JESS: Jess Access Control

classic Classic list List threaded Threaded
4 messages Options
Reply | Threaded
Open this post in threaded view
|

JESS: Jess Access Control

Michael Eugene Artz

 

Hi Im still having problems getting this to return the right results.  Eventually I want this to read something from a file, but right now Im hard coding the data in the DemoDatabase class.  The output is at the end, and as you can see, all the file permissions say that everyone has read priveledges, only Mike Artz is supposed to have read-write priveldges on file.txt, acording he data that was hard coded in.  I hve spent quite a bit of time trying to figure out why this doesnt work, and I dont know why.  Maybe when I use the import statement in the Jess Script, (import C:.Users.Michael.workspace.JessUserAccess.src*), but im not sure.  I tried to modify that statement a few different ways but it didnt seem to change anything.  The JEss Script starts right below with the line ";;Users.cp", then the Java code ends after  "}//End Database interface".  I just really want the output to say that Mike Artz has readwrite priveledges on file.txt.  Please any assisstance would be great.

 

 

 

;;Users.clp

;; First define templates for the model classes so we can use them
;; in our user access rules. This doesn't create any model objects --
;; it just tells Jess to examine the classes and set up templates
;; using their properties
(import C:.Users.Michael.workspace.JessUserAccess.src*)
(deftemplate FileRead (declare (from-class FileRead)))
(deftemplate Profile (declare (from-class Profile)))
;; Now define the user access rules themselves. Each rule matches a set
;; of conditions and then creates a Role object to represent a
;; role that user has on a file. The rules assume that
;; there will be just one User, along with all the Files.
(defglobal ?*read-write* = read-write)
(defglobal ?*read* = read)
(defrule owner-role
"Give a user the read-write role if he or she is the owner of the file."
(FileRead (ownerFirst ?ownerFirst)(ownerLast ?ownerLast)(file ?file)(ownerID ID?))
(Profile(first ?ownerFirst)(last ?ownerLast) (idNum ?ID))
=>
(add (new FilePermission ?file ?ID ?ownerLast ?ownerFirst ?*read-write*)))
(defrule read-role
"Give a user the read role if he or she is not the owner of the file."
(FileRead (ownerFirst ?ownerFirst)(ownerLast ?ownerLast)(file ?file) (ownerID ?ID))
(Profile(first ?First)(last ?Last) (idNum ?idNum))
=>
(add (new FilePermission ?file ?idNum ?Last ?First ?*read*)))
 
 

//follows javabeans conventions

public class FilePermission

{

//fields that are in the FilePermission object

private String fileName;

private int profileNum;

private String last;

private String first;

private String role;

public FilePermission(String aFileName, int aProfileNum, String aLast, String aFirst, String aRole)

{

last = aLast;

first = aFirst;

fileName = aFileName;

profileNum = aProfileNum;

role = aRole;

} //end FilePermission constructor

public String getfileName()

{

return fileName;

} // end getfileName

public int getprofileNum()

{

return profileNum;

} // end getprofileNum

public String getlast()

{

return last;

} // end getlast

public String getfirst()

{

return first;

} // end getfirst

public String getrole()

{

return role;

} // end getrole

public String toString()

{

return first + " " + last + " has " + role + " permission " + "for "+

fileName;

} //end toString

} // end FilePermission

 

 

//keeps the info about the file and the owner of the file

public class FileRead

{

private String ownerFirst;

private String ownerLast;

private String file;

private int ownerID;

//keeps the info about the file and the inf

public FileRead(String aFirst, String aLast, String aFile, int aOwnerID)

{

ownerFirst = aLast;

ownerLast = aFirst;

file = aFile;

ownerID = aOwnerID;

} // end FileREad constructor

 

public String getownerFirst()

{

return ownerFirst;

} // end getownerFirst

public String getownerLast()

{

return ownerLast;

} // end ownerLast

public String getfile()

{

return file;

}// end getFile

public int getownerID()

{

return ownerID;

} //end getownerID

} // end FileRead

 

 

 

//follows Javabeans properties, holds info about the people trying to access

//a file

public class Profile

{

private String last;

private String first;

private int idNum;

public Profile(int aID, String aFirst, String aLast)

