		eval = new MockSecurityEvaluator(true, true, true, true, true, true);
+	}
+
+	public SecuredGraphListenerTest( final String name )
+	{
+		super(name);
+		eval = new MockSecurityEvaluator(true, true, true, true, true, true);
+	}
+
+	@Override
+	public Graph getGraph()
+	{
+		final Graph graph = org.apache.jena.security.Factory.getInstance(eval,
+				getName(), Factory.createDefaultGraph());
+		graph.getEventManager().register(new CheckChanges("simple tracking", graph));
+		return graph;
+	}
+}

http://git-wip-us.apache.org/repos/asf/jena/blob/b712fb28/jena-permissions/src/test/java/org/apache/jena/security/contract/graph/SecuredTDBGraphContractTests.java
----------------------------------------------------------------------
diff --git a/jena-permissions/src/test/java/org/apache/jena/security/contract/graph/SecuredTDBGraphContractTests.java b/jena-permissions/src/test/java/org/apache/jena/security/contract/graph/SecuredTDBGraphContractTests.java
new file mode 100644
index 0000000..6991ea8
--- /dev/null
+++ b/jena-permissions/src/test/java/org/apache/jena/security/contract/graph/SecuredTDBGraphContractTests.java
@@ -0,0 +1,51 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ * 
+ * http://www.apache.org/licenses/LICENSE-2.0
+ * 
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.jena.security.contract.graph;
+
+import org.apache.jena.graph.Graph ;
+import org.apache.jena.graph.test.MetaTestGraph ;
+import org.apache.jena.security.MockSecurityEvaluator;
+import org.apache.jena.security.SecurityEvaluator;
+import org.apache.jena.tdb.TDBFactory ;
+
+public class SecuredTDBGraphContractTests extends MetaTestGraph
+{
+
+	private final SecurityEvaluator eval;
+
+	public SecuredTDBGraphContractTests( final Class<? extends Graph> graphClass,
+			final String name )
+	{
+		super(graphClass, name);
+		eval = new MockSecurityEvaluator(true, true, true, true, true, true);
+	}
+
+	public SecuredTDBGraphContractTests( final String name )
+	{
+		super(name);
+		eval = new MockSecurityEvaluator(true, true, true, true, true, true);
+	}
+
+	@Override
+	public Graph getGraph()
+	{
+		return org.apache.jena.security.Factory.getInstance(eval, getName(),
+				TDBFactory.createDatasetGraph().getDefaultGraph());
+	}
+
+}

http://git-wip-us.apache.org/repos/asf/jena/blob/b712fb28/jena-permissions/src/test/java/org/apache/jena/security/contract/model/ModelTestSuite.java
----------------------------------------------------------------------
diff --git a/jena-permissions/src/test/java/org/apache/jena/security/contract/model/ModelTestSuite.java b/jena-permissions/src/test/java/org/apache/jena/security/contract/model/ModelTestSuite.java
new file mode 100644
index 0000000..e3d33e5
--- /dev/null
+++ b/jena-permissions/src/test/java/org/apache/jena/security/contract/model/ModelTestSuite.java
@@ -0,0 +1,132 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ * 
+ * http://www.apache.org/licenses/LICENSE-2.0
+ * 
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.jena.security.contract.model;
+
+import java.lang.reflect.InvocationTargetException;
+import java.lang.reflect.Method;
+import java.util.ArrayList;
+import java.util.Enumeration;
+import java.util.List;
+
+import junit.framework.Test;
+
+
+import org.junit.runner.Description;
+import org.junit.runner.notification.Failure;
+import org.junit.runner.notification.RunNotifier;
+import org.junit.runners.ParentRunner;
+
+
+public class ModelTestSuite extends ParentRunner<Test>
+{
+	private SecTestPackage pkg;
+	
+	public ModelTestSuite( Class<?> testClass ) throws Exception
+	{
+		super( Test.class );
+		pkg = new SecTestPackage();
+	}
+
+	@Override
+	protected List<Test> getChildren()
+	{
+		List<Test> lst = new ArrayList<Test>();
+		Enumeration<Test> enm = pkg.tests();
+		while (enm.hasMoreElements())
+		{
+			lst.add( enm.nextElement() );
+		}
+		return lst;
+	}
+
+	@Override
+	protected Description describeChild( Test child )
+	{
+		return Description.createTestDescription( child.getClass(), child.toString() );
+	}
+
+	@Override
+	protected void runChild( Test child, RunNotifier notifier )
+	{
+		Method setUp = null;
+		try
+		{
+			setUp = child.getClass().getMethod("setUp" );
+		}
+		catch (SecurityException e1)
+		{
+			// TODO Auto-generated catch block
+			e1.printStackTrace();
+			throw new RuntimeException( e1 );
+		}
+		catch (NoSuchMethodException e1)
+		{
+		}
+		Method tearDown = null;
+		try
+		{
+			tearDown = child.getClass().getMethod("tearDown" );
+		}
+		catch (SecurityException e1)
+		{
+			// TODO Auto-generated catch block
+			e1.printStackTrace();
+			throw new RuntimeException( e1 );
+		}
+		catch (NoSuchMethodException e1)
+		{
+		}
+		for (Method m : child.getClass().getMethods())
+		{
+			if (m.getName().startsWith( "test" ) && m.getParameterTypes().length == 0)
+			{
+				Description desc = Description.createTestDescription( child.getClass(), child.toString() );
+				notifier.fireTestStarted( desc );
+				try
+				{
+					if (setUp != null)
+					{
+						setUp.invoke(child);
+					}
+					m.invoke(child);
+					if (tearDown != null)
+					{
+						tearDown.invoke( child );
+					}
+					notifier.fireTestFinished( desc );
+				}
+				catch (IllegalArgumentException e)
+				{
+					notifier.fireTestFailure( new Failure(desc, e));
+				}
+				catch (IllegalAccessException e)
+				{
+					notifier.fireTestFailure( new Failure(desc, e));
+				}
+				catch (InvocationTargetException e)
+				{
+					notifier.fireTestFailure( new Failure(desc, e.getTargetException()));
+				}
+				catch (RuntimeException e) {
+					notifier.fireTestFailure( new Failure(desc, e));
+					throw e;
+				}
+			}
+		}
+	}
+}

http://git-wip-us.apache.org/repos/asf/jena/blob/b712fb28/jena-permissions/src/test/java/org/apache/jena/security/contract/model/SecTestLiterals.java
----------------------------------------------------------------------
diff --git a/jena-permissions/src/test/java/org/apache/jena/security/contract/model/SecTestLiterals.java b/jena-permissions/src/test/java/org/apache/jena/security/contract/model/SecTestLiterals.java
new file mode 100644
index 0000000..6247c68
--- /dev/null
+++ b/jena-permissions/src/test/java/org/apache/jena/security/contract/model/SecTestLiterals.java
@@ -0,0 +1,29 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ * 
+ * http://www.apache.org/licenses/LICENSE-2.0
+ * 
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.jena.security.contract.model;
+
+import org.apache.jena.rdf.model.test.TestLiterals ;
+import org.apache.jena.rdf.model.test.TestPackage ;
+
+public class SecTestLiterals extends TestLiterals {
+
+	public SecTestLiterals() {
+		super(new TestPackage.PlainModelFactory(), "SecTestLiterals");
+	}
+
+}

http://git-wip-us.apache.org/repos/asf/jena/blob/b712fb28/jena-permissions/src/test/java/org/apache/jena/security/contract/model/SecTestPackage.java
----------------------------------------------------------------------
diff --git a/jena-permissions/src/test/java/org/apache/jena/security/contract/model/SecTestPackage.java b/jena-permissions/src/test/java/org/apache/jena/security/contract/model/SecTestPackage.java
new file mode 100644
index 0000000..4f0650d
--- /dev/null
+++ b/jena-permissions/src/test/java/org/apache/jena/security/contract/model/SecTestPackage.java
@@ -0,0 +1,120 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ * 
+ * http://www.apache.org/licenses/LICENSE-2.0
+ * 
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.jena.security.contract.model;
+
+import java.lang.reflect.InvocationTargetException;
+
+import junit.framework.TestSuite;
+import org.apache.jena.atlas.web.TypedInputStream;
+import org.apache.jena.graph.Graph ;
+import org.apache.jena.rdf.model.Model ;
+import org.apache.jena.rdf.model.ModelFactory ;
+import org.apache.jena.rdf.model.test.AbstractTestPackage ;
+import org.apache.jena.rdf.model.test.helpers.TestingModelFactory ;
+import org.apache.jena.riot.system.stream.Locator;
+import org.apache.jena.riot.system.stream.StreamManager;
+import org.apache.jena.riot.system.stream.LocatorZip;
+import org.apache.jena.security.MockSecurityEvaluator;
+import org.apache.jena.security.SecurityEvaluator;
+import org.apache.jena.shared.PrefixMapping ;
+import org.apache.jena.util.FileUtils ;
+
+/**
+ * Test package to test Model implementation.
