/*******************************************************************************
* Copyright (c) 2007 Cambridge Semantics Incorporated.
* All rights reserved. This program and the accompanying materials
* are made available under the terms of the Eclipse Public License v1.0
* which accompanies this distribution, and is available at
* http://www.eclipse.org/legal/epl-v10.html
*
* File: $Source$
* Created by: Matthew Roy ( <a href="mailto:mroy@cambridgesemantics.com">mroy@cambridgesemantics.com </a>)
* Created on: Oct 27, 2007
* Revision: $Id$
*
* Contributors:
* Cambridge Semantics Incorporated - initial API and implementation
*******************************************************************************/
package org.openanzo.datasource.services;
import java.io.Writer;
import java.util.Set;
import org.openanzo.datasource.IAuthorizationService;
import org.openanzo.exceptions.AnzoException;
import org.openanzo.exceptions.ExceptionConstants;
import org.openanzo.rdf.URI;
import org.openanzo.rdf.utils.SerializationConstants;
import org.openanzo.services.DynamicServiceStats;
import org.openanzo.services.IOperationContext;
import org.openanzo.services.Privilege;
import org.openanzo.services.serialization.IValueSetHandler;
import org.openanzo.services.serialization.WriterURIValueSetHandler;
import org.openanzo.services.serialization.handlers.URIValueSetHandler;
/**
* Base implementation of service which is in charge of authentication and authorization within the server.
*
* @author Matthew Roy ( <a href="mailto:mroy@cambridgesemantics.com">mroy@cambridgesemantics.com </a>)
*
*/
public abstract class BaseAuthorizationService extends BaseDatasourceComponent implements IAuthorizationService {
protected DynamicServiceStats stats;
public DynamicServiceStats getStatistics() {
return stats;
}
public String getName() {
return getDatasource().getName() + ",Service=AuthorizationService";
}
public String getDescription() {
return "Authorization Service for " + getDatasource().getName();
}
public void start() throws AnzoException {
stats = new DynamicServiceStats("getRolesForGraph");
stats.setEnabled(true);
}
public void reset() throws AnzoException {
stats.reset();
}
/**
* Get a set of users that have permission to read the statements in this graph Note:Only users in the sysAdmin role can call this method
*
* @param context
* {@link IOperationContext} context for this operation
* @param namedGraphUri
* {@link URI} of named graph
* @param valueSetHandler
* {@link IValueSetHandler} call-back handler that handles the values found
* @throws AnzoException
*/
private void getRolesForGraph(IOperationContext context, URI namedGraphUri, Privilege privilege, IValueSetHandler<URI> valueSetHandler) throws AnzoException {
long start = 0;
if (stats.isEnabled()) {
start = System.currentTimeMillis();
}
if (getLockProvider() != null)
getLockProvider().readLock().lock();
logEntry();
try {
if (namedGraphUri == null) {
throw new AnzoException(ExceptionConstants.SERVER.MISSING_ARG, SerializationConstants.namedGraphUri, "getRolesForGraph");
}
if (privilege == null) {
throw new AnzoException(ExceptionConstants.SERVER.MISSING_ARG, SerializationConstants.privilege, "getRolesForGraph");
}
this.getRolesForGraphInternal(context, namedGraphUri, privilege, valueSetHandler);
} finally {
if (stats.isEnabled()) {
stats.use("getRolesForGraph", (System.currentTimeMillis() - start));
}
if (getLockProvider() != null)
getLockProvider().readLock().unlock();
logExit();
}
}
public Set<URI> getRolesForGraph(IOperationContext context, URI namedGraphUri, Privilege privilege) throws AnzoException {
URIValueSetHandler handler = new URIValueSetHandler();
getRolesForGraph(context, namedGraphUri, privilege, handler);
return handler.getURIs();
}
public void getRolesForGraph(IOperationContext context, URI namedGraphUri, Privilege privilege, Writer output, String format) throws AnzoException {
getRolesForGraph(context, namedGraphUri, privilege, new WriterURIValueSetHandler(output, format));
}
/**
* Get the set of roles for the given graph
*
* @param context
* {@link IOperationContext} context for this operation
* @param namedGraphUri
* {@link URI} of named graph for which to determine users
* @param privilege
* privilege that is being checked
* @param valueSetHandler
* {@link IValueSetHandler} that handles the results of this request
* @throws AnzoException
* {@link ExceptionConstants.DATASOURCE.NAMEDGRAPH#NOT_FOUND} if specified named graph could not be found
* @throws AnzoException
* {@link ExceptionConstants.DATASOURCE.USER#SELECT_ROLES} if there was an SQL error selecting roles for the user
* @throws AnzoException
* {@link ExceptionConstants.IO#WRITE_ERROR} if there was an IO error writing to the valueSetHandler
*/
protected abstract void getRolesForGraphInternal(IOperationContext context, URI graphUri, Privilege privilege, IValueSetHandler<URI> valueSetHandler) throws AnzoException;
}