{

idNum = aID;

last = aLast;

first = aFirst;

}

public String getlast()

{

return last;

} // end getlast

public String getfirst()

{

return first;

} //end getfirst

public int getidNum()

{

return idNum;

} //end getidNum

} // end Profile
 

import jess.*;

import java.util.Iterator;

public class UserAccessEngine

{

private Rete engine;

private WorkingMemoryMarker marker;

private Database database;

public UserAccessEngine(Database aDatabase) throws JessException

{

// Create a Jess rule engine

engine = new Rete();

engine.reset();

// Load the pricing rules

engine.batch("C:\\Users\\Michael\\workspace\\JessUserAccess\\lib\\users.clp");

// Load the catalog data into working memory

database = aDatabase;

engine.addAll(database.getFiles());

// Mark end of catalog data for later

marker = engine.mark();

}

private void loadOrderData(int profileNumber) throws JessException

{

// Retrieve the order from the database

Profile profile = database.getProfile(profileNumber);

if (profile != null)

{

// Add the profile to working memory

engine.add(profile);

} // end if

}

public Iterator run(int profileNumber) throws JessException

{

// Remove any previous order data, leaving only catalog data

engine.resetToMark(marker);

// Load data for this order

loadOrderData(profileNumber);

// Fire the rules that apply to this profile

engine.run();

// Return the list of roles created by the rules

return engine.getObjects(new Filter.ByClass(FilePermission.class));

} // end run

} // end

 

 

import java.util.ArrayList;

import java.util.Map;

import java.util.Collection;

import java.util.HashMap;

 

/**

* A toy implementation of the Database interface with some

* hard-coded file and profile data. This uses an ArrayList and a HashMap

* to hold the files and profiles respectively. This data is hard coded

* for testing purposes

*/

public class DemoDatabase implements Database {

private ArrayList files; //will hold the files that we will be reading

private Profile profile; //

private Map profiles;

public DemoDatabase()

{

createFiles(); //do the createFiles method

createProfiles(); //do the createProfiles method

}

private void createProfiles()

{

//creates new HashMap

profiles = new HashMap();

//ArrayList userProfiles = new ArrayList();

profiles.put(new Integer(1),(new Profile(1, "Mike", "Artz")));

profiles.put(new Integer(2),(new Profile(2, "Suzy", "Kolber")));

profiles.put(new Integer(3),(new Profile(3, "Stan", "Mikita")));

profiles.put(new Integer(4),(new Profile(4, "Nikita", "Kruschev")));

}

//creates an ArrayList to hold the hard coded data

private void createFiles()

{

files = new ArrayList(); //creates an ArrayList of files to hold the files

files.add(new FileRead("Mike", "Artz", "file.txt", 1));

files.add(new FileRead("Tom", "Saywer", "A Really Good Magazine", 5));

files.add(new FileRead("Chris", "Webber", "NBAJAMS.exe", 6));

}

public Collection getFiles()

{

return files; //returns the files ArrayList as a Collection, they share the same Super

}

/*get a specific profile from the hashMap profiles dependent upon the profile number that is

* passed as parameter

*/

public Profile getProfile(int profileNumber)

{

//return new Profile(1, "Mike", "Artz");

return (Profile)profiles.get(new Integer(profileNumber));

}

}// End DemoDatabase

 

 

import java.util.Iterator;

import jess.JessException;

 

public class Demo {

public static void main(String[] args) {

try

{

DemoDatabase database = new DemoDatabase(); //creates a new demodatabase object

UserAccessEngine engine = new UserAccessEngine(database); //creates new UserAccessEngine

processRole(database, engine, 1); //processes a role using the two objects above, and profile 1

processRole(database, engine, 2);

processRole(database, engine, 3);

processRole(database, engine, 4);

} //end try

/* Prints out the trace of the exception if JessException is thrown*/

catch (JessException e)

{

e.printStackTrace();

} // end catch

}

private static void processRole(DemoDatabase database, UserAccessEngine engine, int aID) throws JessException

{

//Iterator files, prints out a message prior to getting the needed info

Iterator roles;

System.out.println("First and Last Name of User " + aID + ":");