+ */
+//@RunWith(ModelTestSuite.class)
+public class SecTestPackage extends AbstractTestPackage
+{
+	static public TestSuite suite() throws SecurityException, IllegalArgumentException, NoSuchMethodException, InstantiationException, IllegalAccessException, InvocationTargetException
+	{
+		return new SecTestPackage();
+	}
+	
+	public SecTestPackage() throws SecurityException, IllegalArgumentException, NoSuchMethodException, InstantiationException, IllegalAccessException, InvocationTargetException
+	{
+		super("SecuredModel", new PlainModelFactory() );
+		// register a jar reader here
+		StreamManager sm =StreamManager.get();
+		sm.addLocator( new LocatorJarURL()  );
+	}
+
+	/* package private */static class PlainModelFactory implements TestingModelFactory
+	{
+		private final SecurityEvaluator eval;
+		
+		public PlainModelFactory()
+		{
+			eval = new MockSecurityEvaluator(true, true, true, true, true, true);
+		}
+		
+		@Override
+		public Model createModel()
+		{
+			// Graph graph = Factory.createDefaultGraph( style );
+			final Model model = ModelFactory.createDefaultModel();
+			return org.apache.jena.security.Factory.getInstance(eval, "testModel",
+					model);
+		}
+		
+		@Override
+		public PrefixMapping getPrefixMapping()
+		{
+			return createModel().getGraph().getPrefixMapping();
+		}
+		
+		@Override
+		public Model createModel( Graph base )
+		{
+			return ModelFactory.createModelForGraph(base);
+		}
+	}
+	
+	public static class LocatorJarURL implements Locator {
+
+		@Override
+		public TypedInputStream open(String uri) {
+			 String uriSchemeName = FileUtils.getScheme(uri) ;
+			 if ( ! "jar".equalsIgnoreCase(uriSchemeName))
+			 {
+				 return null;
+			 }
+			 
+			 String[] parts = uri.substring( 4 ).split("!");
+			 if (parts.length != 2)
+			 {
+				 return null;
+			 } 
+			 if (parts[0].toLowerCase().startsWith("file:"))
+			 {
+				 parts[0] = parts[0].substring( 5 );
+			 }
+			 if (parts[1].startsWith( "/"))
+			 {
+				 parts[1] = parts[1].substring(1);
+			 }
+			 LocatorZip zl = new LocatorZip( parts[0] );
+			 return zl.open(parts[1] );
+		}
+
+		@Override
+		public String getName() {
+			return "JarURLLocator";
+		}
+		
+	}
+}

http://git-wip-us.apache.org/repos/asf/jena/blob/b712fb28/jena-permissions/src/test/java/org/apache/jena/security/contract/model/SecTestReaderEvents.java
----------------------------------------------------------------------
diff --git a/jena-permissions/src/test/java/org/apache/jena/security/contract/model/SecTestReaderEvents.java b/jena-permissions/src/test/java/org/apache/jena/security/contract/model/SecTestReaderEvents.java
new file mode 100644
index 0000000..4a1d662
--- /dev/null
+++ b/jena-permissions/src/test/java/org/apache/jena/security/contract/model/SecTestReaderEvents.java
@@ -0,0 +1,28 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ * 
+ * http://www.apache.org/licenses/LICENSE-2.0
+ * 
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.jena.security.contract.model;
+
+import org.apache.jena.rdf.model.test.TestPackage ;
+
+public class SecTestReaderEvents extends org.apache.jena.rdf.model.test.TestReaderEvents {
+
+	public SecTestReaderEvents() {
+		super( new TestPackage.PlainModelFactory(), "SecTestReaderEvents" );
+	}
+
+}

http://git-wip-us.apache.org/repos/asf/jena/blob/b712fb28/jena-permissions/src/test/java/org/apache/jena/security/contract/model/SecTestReaders.java
----------------------------------------------------------------------
diff --git a/jena-permissions/src/test/java/org/apache/jena/security/contract/model/SecTestReaders.java b/jena-permissions/src/test/java/org/apache/jena/security/contract/model/SecTestReaders.java
new file mode 100644
index 0000000..7ee29fe
--- /dev/null
+++ b/jena-permissions/src/test/java/org/apache/jena/security/contract/model/SecTestReaders.java
@@ -0,0 +1,28 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ * 
+ * http://www.apache.org/licenses/LICENSE-2.0
+ * 
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.jena.security.contract.model;
+
+import org.apache.jena.rdf.model.test.TestPackage ;
+
+public class SecTestReaders extends org.apache.jena.rdf.model.test.TestReaders {
+
+	public SecTestReaders() {
+		super( new TestPackage.PlainModelFactory(), "SecTestReaders" );
+	}
+
+}

http://git-wip-us.apache.org/repos/asf/jena/blob/b712fb28/jena-permissions/src/test/java/org/apache/jena/security/graph/BulkUpdateHandlerTest.java
----------------------------------------------------------------------
diff --git a/jena-permissions/src/test/java/org/apache/jena/security/graph/BulkUpdateHandlerTest.java b/jena-permissions/src/test/java/org/apache/jena/security/graph/BulkUpdateHandlerTest.java
new file mode 100644
index 0000000..46f8b0b
--- /dev/null
+++ b/jena-permissions/src/test/java/org/apache/jena/security/graph/BulkUpdateHandlerTest.java
@@ -0,0 +1,372 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ * 
+ * http://www.apache.org/licenses/LICENSE-2.0
+ * 
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.jena.security.graph;
+
+import java.util.Arrays;
+import java.util.Set;
+
+import org.junit.Assert;
+import org.apache.jena.graph.Graph ;
+import org.apache.jena.graph.NodeFactory ;
+import org.apache.jena.graph.Triple ;
+import org.apache.jena.graph.impl.CollectionGraph ;
+import org.apache.jena.security.AccessDeniedException;
+import org.apache.jena.security.Factory;
+import org.apache.jena.security.SecurityEvaluator;
+import org.apache.jena.security.SecurityEvaluatorParameters;
+import org.apache.jena.security.SecurityEvaluator.Action;
+import org.apache.jena.security.graph.SecuredBulkUpdateHandler;
+import org.apache.jena.security.graph.SecuredGraph;
+import org.apache.jena.sparql.graph.GraphFactory ;
+import org.junit.Before;
+import org.junit.Test;
+import org.junit.runner.RunWith;
+
+@RunWith( value = SecurityEvaluatorParameters.class )
+public class BulkUpdateHandlerTest
+{
+	protected SecuredBulkUpdateHandler handler;
+	private final SecurityEvaluator securityEvaluator;
+	private final Triple[] tripleArray;
+	private final Set<Action> deleteAndUpdate;
+	private final Set<Action> createAndUpdate;
+
+	public BulkUpdateHandlerTest( final SecurityEvaluator securityEvaluator )
+	{
+		this.securityEvaluator = securityEvaluator;
+
+		tripleArray = new Triple[] {
+				new Triple(NodeFactory.createURI("http://example.com/1"),
+						NodeFactory.createURI("http://example.com/v"),
+						NodeFactory.createAnon()),
+				new Triple(NodeFactory.createURI("http://example.com/2"),
+						NodeFactory.createURI("http://example.com/v"),
+						NodeFactory.createAnon()),
+				new Triple(NodeFactory.createURI("http://example.com/3"),
+						NodeFactory.createURI("http://example.com/v"),
+						NodeFactory.createAnon()) };
+		createAndUpdate = SecurityEvaluator.Util.asSet(new Action[] {
+				Action.Create, Action.Update });
+		deleteAndUpdate = SecurityEvaluator.Util.asSet(new Action[] {
+				Action.Delete, Action.Update });
+	}
+
+	@Before
+	public void setup()
+	{
+		final Graph g = GraphFactory.createDefaultGraph();
+
+		final SecuredGraph sg = Factory.getInstance(securityEvaluator,
+				"http://example.com/testGraph", g);
+		handler = sg.getBulkUpdateHandler();
+	}
+
+	@Test
+	public void testAdd()
+	{
+		Object principal = securityEvaluator.getPrincipal();
+		try
+		{
+			handler.add(tripleArray);
+			if (!securityEvaluator.evaluate(principal, createAndUpdate,
+					handler.getModelNode()))
+			{
+
+				Assert.fail("Should have thrown AccessDenied Exception");
+			}
+		}
+		catch (final AccessDeniedException e)
+		{
+			if (securityEvaluator.evaluate(principal, createAndUpdate,
+					handler.getModelNode()))
+			{
+				Assert.fail(String
+						.format("Should not have thrown AccessDenied Exception: %s - %s",
+								e, e.getTriple()));
+			}
+		}
+
+		try
+		{
+			handler.add(Arrays.asList(tripleArray));
+			if (!securityEvaluator.evaluate(principal, createAndUpdate,
+					handler.getModelNode()))
+			{
+
+				Assert.fail("Should have thrown AccessDenied Exception");
+			}
+		}
+		catch (final AccessDeniedException e)
+		{
+			if (securityEvaluator.evaluate(principal, createAndUpdate,
+					handler.getModelNode()))
+			{
+				Assert.fail(String
+						.format("Should not have thrown AccessDenied Exception: %s - %s",
+								e, e.getTriple()));
+			}
+		}
+
+		try
+		{
+			handler.add(Arrays.asList(tripleArray).iterator());
+			if (!securityEvaluator.evaluate(principal, createAndUpdate,
+					handler.getModelNode()))
+			{
+
+				Assert.fail("Should have thrown AccessDenied Exception");
+			}
+		}
+		catch (final AccessDeniedException e)
+		{
+			if (securityEvaluator.evaluate(principal, createAndUpdate,
+					handler.getModelNode()))
+			{
+				Assert.fail(String
+						.format("Should not have thrown AccessDenied Exception: %s - %s",
+								e, e.getTriple()));
+			}
+		}
+
+		try
+		{
+			handler.add(new CollectionGraph(Arrays.asList(tripleArray)));
+			if (!securityEvaluator.evaluate(principal, createAndUpdate,
+					handler.getModelNode()))
+			{
+
+				Assert.fail("Should have thrown AccessDenied Exception");
+			}
+		}
+		catch (final AccessDeniedException e)
+		{
+			if (securityEvaluator.evaluate(principal, createAndUpdate,
+					handler.getModelNode()))
+			{
+				Assert.fail(String
+						.format("Should not have thrown AccessDenied Exception: %s - %s",
+								e, e.getTriple()));
+			}
+		}
+
+		try
+		{
+			handler.add(new CollectionGraph(Arrays.asList(tripleArray)));
+			if (!securityEvaluator.evaluate(principal, createAndUpdate,
+					handler.getModelNode()))
+			{
+
+				Assert.fail("Should have thrown AccessDenied Exception");
+			}
+		}
+		catch (final AccessDeniedException e)
+		{
+			if (securityEvaluator.evaluate(principal, createAndUpdate,
+					handler.getModelNode()))
+			{
+				Assert.fail(String
+						.format("Should not have thrown AccessDenied Exception: %s - %s",
+								e, e.getTriple()));
+			}
+		}
+
+		try
+		{
+			handler.add(new CollectionGraph(Arrays.asList(tripleArray)), true);
+			if (!securityEvaluator.evaluate(principal, createAndUpdate,
+					handler.getModelNode()))
+			{
+
+				Assert.fail("Should have thrown AccessDenied Exception");
+			}
+		}
+		catch (final AccessDeniedException e)
+		{
+			if (securityEvaluator.evaluate(principal, createAndUpdate,
+					handler.getModelNode()))
+			{
+				Assert.fail(String
+						.format("Should not have thrown AccessDenied Exception: %s - %s",
+								e, e.getTriple()));
+			}
+		}
+	}
+
+	@Test
+	public void testDelete()
+	{
+		Object principal = securityEvaluator.getPrincipal();
+		try
+		{
+			handler.delete(tripleArray);
+			if (!securityEvaluator.evaluate(principal, deleteAndUpdate,
+					handler.getModelNode()))
+			{
+
+				Assert.fail("Should have thrown AccessDenied Exception");
+			}
+		}
+		catch (final AccessDeniedException e)
+		{
+			if (securityEvaluator.evaluate(principal, deleteAndUpdate,
+					handler.getModelNode()))
+			{
+				Assert.fail(String
+						.format("Should not have thrown AccessDenied Exception: %s - %s",
+								e, e.getTriple()));
+			}
+		}
+
+		try
+		{
+			handler.delete(Arrays.asList(tripleArray));
+			if (!securityEvaluator.evaluate(principal, deleteAndUpdate,
+					handler.getModelNode()))
+			{
+
+				Assert.fail("Should have thrown AccessDenied Exception");
+			}
+		}
+		catch (final AccessDeniedException e)
+		{
+			if (securityEvaluator.evaluate(principal, deleteAndUpdate,
+					handler.getModelNode()))
+			{
+				Assert.fail(String
+						.format("Should not have thrown AccessDenied Exception: %s - %s",
+								e, e.getTriple()));
+			}
+		}
+
+		try
+		{
+			handler.delete(Arrays.asList(tripleArray).iterator());
+			if (!securityEvaluator.evaluate(principal, deleteAndUpdate,
+					handler.getModelNode()))
+			{
+
+				Assert.fail("Should have thrown AccessDenied Exception");
+			}
+		}
+		catch (final AccessDeniedException e)
+		{
+			if (securityEvaluator.evaluate(principal, deleteAndUpdate,
+					handler.getModelNode()))
+			{
+				Assert.fail(String
+						.format("Should not have thrown AccessDenied Exception: %s - %s",
+								e, e.getTriple()));
+			}
+		}
+
+		try
+		{
+			handler.delete(new CollectionGraph(Arrays.asList(tripleArray)));
+			if (!securityEvaluator.evaluate(principal, deleteAndUpdate,
+					handler.getModelNode()))
+			{
+
+				Assert.fail("Should have thrown AccessDenied Exception");
+			}
+		}
+		catch (final AccessDeniedException e)
+		{
+			if (securityEvaluator.evaluate(principal, deleteAndUpdate,
+					handler.getModelNode()))
+			{
+				Assert.fail(String
+						.format("Should not have thrown AccessDenied Exception: %s - %s",
+								e, e.getTriple()));
+			}
+		}
+
+		try
+		{
+			handler.delete(new CollectionGraph(Arrays.asList(tripleArray)),
+					true);
+			if (!securityEvaluator.evaluate(principal, deleteAndUpdate,
+					handler.getModelNode()))
+			{
+				Assert.fail("Should have thrown AccessDenied Exception");
+			}
+		}
+		catch (final AccessDeniedException e)
+		{
+			if (securityEvaluator.evaluate(principal, deleteAndUpdate,
+					handler.getModelNode()))
+			{
+				Assert.fail(String
+						.format("Should not have thrown AccessDenied Exception: %s - %s",
+								e, e.getTriple()));
+			}
+		}
+
+	}
+
+	public void testRemove()
+	{
+		Object principal = securityEvaluator.getPrincipal();
+		try
+		{
+			handler.remove(NodeFactory.createURI("http://example.com/1"),
+					NodeFactory.createURI("http://example.com/v"), NodeFactory.createAnon());
+			if (!securityEvaluator.evaluate(principal, deleteAndUpdate,
+					handler.getModelNode()))
+			{
+
+				Assert.fail("Should have thrown AccessDenied Exception");
+			}
+		}
+		catch (final AccessDeniedException e)
+		{
+			if (securityEvaluator.evaluate(principal, deleteAndUpdate,
+					handler.getModelNode()))
+			{
+				Assert.fail(String
+						.format("Should not have thrown AccessDenied Exception: %s - %s",
+								e, e.getTriple()));
+			}
+		}
+	}
+
+	public void testRemoveAll()
+	{
+		Object principal = securityEvaluator.getPrincipal();
+		try
+		{
+			handler.removeAll();
+			if (!securityEvaluator.evaluate(principal, deleteAndUpdate,
+					handler.getModelNode()))
+			{
+
+				Assert.fail("Should have thrown AccessDenied Exception");
+			}
+		}
+		catch (final AccessDeniedException e)
+		{
+			if (securityEvaluator.evaluate(principal, deleteAndUpdate,