//Prints out first and last name referred to by the specified ID num

//uses the getFirst getter Method to return the the profile of aID and first Name of profile

String firstName = database.getProfile(aID).getfirst();

//Same only with last name

String lastName = database.getProfile(aID).getlast();

//Prints out last name and first name

System.out.println(firstName + " " + lastName);

//uses the Jess method run from the rete class and returns the values to role iterator

roles = engine.run(aID);

System.out.println("Roles for " + firstName + ":");

//While the interator continues to have tokens, prints out the results, which are obviously roles

while (roles.hasNext())

{

//Prints out the next role and uses the toString method from the iterator

System.out.println(" " + (String)roles.next().toString());

} // end while

System.out.println();

} //end processRole

} // End Demo

 

 

import java.util.ArrayList;

import java.util.Collection;

/*This interface is the interface that will be implemented by DemoDatabase*/

public interface Database

{

public Collection getFiles(); //returns a Collection, gets all the files

public Profile getProfile(int profileNumber); //gets a Profile dependant on a profile number

}//End Database interface
 
 
 

First and Last Name of User 1:

Mike Artz

Roles for Mike:

Mike Artz has read permission for NBAJAMS.exe

Mike Artz has read permission for A Really Good Magazine

Mike Artz has read permission for file.txt

First and Last Name of User 2:

Suzy Kolber

Roles for Suzy:

Suzy Kolber has read permission for A Really Good Magazine

Suzy Kolber has read permission for file.txt

Suzy Kolber has read permission for NBAJAMS.exe

First and Last Name of User 3:

Stan Mikita

Roles for Stan:

Stan Mikita has read permission for file.txt

Stan Mikita has read permission for NBAJAMS.exe

Stan Mikita has read permission for A Really Good Magazine

First and Last Name of User 4:

Nikita Kruschev

Roles for Nikita:

Nikita Kruschev has read permission for file.txt

Nikita Kruschev has read permission for A Really Good Magazine

Nikita Kruschev has read permission for NBAJAMS.exe

Reply | Threaded
Open this post in threaded view
|

Re: JESS: Jess Access Control

Wolfgang Laun-2
(a) There is an error in the first rule:

(defrule owner-role

   "Give a user the read-write role if he or she is the owner of the file."
   (FileRead (ownerFirst ?ownerFirst)
                   (ownerLast ?ownerLast)
                   (file ?file)
                   (ownerID ID?))


ID? => ?ID

As written, this rule never fires - no ownerID is equal to the symbol ID?

(b) If the FilePermission facts should be unique for each owner-file combination, the second rule must make sure that the id values from FileRead and Profile are not equal.

(defrule read-role
  "Give a user the read role if he or she is not the owner of the file."
  (FileRead (ownerFirst ?ownerFirst)
            (ownerLast ?ownerLast)
            (file ?file)
            (ownerID ?ID))
  (Profile (first ?First)
           (last ?Last)
           (idNum ~?ID))

As written, the rule fires for any combination, which explains the output.

-W

2011/3/20 Michael Eugene Artz <[hidden email]>

 

Hi Im still having problems getting this to return the right results.  Eventually I want this to read something from a file, but right now Im hard coding the data in the DemoDatabase class.  The output is at the end, and as you can see, all the file permissions say that everyone has read priveledges, only Mike Artz is supposed to have read-write priveldges on file.txt, acording he data that was hard coded in.  I hve spent quite a bit of time trying to figure out why this doesnt work, and I dont know why.  Maybe when I use the import statement in the Jess Script, (import C:.Users.Michael.workspace.JessUserAccess.src*), but im not sure.  I tried to modify that statement a few different ways but it didnt seem to change anything.  The JEss Script starts right below with the line ";;Users.cp", then the Java code ends after  "}//End Database interface".  I just really want the output to say that Mike Artz has readwrite priveledges on file.txt.  Please any assisstance would be great.