+					handler.getModelNode()))
+			{
+				Assert.fail(String
+						.format("Should not have thrown AccessDenied Exception: %s - %s",
+								e, e.getTriple()));
+			}
+		}
+	}
+
+}

http://git-wip-us.apache.org/repos/asf/jena/blob/b712fb28/jena-permissions/src/test/java/org/apache/jena/security/graph/CrossIDGraphEventManagerTest.java
----------------------------------------------------------------------
diff --git a/jena-permissions/src/test/java/org/apache/jena/security/graph/CrossIDGraphEventManagerTest.java b/jena-permissions/src/test/java/org/apache/jena/security/graph/CrossIDGraphEventManagerTest.java
new file mode 100644
index 0000000..b8da8e4
--- /dev/null
+++ b/jena-permissions/src/test/java/org/apache/jena/security/graph/CrossIDGraphEventManagerTest.java
@@ -0,0 +1,77 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.jena.security.graph;
+
+import org.apache.jena.graph.Graph ;
+import org.apache.jena.graph.GraphEventManager ;
+import org.apache.jena.graph.NodeFactory ;
+import org.apache.jena.graph.Triple ;
+import org.apache.jena.security.Factory;
+import org.apache.jena.security.StaticSecurityEvaluator;
+import org.apache.jena.sparql.graph.GraphFactory ;
+import org.junit.Assert;
+import org.junit.Test;
+
+public class CrossIDGraphEventManagerTest {
+
+	private final GraphEventManager manager;
+	private final Graph g;
+	private final SecuredGraph sg;
+	private final StaticSecurityEvaluator securityEvaluator;
+
+	private final RecordingGraphListener annListener;
+	private final RecordingGraphListener bobListener;
+
+	public CrossIDGraphEventManagerTest() {
+		this.securityEvaluator = new StaticSecurityEvaluator("ann");
+
+		g = GraphFactory.createDefaultGraph();
+		g.add(new Triple(NodeFactory.createURI("urn:ann"), NodeFactory
+				.createURI("http://example.com/v"), NodeFactory.createAnon()));
+		g.add(new Triple(NodeFactory.createURI("urn:bob"), NodeFactory
+				.createURI("http://example.com/v"), NodeFactory.createAnon()));
+		g.add(new Triple(NodeFactory.createURI("urn:ann"), NodeFactory
+				.createURI("http://example.com/v2"), NodeFactory.createAnon()));
+
+		sg = Factory.getInstance(securityEvaluator,
+				"http://example.com/testGraph", g);
+		manager = sg.getEventManager();
+		annListener = new RecordingGraphListener();
+		manager.register(annListener);
+		this.securityEvaluator.setUser("bob");
+		bobListener = new RecordingGraphListener();
+		manager.register(bobListener);
+	}
+
+	@Test
+	public void notificationsTest() {
+		sg.add(new Triple(NodeFactory.createURI("urn:bob"), NodeFactory
+				.createURI("http://example.com/v2"), NodeFactory.createAnon()));
+
+		Assert.assertTrue("Should recorded add", bobListener.isAdd());
+		Assert.assertFalse("Should not have recorded add", annListener.isAdd());
+
+		sg.delete(new Triple(NodeFactory.createURI("urn:bob"), NodeFactory
+				.createURI("http://example.com/v2"), NodeFactory.createAnon()));
+
+		Assert.assertTrue("Should recorded delete", bobListener.isDelete());
+		Assert.assertFalse("Should not have recorded delete",
+				annListener.isDelete());
+	}
+
+}

http://git-wip-us.apache.org/repos/asf/jena/blob/b712fb28/jena-permissions/src/test/java/org/apache/jena/security/graph/GraphEventManagerTest.java
----------------------------------------------------------------------
diff --git a/jena-permissions/src/test/java/org/apache/jena/security/graph/GraphEventManagerTest.java b/jena-permissions/src/test/java/org/apache/jena/security/graph/GraphEventManagerTest.java
new file mode 100644
index 0000000..10ffd42
--- /dev/null
+++ b/jena-permissions/src/test/java/org/apache/jena/security/graph/GraphEventManagerTest.java
@@ -0,0 +1,239 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ * 
+ * http://www.apache.org/licenses/LICENSE-2.0
+ * 
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.jena.security.graph;
+
+import java.util.Arrays;
+import java.util.Set;
+
+import org.apache.jena.graph.Graph ;
+import org.apache.jena.graph.GraphEventManager ;
+import org.apache.jena.graph.NodeFactory ;
+import org.apache.jena.graph.Triple ;
+import org.apache.jena.graph.impl.CollectionGraph ;
+import org.apache.jena.security.Factory;
+import org.apache.jena.security.MockSecurityEvaluator;
+import org.apache.jena.security.SecurityEvaluator;
+import org.apache.jena.security.SecurityEvaluatorParameters;
+import org.apache.jena.security.SecurityEvaluator.Action;
+import org.apache.jena.security.graph.SecuredGraph;
+import org.apache.jena.sparql.graph.GraphFactory ;
+import org.junit.Assert;
+import org.junit.Before;
+import org.junit.Test;
+import org.junit.runner.RunWith;
+
+/**
+ * Verifies that messages are properly filtered when sent to listeners.
+ *
+ */
+@RunWith( value = SecurityEvaluatorParameters.class )
+public class GraphEventManagerTest
+{
+	private final GraphEventManager manager;
+	private final Graph g;
+	private final SecuredGraph sg;
+	private final SecurityEvaluator securityEvaluator;
+	private Triple[] tripleArray;
+
+	private final RecordingGraphListener listener;
+
+	public GraphEventManagerTest( final MockSecurityEvaluator securityEvaluator )
+	{
+		this.securityEvaluator = securityEvaluator;
+		g = GraphFactory.createDefaultGraph();
+
+		sg = Factory.getInstance(securityEvaluator,
+				"http://example.com/testGraph", g);
+		manager = sg.getEventManager();
+		listener = new RecordingGraphListener();
+		manager.register(listener);
+
+	}
+
+	@Test
+	@SuppressWarnings("deprecation")
+	public void notifyAddTest()
+	{
+		Object principal = securityEvaluator.getPrincipal();
+		final Set<Action> ADD = SecurityEvaluator.Util.asSet(new Action[] {
+				Action.Create, Action.Read });
+		g.add(tripleArray[0]);
+		if (securityEvaluator.evaluateAny(principal, ADD, sg.getModelNode()))
+		{
+			Assert.assertTrue("Should recorded add", listener.isAdd());
+		}
+		else
+		{
+			Assert.assertFalse("Should not have recorded add", listener.isAdd());
+		}
+		g.delete(Triple.ANY);
+		listener.reset();
+
+		g.getBulkUpdateHandler().add(tripleArray);
+		if (securityEvaluator.evaluateAny(principal, ADD, sg.getModelNode()))
+		{
+			Assert.assertTrue("Should recorded add", listener.isAdd());
+		}
+		else
+		{
+			Assert.assertFalse("Should not have recorded add", listener.isAdd());
+		}
+		g.delete(Triple.ANY);
+		listener.reset();
+
+		g.getBulkUpdateHandler().add(Arrays.asList(tripleArray));
+		if (securityEvaluator.evaluateAny(principal, ADD, sg.getModelNode()))
+		{
+			Assert.assertTrue("Should recorded add", listener.isAdd());
+		}
+		else
+		{
+			Assert.assertFalse("Should not have recorded add", listener.isAdd());
+		}
+		g.delete(Triple.ANY);
+		listener.reset();
+
+		g.getBulkUpdateHandler().add(Arrays.asList(tripleArray).iterator());
+		if (securityEvaluator.evaluateAny(principal, ADD, sg.getModelNode()))
+		{
+			Assert.assertTrue("Should recorded add", listener.isAdd());
+		}
+		else
+		{
+			Assert.assertFalse("Should not have recorded add", listener.isAdd());
+		}
+		g.delete(Triple.ANY);
+		listener.reset();
+
+		g.getBulkUpdateHandler().add(
+				new CollectionGraph(Arrays.asList(tripleArray)));
+		if (securityEvaluator.evaluateAny(principal, ADD, sg.getModelNode()))
+		{
+			Assert.assertTrue("Should recorded add", listener.isAdd());
+		}
+		else
+		{
+			Assert.assertFalse("Should not have recorded add", listener.isAdd());
+		}
+		g.delete(Triple.ANY);
+		listener.reset();
+	}
+
+	@SuppressWarnings("deprecation")
+    @Test
+	public void notifyDeleteTest()
+	{
+		Object principal = securityEvaluator.getPrincipal();
+		final Set<Action> DELETE = SecurityEvaluator.Util.asSet(new Action[] {
+				Action.Delete, Action.Read });
+		g.delete(tripleArray[0]);
+		if (securityEvaluator.evaluateAny(principal, DELETE, sg.getModelNode()))
+		{
+			Assert.assertTrue("Should have recorded delete",
+					listener.isDelete());
+		}
+		else
+		{
+			Assert.assertFalse("Should not have recorded delete",
+					listener.isDelete());
+		}
+
+		listener.reset();
+
+		g.getBulkUpdateHandler().delete(tripleArray);
+		if (securityEvaluator.evaluateAny(principal, DELETE, sg.getModelNode()))
+		{
+			Assert.assertTrue("Should recorded delete", listener.isDelete());
+		}
+		else
+		{
+			Assert.assertFalse("Should not have recorded delete",
+					listener.isDelete());
+		}
+		listener.reset();
+
+		g.getBulkUpdateHandler().delete(Arrays.asList(tripleArray));
+		if (securityEvaluator.evaluateAny(principal, DELETE, sg.getModelNode()))
+		{
+			Assert.assertTrue("Should recorded delete", listener.isDelete());
+		}
+		else
+		{
+			Assert.assertFalse("Should not have recorded delete",
+					listener.isDelete());
+		}
+		listener.reset();
+
+		g.getBulkUpdateHandler().delete(Arrays.asList(tripleArray).iterator());
+		if (securityEvaluator.evaluateAny(principal, DELETE, sg.getModelNode()))
+		{
+			Assert.assertTrue("Should recorded delete", listener.isDelete());
+		}
+		else
+		{
+			Assert.assertFalse("Should not have recorded delete",
+					listener.isDelete());
+		}
+		listener.reset();
+
+		g.getBulkUpdateHandler().delete(
+				new CollectionGraph(Arrays.asList(tripleArray)));
+		if (securityEvaluator.evaluateAny(principal, DELETE, sg.getModelNode()))
+		{
+			Assert.assertTrue("Should recorded delete", listener.isDelete());
+		}
+		else
+		{
+			Assert.assertFalse("Should not have recorded delete",
+					listener.isDelete());
+		}
+		listener.reset();
+	}
+
+	@Test
+	public void notifyEventTest()
+	{
+		g.getEventManager().notifyEvent(g, "Foo");
+		Assert.assertTrue("Should recorded delete", listener.isEvent());
+		listener.reset();
+		// final RecordingGraphListener listener2 = new
+		// RecordingGraphListener();
+		// g.getEventManager().register(listener2);
+		sg.getEventManager().notifyEvent(sg, "Foo");
+		Assert.assertTrue("Should recorded delete", listener.isEvent());
+		// Assert.assertTrue("Should recorded delete", listener2.isEvent());
+		listener.reset();
+
+	}
+
+	@Before
+	public void setup()
+	{
+		tripleArray = new Triple[] {
+				new Triple(NodeFactory.createURI("http://example.com/1"),
+						NodeFactory.createURI("http://example.com/v"),
+						NodeFactory.createAnon()),
+				new Triple(NodeFactory.createURI("http://example.com/2"),
+						NodeFactory.createURI("http://example.com/v"),
+						NodeFactory.createAnon()),
+				new Triple(NodeFactory.createURI("http://example.com/3"),
+						NodeFactory.createURI("http://example.com/v"),
+						NodeFactory.createAnon()) };
+
+	}
+}

http://git-wip-us.apache.org/repos/asf/jena/blob/b712fb28/jena-permissions/src/test/java/org/apache/jena/security/graph/MemGraphTest.java
----------------------------------------------------------------------
diff --git a/jena-permissions/src/test/java/org/apache/jena/security/graph/MemGraphTest.java b/jena-permissions/src/test/java/org/apache/jena/security/graph/MemGraphTest.java
new file mode 100644
index 0000000..3f4685a
--- /dev/null
+++ b/jena-permissions/src/test/java/org/apache/jena/security/graph/MemGraphTest.java
@@ -0,0 +1,387 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ * 
+ * http://www.apache.org/licenses/LICENSE-2.0
+ * 
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.jena.security.graph;
+
+import java.lang.reflect.Method;
+import java.util.Set;
+
+import org.apache.jena.graph.* ;
+import org.apache.jena.security.AccessDeniedException;
+import org.apache.jena.security.EqualityTester;
+import org.apache.jena.security.MockSecurityEvaluator;
+import org.apache.jena.security.SecurityEvaluator;
+import org.apache.jena.security.SecurityEvaluatorParameters;
+import org.apache.jena.security.SecurityEvaluator.Action;
+import org.apache.jena.security.graph.SecuredBulkUpdateHandler;
+import org.apache.jena.security.graph.SecuredGraph;
+import org.apache.jena.sparql.graph.GraphFactory ;
+import org.junit.Assert;
+import org.junit.Before;
+import org.junit.Test;
+import org.junit.runner.RunWith;
+
+@RunWith( value = SecurityEvaluatorParameters.class )
+public class MemGraphTest
+{
+	private SecuredGraph securedGraph;
+	private final MockSecurityEvaluator securityEvaluator;
+	private Node s;
+	private Node p;
+	private Node o;
+	private Triple t;
+
+	private Graph baseGraph;
+
+	public MemGraphTest( final MockSecurityEvaluator securityEvaluator )
+	{
+		this.securityEvaluator = securityEvaluator;
+	}
+
+	protected Graph createGraph() throws Exception
+	{
+		return GraphFactory.createDefaultGraph();
+	}
+
+	@SuppressWarnings("deprecation")
+    @Before
+	public void setUp() throws Exception
+	{
+		baseGraph = createGraph();
+		baseGraph.getBulkUpdateHandler().removeAll();
+		securedGraph = org.apache.jena.security.Factory
+				.getInstance(securityEvaluator,
+						"http://example.com/securedGraph", baseGraph);
+		s = NodeFactory.createURI("http://example.com/securedGraph/s");
+		p = NodeFactory.createURI("http://example.com/securedGraph/p");
+		o = NodeFactory.createURI("http://example.com/securedGraph/o");
+		t = new Triple(s, p, o);
+		baseGraph.add(t);
+	}
+
+	@Test
+	public void testBulkUpdateHandler() throws Exception
+	{
+		final BulkUpdateHandler buh = securedGraph.getBulkUpdateHandler();
+		Assert.assertNotNull("BulkUpdateHandler may not be null", buh);
+		Assert.assertTrue("BulkUpdateHandler should be secured",
+				buh instanceof SecuredBulkUpdateHandler);
+		final BulkUpdateHandlerTest buhTest = new BulkUpdateHandlerTest(
+				securityEvaluator) {
+			@Override
+			public void setup()
+			{
+				this.handler = (SecuredBulkUpdateHandler) buh;
+			}
+		};
+		for (final Method m : buhTest.getClass().getMethods())
+		{
+			if (m.isAnnotationPresent(Test.class))
+			{
+				buhTest.setup();
+				m.invoke(buhTest);
+			}
+		}
+	}
+
+	@Test
+	public void testContainsNodes() throws Exception
+	{
+		try
+		{
+			Assert.assertTrue(securedGraph.contains(s, p, o));
+			if (!securityEvaluator.evaluate(Action.Read))
+			{
+				Assert.fail("Should have thrown AccessDenied Exception");
+			}
+		}
+		catch (final AccessDeniedException e)
+		{
+			if (securityEvaluator.evaluate(Action.Read))
+			{
+				Assert.fail(String
+						.format("Should not have thrown AccessDenied Exception: %s - %s",
+								e, e.getTriple()));
+			}
+		}
+	}
+
+	@Test
+	public void testContainsTriple() throws Exception
+	{
+		try
+		{
+			Assert.assertTrue(securedGraph.contains(t));
+			if (!securityEvaluator.evaluate(Action.Read))
+			{
+				Assert.fail("Should have thrown AccessDenied Exception");