 

 

 

;;Users.clp

;; First define templates for the model classes so we can use them
;; in our user access rules. This doesn't create any model objects --
;; it just tells Jess to examine the classes and set up templates
;; using their properties
(import C:.Users.Michael.workspace.JessUserAccess.src*)
(deftemplate FileRead (declare (from-class FileRead)))
(deftemplate Profile (declare (from-class Profile)))
;; Now define the user access rules themselves. Each rule matches a set
;; of conditions and then creates a Role object to represent a
;; role that user has on a file. The rules assume that
;; there will be just one User, along with all the Files.
(defglobal ?*read-write* = read-write)
(defglobal ?*read* = read)
(defrule owner-role
"Give a user the read-write role if he or she is the owner of the file."
(FileRead (ownerFirst ?ownerFirst)(ownerLast ?ownerLast)(file ?file)(ownerID ID?))
(Profile(first ?ownerFirst)(last ?ownerLast) (idNum ?ID))
=>
(add (new FilePermission ?file ?ID ?ownerLast ?ownerFirst ?*read-write*)))
(defrule read-role
"Give a user the read role if he or she is not the owner of the file."
(FileRead (ownerFirst ?ownerFirst)(ownerLast ?ownerLast)(file ?file) (ownerID ?ID))
(Profile(first ?First)(last ?Last) (idNum ?idNum))
=>
(add (new FilePermission ?file ?idNum ?Last ?First ?*read*)))
 
 

//follows javabeans conventions

public

class FilePermission

{

//fields that are in the FilePermission object

private String fileName;

private int profileNum;

private String last;

private String first;

private String role;

public FilePermission(String aFileName, int aProfileNum, String aLast, String aFirst, String aRole)

{

last = aLast;

first = aFirst;

fileName = aFileName;

profileNum = aProfileNum;

role = aRole;

}

//end FilePermission constructor

public String getfileName()

{

return fileName;

}

// end getfileName

public int getprofileNum()

{

return profileNum;

}

// end getprofileNum

public String getlast()

{

return last;

}

// end getlast

public String getfirst()

{

return first;

}

// end getfirst

public String getrole()

{

return role;

}

// end getrole

public String toString()

{

return first + " " + last + " has " + role + " permission " + "for "+

fileName;

}

//end toString

} // end FilePermission

 

 

//keeps the info about the file and the owner of the file

public

class FileRead

{

private String ownerFirst;

private String ownerLast;

private String file;

private int ownerID;

//keeps the info about the file and the inf

public FileRead(String aFirst, String aLast, String aFile, int aOwnerID)

{

ownerFirst = aLast;

ownerLast = aFirst;

file = aFile;

ownerID = aOwnerID;

}

// end FileREad constructor

 

public String getownerFirst()

{

return ownerFirst;

}

// end getownerFirst

public String getownerLast()

{

return ownerLast;

}

// end ownerLast

public String getfile()

{

return file;

}

// end getFile

public int getownerID()

{

return ownerID;

}

//end getownerID

}

// end FileRead

 

 

 

//follows Javabeans properties, holds info about the people trying to access

//a file

public

class Profile

{

private String last;

private String first;

private int idNum;

public Profile(int aID, String aFirst, String aLast)

{

idNum = aID;

last = aLast;

first = aFirst;

}

public String getlast()

{

return last;

}

// end getlast

public String getfirst()

{

return first;

}

//end getfirst

public int getidNum()

{

return idNum;

}

//end getidNum } // end Profile
 

import

jess.*; import java.util.Iterator;

public class UserAccessEngine

{

private Rete engine;

private WorkingMemoryMarker marker;

private Database database;

public UserAccessEngine(Database aDatabase) throws JessException

{

// Create a Jess rule engine

engine = new Rete();

engine.reset();

// Load the pricing rules

engine.batch("C:\\Users\\Michael\\workspace\\JessUserAccess\\lib\\users.clp");

// Load the catalog data into working memory

database = aDatabase;

engine.addAll(database.getFiles());

// Mark end of catalog data for later

marker = engine.mark();

}

private void loadOrderData(int profileNumber) throws JessException

{

// Retrieve the order from the database

Profile profile =

database.getProfile(profileNumber);

if (profile != null)

{

// Add the profile to working memory

engine.add(profile);

}

// end if

}

public Iterator run(int profileNumber) throws JessException

{

// Remove any previous order data, leaving only catalog data

engine.resetToMark(marker);

// Load data for this order

loadOrderData(profileNumber);