+			}
+		}
+		catch (final AccessDeniedException e)
+		{
+			if (securityEvaluator.evaluate(Action.Read))
+			{
+				Assert.fail(String
+						.format("Should not have thrown AccessDenied Exception: %s - %s",
+								e, e.getTriple()));
+			}
+		}
+
+	}
+
+	@Test
+	public void testDelete() throws Exception
+	{
+		final Set<Action> UD = SecurityEvaluator.Util.asSet(new Action[] {
+				Action.Update, Action.Delete });
+		try
+		{
+			securedGraph.delete(t);
+
+			if (!securityEvaluator.evaluate(UD))
+			{
+				Assert.fail("Should have thrown AccessDenied Exception");
+			}
+			Assert.assertEquals(0, baseGraph.size());
+
+		}
+		catch (final AccessDeniedException e)
+		{
+			if (securityEvaluator.evaluate(UD))
+			{
+				Assert.fail(String
+						.format("Should not have thrown AccessDenied Exception: %s - %s",
+								e, e.getTriple()));
+			}
+		}
+	}
+
+	@Test
+	public void testDependsOn() throws Exception
+	{
+		try
+		{
+			Assert.assertFalse(securedGraph.dependsOn(GraphFactory
+					.createDefaultGraph()));
+			if (!securityEvaluator.evaluate(Action.Read))
+			{
+				Assert.fail("Should have thrown AccessDenied Exception");
+			}
+		}
+		catch (final AccessDeniedException e)
+		{
+			if (securityEvaluator.evaluate(Action.Read))
+			{
+				Assert.fail(String
+						.format("Should not have thrown AccessDenied Exception: %s - %s",
+								e, e.getTriple()));
+			}
+		}
+		try
+		{
+			Assert.assertTrue(securedGraph.dependsOn(baseGraph));
+			if (!securityEvaluator.evaluate(Action.Read))
+			{
+				Assert.fail("Should have thrown AccessDenied Exception");
+			}
+		}
+		catch (final AccessDeniedException e)
+		{
+			if (securityEvaluator.evaluate(Action.Read))
+			{
+				Assert.fail(String
+						.format("Should not have thrown AccessDenied Exception: %s - %s",
+								e, e.getTriple()));
+			}
+		}
+	}
+
+	@Test
+	public void testFindNodes() throws Exception
+	{
+		try
+		{
+
+			Assert.assertFalse(securedGraph.find(Node.ANY, Node.ANY, Node.ANY)
+					.toList().isEmpty());
+			if (!securityEvaluator.evaluate(Action.Read))
+			{
+				Assert.fail("Should have thrown AccessDenied Exception");
+			}
+		}
+		catch (final AccessDeniedException e)
+		{
+			if (securityEvaluator.evaluate(Action.Read))
+			{
+				Assert.fail(String
+						.format("Should not have thrown AccessDenied Exception: %s - %s",
+								e, e.getTriple()));
+			}
+		}
+	}
+
+	@Test
+	public void testFindTriple() throws Exception
+	{
+		try
+		{
+			Assert.assertFalse(securedGraph.find(t).toList().isEmpty());
+			if (!securityEvaluator.evaluate(Action.Read))
+			{
+				Assert.fail("Should have thrown AccessDenied Exception");
+			}
+		}
+		catch (final AccessDeniedException e)
+		{
+			if (securityEvaluator.evaluate(Action.Read))
+			{
+				Assert.fail(String
+						.format("Should not have thrown AccessDenied Exception: %s - %s",
+								e, e.getTriple()));
+			}
+		}
+	}
+
+	@Test
+	public void testGetPrefixMapping() throws Exception
+	{
+		SecuredPrefixMappingTest.runTests(securityEvaluator,
+				securedGraph.getPrefixMapping());
+	}
+
+	@Test
+	public void testInequality()
+	{
+		EqualityTester
+				.testInequality("proxy and base", securedGraph, baseGraph);
+		final Graph g2 = org.apache.jena.security.graph.impl.Factory
+				.getInstance(securityEvaluator,
+						"http://example.com/securedGraph", baseGraph);
+		EqualityTester.testEquality("proxy and proxy2", securedGraph, g2);
+		EqualityTester.testInequality("base and proxy2", baseGraph, g2);
+	}
+
+	@Test
+	public void testIsIsomorphicWith() throws Exception
+	{
+		try
+		{
+			Assert.assertFalse(securedGraph.isIsomorphicWith(GraphFactory
+					.createDefaultGraph()));
+			if (!securityEvaluator.evaluate(Action.Read))
+			{
+				Assert.fail("Should have thrown AccessDenied Exception");
+			}
+		}
+		catch (final AccessDeniedException e)
+		{
+			if (securityEvaluator.evaluate(Action.Read))
+			{
+				Assert.fail(String
+						.format("Should not have thrown AccessDenied Exception: %s - %s",
+								e, e.getTriple()));
+			}
+		}
+		try
+		{
+			Assert.assertTrue(securedGraph.isIsomorphicWith(baseGraph));
+			if (!securityEvaluator.evaluate(Action.Read))
+			{
+				Assert.fail("Should have thrown AccessDenied Exception");
+			}
+		}
+		catch (final AccessDeniedException e)
+		{
+			if (securityEvaluator.evaluate(Action.Read))
+			{
+				Assert.fail(String
+						.format("Should not have thrown AccessDenied Exception: %s - %s",
+								e, e.getTriple()));
+			}
+		}
+	}
+
+	@Test
+	public void testSize() throws Exception
+	{
+		try
+		{
+			Assert.assertEquals(1, securedGraph.size());
+			if (!securityEvaluator.evaluate(Action.Read))
+			{
+				Assert.fail("Should have thrown AccessDenied Exception");
+			}
+		}
+		catch (final AccessDeniedException e)
+		{
+			if (securityEvaluator.evaluate(Action.Read))
+			{
+				Assert.fail(String
+						.format("Should not have thrown AccessDenied Exception: %s - %s",
+								e, e.getTriple()));
+			}
+		}
+	}
+
+	@Test
+	public void testTripleMatch() throws Exception
+	{
+		try
+		{
+			Assert.assertFalse(securedGraph.find(new TripleMatch() {
+
+				@Override
+				public Triple asTriple()
+				{
+					return Triple.ANY;
+				}
+
+				@Override
+				public Node getMatchObject()
+				{
+					return Node.ANY;
+				}
+
+				@Override
+				public Node getMatchPredicate()
+				{
+					return Node.ANY;
+				}
+
+				@Override
+				public Node getMatchSubject()
+				{
+					return Node.ANY;
+				}
+			}).toList().isEmpty());
+			if (!securityEvaluator.evaluate(Action.Read))
+			{
+				Assert.fail("Should have thrown AccessDenied Exception");
+			}
+		}
+		catch (final AccessDeniedException e)
+		{
+			if (securityEvaluator.evaluate(Action.Read))
+			{
+				Assert.fail(String
+						.format("Should not have thrown AccessDenied Exception: %s - %s",
+								e, e.getTriple()));
+			}
+		}
+	}
+
+}

http://git-wip-us.apache.org/repos/asf/jena/blob/b712fb28/jena-permissions/src/test/java/org/apache/jena/security/graph/RecordingGraphListener.java
----------------------------------------------------------------------
diff --git a/jena-permissions/src/test/java/org/apache/jena/security/graph/RecordingGraphListener.java b/jena-permissions/src/test/java/org/apache/jena/security/graph/RecordingGraphListener.java
new file mode 100644
index 0000000..d65d814
--- /dev/null
+++ b/jena-permissions/src/test/java/org/apache/jena/security/graph/RecordingGraphListener.java
@@ -0,0 +1,124 @@
+package org.apache.jena.security.graph;
+
+import java.util.Iterator;
+import java.util.List;
+
+import org.apache.jena.graph.Graph ;
+import org.apache.jena.graph.GraphListener ;
+import org.apache.jena.graph.Triple ;
+
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ * 
+ * http://www.apache.org/licenses/LICENSE-2.0
+ * 
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+public class RecordingGraphListener implements GraphListener
+{
+
+	private boolean add;
+	private boolean delete;
+	private boolean event;
+
+	public boolean isAdd()
+	{
+		return add;
+	}
+
+	public boolean isDelete()
+	{
+		return delete;
+	}
+
+	public boolean isEvent()
+	{
+		return event;
+	}
+
+	@Override
+	public void notifyAddArray( final Graph g, final Triple[] triples )
+	{
+		add = true;
+	}
+
+	@Override
+	public void notifyAddGraph( final Graph g, final Graph added )
+	{
+		add = true;
+	}
+
+	@Override
+	public void notifyAddIterator( final Graph g, final Iterator<Triple> it )
+	{
+		add = true;
+	}
+
+	@Override
+	public void notifyAddList( final Graph g, final List<Triple> triples )
+	{
+		add = true;
+	}
+
+	@Override
+	public void notifyAddTriple( final Graph g, final Triple t )
+	{
+		add = true;
+	}
+
+	@Override
+	public void notifyDeleteArray( final Graph g, final Triple[] triples )
+	{
+		delete = true;
+	}
+
+	@Override
+	public void notifyDeleteGraph( final Graph g, final Graph removed )
+	{
+		delete = true;
+	}
+
+	@Override
+	public void notifyDeleteIterator( final Graph g,
+			final Iterator<Triple> it )
+	{
+		delete = true;
+	}
+
+	@Override
+	public void notifyDeleteList( final Graph g, final List<Triple> L )
+	{
+		delete = true;
+	}
+
+	@Override
+	public void notifyDeleteTriple( final Graph g, final Triple t )
+	{
+		delete = true;
+	}
+
+	@Override
+	public void notifyEvent( final Graph source, final Object value )
+	{
+		event = true;
+	}
+
+	public void reset()
+	{
+		add = false;
+		delete = false;
+		event = false;
+	}
+
+}
\ No newline at end of file

http://git-wip-us.apache.org/repos/asf/jena/blob/b712fb28/jena-permissions/src/test/java/org/apache/jena/security/graph/SecuredPrefixMappingTest.java
----------------------------------------------------------------------
diff --git a/jena-permissions/src/test/java/org/apache/jena/security/graph/SecuredPrefixMappingTest.java b/jena-permissions/src/test/java/org/apache/jena/security/graph/SecuredPrefixMappingTest.java
new file mode 100644
index 0000000..7ad4e84
--- /dev/null
+++ b/jena-permissions/src/test/java/org/apache/jena/security/graph/SecuredPrefixMappingTest.java
@@ -0,0 +1,440 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ * 
+ * http://www.apache.org/licenses/LICENSE-2.0
+ * 
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.jena.security.graph;
+
+import java.lang.reflect.Method;
+import java.util.HashMap;
+
+import org.junit.Assert;
+import org.apache.jena.graph.Graph ;
+import org.apache.jena.security.AccessDeniedException;
+import org.apache.jena.security.Factory;
+import org.apache.jena.security.SecurityEvaluator;
+import org.apache.jena.security.SecurityEvaluatorParameters;
+import org.apache.jena.security.SecurityEvaluator.Action;
+import org.apache.jena.security.graph.SecuredGraph;
+import org.apache.jena.security.graph.SecuredPrefixMapping;
+import org.apache.jena.shared.PrefixMapping ;
+import org.apache.jena.shared.impl.PrefixMappingImpl ;
+import org.apache.jena.sparql.graph.GraphFactory ;
+import org.junit.Before;
+import org.junit.Test;
+import org.junit.runner.RunWith;
+
+@RunWith( value = SecurityEvaluatorParameters.class )
+public class SecuredPrefixMappingTest
+{
+	public static void runTests( final SecurityEvaluator securityEvaluator,
+			final PrefixMapping prefixMapping ) throws Exception
+	{
+		final PrefixMapping pm = prefixMapping;
+		Assert.assertNotNull("PrefixMapping may not be null", pm);
+		Assert.assertTrue("PrefixMapping should be secured",
+				pm instanceof SecuredPrefixMapping);
+		final SecuredPrefixMappingTest pmTest = new SecuredPrefixMappingTest(
+				securityEvaluator) {
+			@Override
+			public void setup()
+			{
+				this.securedMapping = (SecuredPrefixMapping) pm;
+			}
+		};
+		Method lockTest = null;
+		for (final Method m : pmTest.getClass().getMethods())
+		{
+			if (m.isAnnotationPresent(Test.class))
+			{
+				// lock test must come last
+				if (m.getName().equals("testLock"))
+				{
+					lockTest = m;
+				}
+				else
+				{
+					pmTest.setup();
+					m.invoke(pmTest);
+				}
+
+			}
+		}
+		Assert.assertNotNull( "Did not find 'testLock' method", lockTest );		
+		pmTest.setup();
+		lockTest.invoke(pmTest);
+
+	}
+
+	private final SecurityEvaluator securityEvaluator;
+	private final Object principal;
+
+	protected SecuredPrefixMapping securedMapping;
+
+	public SecuredPrefixMappingTest( final SecurityEvaluator securityEvaluator )
+	{
+		this.securityEvaluator = securityEvaluator;
+		this.principal = securityEvaluator.getPrincipal();
+	}
+
+	@Before
+	public void setup()
+	{
+		final Graph g = GraphFactory.createDefaultGraph();
+
+		final SecuredGraph sg = Factory.getInstance(securityEvaluator,
+				"http://example.com/testGraph", g);
+		this.securedMapping = sg.getPrefixMapping();
+	}
+
+	@Test
+	public void testExpandPrefix()
+	{
+				try
+		{
+			securedMapping.expandPrefix("foo");
+			if (!securityEvaluator.evaluate(principal, Action.Read,
+					securedMapping.getModelNode()))
+			{
+				Assert.fail("Should have thrown AccessDenied Exception");
+			}
+		}
+		catch (final AccessDeniedException e)
+		{
+			if (securityEvaluator.evaluate(principal, Action.Read,
+					securedMapping.getModelNode()))
+			{
+				Assert.fail(String
+						.format("Should not have thrown AccessDenied Exception: %s - %s",
+								e, e.getTriple()));
+			}
+		}
+	}
+
+	@Test
+	public void testGetNsPrefixMap()
+	{
+				try
+		{
+			securedMapping.getNsPrefixMap();
+			if (!securityEvaluator.evaluate(principal, Action.Read,
+					securedMapping.getModelNode()))
+			{
+				Assert.fail("Should have thrown AccessDenied Exception");
+			}
+		}
+		catch (final AccessDeniedException e)
+		{
+			if (securityEvaluator.evaluate(principal, Action.Read,
+					securedMapping.getModelNode()))
+			{
+				Assert.fail(String
+						.format("Should not have thrown AccessDenied Exception: %s - %s",
+								e, e.getTriple()));
+			}
+		}
+	}
+
+	@Test
+	public void testGetNsPrefixURI()
+	{
+				try
+		{
+			securedMapping.getNsPrefixURI("foo");
+			if (!securityEvaluator.evaluate(principal, Action.Read,
+					securedMapping.getModelNode()))
+			{
+				Assert.fail("Should have thrown AccessDenied Exception");
+			}
+		}
+		catch (final AccessDeniedException e)
+		{
+			if (securityEvaluator.evaluate(principal, Action.Read,
+					securedMapping.getModelNode()))
+			{
+				Assert.fail(String
+						.format("Should not have thrown AccessDenied Exception: %s - %s",
+								e, e.getTriple()));
+			}
+		}
+
+	}
+
+	@Test
+	public void testGetNsURIPrefix()
+	{
+				try
+		{
+			securedMapping.getNsURIPrefix("http://example.com/foo");
+			if (!securityEvaluator.evaluate(principal, Action.Read,
+					securedMapping.getModelNode()))
+			{
+				Assert.fail("Should have thrown AccessDenied Exception");
+			}
+		}
+		catch (final AccessDeniedException e)
+		{
+			if (securityEvaluator.evaluate(principal, Action.Read,
+					securedMapping.getModelNode()))
+			{
+				Assert.fail(String
+						.format("Should not have thrown AccessDenied Exception: %s - %s",
+								e, e.getTriple()));
+			}
+		}
+	}
+
+	@Test
+	public void testLock()
+	{
+				try
+		{
+			securedMapping.lock();
+			if (!securityEvaluator.evaluate(principal, Action.Update,
+					securedMapping.getModelNode()))
+			{
+				Assert.fail("Should have thrown AccessDenied Exception");
+			}
+		}
+		catch (final AccessDeniedException e)
+		{
+			if (securityEvaluator.evaluate(principal, Action.Update,
+					securedMapping.getModelNode()))
+			{
+				Assert.fail(String
+						.format("Should not have thrown AccessDenied Exception: %s - %s",
+								e, e.getTriple()));
+			}
+		}
+
+	}
+
+	@Test
+	public void testQnameFor()
+	{
+		try
+		{
+			securedMapping.qnameFor("http://example.com/foo/bar");
+			if (!securityEvaluator.evaluate(principal, Action.Read,
+					securedMapping.getModelNode()))
+			{
+				Assert.fail("Should have thrown AccessDenied Exception");
+			}
+		}
+		catch (final AccessDeniedException e)
+		{
+			if (securityEvaluator.evaluate(principal, Action.Read,
+					securedMapping.getModelNode()))
+			{
+				Assert.fail(String
+						.format("Should not have thrown AccessDenied Exception: %s - %s",
+								e, e.getTriple()));
+			}
+		}
+	}
+
+	@Test
+	public void testRemoveNsPrefix()
+	{
+		try
+		{
+			securedMapping.removeNsPrefix("foo");
+			if (!securityEvaluator.evaluate(principal, Action.Update,
+					securedMapping.getModelNode()))
+			{
+				Assert.fail("Should have thrown AccessDenied Exception");
+			}
+		}
+		catch (final AccessDeniedException e)
+		{
+			if (securityEvaluator.evaluate(principal, Action.Update,
+					securedMapping.getModelNode()))
+			{
+				Assert.fail(String
+						.format("Should not have thrown AccessDenied Exception: %s - %s",
+								e, e.getTriple()));
+			}
+		}
+
+	}
+
+	@Test
+	public void testSamePrefixMappingAs()
+	{
+		try
+		{
+			securedMapping.samePrefixMappingAs(GraphFactory
+					.createDefaultGraph().getPrefixMapping());
+			if (!securityEvaluator.evaluate(principal, Action.Read,
+					securedMapping.getModelNode()))
+			{
+				Assert.fail("Should have thrown AccessDenied Exception");
+			}
+		}
+		catch (final AccessDeniedException e)
+		{
+			if (securityEvaluator.evaluate(principal, Action.Read,
+					securedMapping.getModelNode()))
+			{
+				Assert.fail(String
+						.format("Should not have thrown AccessDenied Exception: %s - %s",
+								e, e.getTriple()));
+			}
+		}
+	}
+
+	@Test
+	public void testSetNsPrefix()
+	{
+		try
+		{
+			securedMapping.setNsPrefix("foo", "http://example.com/foo");
+			if (!securityEvaluator.evaluate(principal, Action.Update,
+					securedMapping.getModelNode()))
+			{
+
+				Assert.fail("Should have thrown AccessDenied Exception");
+			}
+		}
+		catch (final AccessDeniedException e)
+		{
+			if (securityEvaluator.evaluate(principal, Action.Update,
+					securedMapping.getModelNode()))
+			{
+				Assert.fail(String
+						.format("Should not have thrown AccessDenied Exception: %s - %s",
+								e, e.getTriple()));
+			}
+		}
+
+		try
+		{
+			securedMapping.setNsPrefixes(GraphFactory.createDefaultGraph()
+					.getPrefixMapping());
+			if (!securityEvaluator.evaluate(principal, Action.Update,
+					securedMapping.getModelNode()))
+			{
+				Assert.fail("Should have thrown AccessDenied Exception");
+			}
+		}
+		catch (final AccessDeniedException e)
+		{
+			if (securityEvaluator.evaluate(principal, Action.Update,
+					securedMapping.getModelNode()))
+			{
+				Assert.fail(String
+						.format("Should not have thrown AccessDenied Exception: %s - %s",
+								e, e.getTriple()));
+			}
+		}
+
+		try
+		{
+			securedMapping.setNsPrefixes(new HashMap<String, String>());
+			if (!securityEvaluator.evaluate(principal, Action.Update,
+					securedMapping.getModelNode()))
+			{
+				Assert.fail("Should have thrown AccessDenied Exception");
+			}
+		}
+		catch (final AccessDeniedException e)
+		{
+			if (securityEvaluator.evaluate(principal, Action.Update,
+					securedMapping.getModelNode()))
+			{
+				Assert.fail(String
+						.format("Should not have thrown AccessDenied Exception: %s - %s",
+								e, e.getTriple()));
+			}
+		}
+	}
+
+	@Test
+	public void testShortForm()
+	{
+		try
+		{
+			securedMapping.shortForm("http://example.com/foo/bar");
+			if (!securityEvaluator.evaluate(principal, Action.Read,
+					securedMapping.getModelNode()))
+			{
+				Assert.fail("Should have thrown AccessDenied Exception");
+			}
+		}
+		catch (final AccessDeniedException e)
+		{
+			if (securityEvaluator.evaluate(principal, Action.Read,
+					securedMapping.getModelNode()))
+			{
+				Assert.fail(String
+						.format("Should not have thrown AccessDenied Exception: %s - %s",
+								e, e.getTriple()));
+			}
+		}
+	}
+
+	@Test
+	public void testWithDefaultMappings()
+	{
+		PrefixMapping pm = new PrefixMappingImpl();
+		pm.setNsPrefix( "example", "http://example.com");
+		try
+		{
+			// make sure that it must update
+			securedMapping.withDefaultMappings(pm);
+			if (!securityEvaluator.evaluate(principal, Action.Update,
+					securedMapping.getModelNode()))
+			{
+				Assert.fail("Should have thrown AccessDenied Exception");
+			}
+		}
+		catch (final AccessDeniedException e)
+		{
+			if (securityEvaluator.evaluate(principal, Action.Update,
+					securedMapping.getModelNode()))
+			{
+				Assert.fail(String
+						.format("Should not have thrown AccessDenied Exception: %s - %s",
+								e, e.getTriple()));
+			}
+		}
+	}
+	
+	@Test
+	public void testWithDefaultMappingsNoAdd()
+	{
+		PrefixMapping pm = new PrefixMappingImpl();
+		try
+		{
+			// make sure that it must update
+			securedMapping.withDefaultMappings(pm);
+//			if (!securityEvaluator.evaluate(Action.Update,
+//					securedMapping.getModelNode()))
+//			{
+//				Assert.fail("Should have thrown AccessDenied Exception");
+//			}
+		}
+		catch (final AccessDeniedException e)
+		{
+			if (securityEvaluator.evaluate(principal, Action.Update,
+					securedMapping.getModelNode()))
+			{
+				Assert.fail(String
+						.format("Should not have thrown AccessDenied Exception: %s - %s",
+								e, e.getTriple()));
+			}
+		}
+	}
+}

http://git-wip-us.apache.org/repos/asf/jena/blob/b712fb28/jena-permissions/src/test/java/org/apache/jena/security/graph/TDBGraphTest.java
----------------------------------------------------------------------
diff --git a/jena-permissions/src/test/java/org/apache/jena/security/graph/TDBGraphTest.java b/jena-permissions/src/test/java/org/apache/jena/security/graph/TDBGraphTest.java
new file mode 100644
index 0000000..5fb7178
--- /dev/null
+++ b/jena-permissions/src/test/java/org/apache/jena/security/graph/TDBGraphTest.java
@@ -0,0 +1,58 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ * 
+ * http://www.apache.org/licenses/LICENSE-2.0
+ * 
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.jena.security.graph;
+
+import java.io.File;
+import java.io.IOException;
+
+import org.apache.jena.graph.Graph ;
+import org.apache.jena.security.MockSecurityEvaluator;
+import org.apache.jena.sparql.core.DatasetGraph ;
+import org.apache.jena.tdb.TDB ;
+import org.apache.jena.tdb.TDBFactory ;
+import org.junit.After;
+
+public class TDBGraphTest extends MemGraphTest
+{
+
+	private DatasetGraph dsGraph;
+
+	private File f;
+
+	public TDBGraphTest( final MockSecurityEvaluator securityEvaluator )
+	{
+		super(securityEvaluator);
+	}
+
+	@Override
+	protected Graph createGraph() throws IOException
+	{
+		TDB.init();
+		dsGraph = TDBFactory.createDataset().asDatasetGraph();
+		return dsGraph.getDefaultGraph();
+	}
+
+	@After
+	public void tearDown()
+	{
+		TDB.sync(dsGraph);
+		dsGraph.close();
+		TDB.closedown();
+	}
+
+}


Mime
View raw message