// Fire the rules that apply to this profile

engine.run();

// Return the list of roles created by the rules

return engine.getObjects(new Filter.ByClass(FilePermission.class));

}

// end run

} // end

 

 

import

java.util.ArrayList;

import

java.util.Map;

import

java.util.Collection; import java.util.HashMap;

 

/**

* A toy implementation of the Database interface with some

* hard

-coded file and profile data. This uses an ArrayList and a HashMap

* to hold the files and profiles respectively. This data is hard coded

* for testing purposes

*/

public

class DemoDatabase implements Database {

private ArrayList files; //will hold the files that we will be reading

private Profile profile; //

private Map profiles;

public DemoDatabase()

{

createFiles();

//do the createFiles method

createProfiles();

//do the createProfiles method

}

private void createProfiles()

{

//creates new HashMap

profiles = new HashMap();

//ArrayList userProfiles = new ArrayList();

profiles.put(new Integer(1),(new Profile(1, "Mike", "Artz")));

profiles.put(new Integer(2),(new Profile(2, "Suzy", "Kolber")));

profiles.put(new Integer(3),(new Profile(3, "Stan", "Mikita")));

profiles.put(new Integer(4),(new Profile(4, "Nikita", "Kruschev")));

}

//creates an ArrayList to hold the hard coded data

private void createFiles()

{

files = new ArrayList(); //creates an ArrayList of files to hold the files

files.add(new FileRead("Mike", "Artz", "file.txt", 1));

files.add(new FileRead("Tom", "Saywer", "A Really Good Magazine", 5));

files.add(new FileRead("Chris", "Webber", "NBAJAMS.exe", 6));

}

public Collection getFiles()

{

return files; //returns the files ArrayList as a Collection, they share the same Super

}

/*get a specific profile from the hashMap profiles dependent upon the profile number that is

* passed as parameter

*/

public Profile getProfile(int profileNumber)

{

//return new Profile(1, "Mike", "Artz");

return (Profile)profiles.get(new Integer(profileNumber));

}

}// End DemoDatabase

 

 

import

java.util.Iterator;

import jess.JessException;

 

public

class Demo {

public static void main(String[] args) {

try

{

DemoDatabase database =

new DemoDatabase(); //creates a new demodatabase object

UserAccessEngine engine =

new UserAccessEngine(database); //creates new UserAccessEngine

processRole(database, engine, 1);

//processes a role using the two objects above, and profile 1

processRole(database, engine, 2);

processRole(database, engine, 3);

processRole(database, engine, 4);

}

//end try

/* Prints out the trace of the exception if JessException is thrown*/

catch (JessException e)

{

e.printStackTrace();

}

// end catch

}

private static void processRole(DemoDatabase database, UserAccessEngine engine, int aID) throws JessException

{

//Iterator files, prints out a message prior to getting the needed info

Iterator roles;

System.

out.println("First and Last Name of User " + aID + ":");

//Prints out first and last name referred to by the specified ID num

//uses the getFirst getter Method to return the the profile of aID and first Name of profile

String firstName = database.getProfile(aID).getfirst();

//Same only with last name

String lastName = database.getProfile(aID).getlast();

//Prints out last name and first name

System.

out.println(firstName + " " + lastName);

//uses the Jess method run from the rete class and returns the values to role iterator

roles = engine.run(aID);

System.

out.println("Roles for " + firstName + ":");

//While the interator continues to have tokens, prints out the results, which are obviously roles

while (roles.hasNext())

{

//Prints out the next role and uses the toString method from the iterator

System.

out.println(" " + (String)roles.next().toString());

}

// end while

System.

out.println();

}

//end processRole

}

// End Demo

 

 

import

java.util.ArrayList; import java.util.Collection;

/*This interface is the interface that will be implemented by DemoDatabase*/

public

interface Database

{

public Collection getFiles(); //returns a Collection, gets all the files

public Profile getProfile(int profileNumber); //gets a Profile dependant on a profile number }//End Database interface
 
 
 

First and Last Name of User 1:

Mike Artz

Roles for Mike:

Mike Artz has read permission for NBAJAMS.exe

Mike Artz has read permission for A Really Good Magazine

Mike Artz has read permission for file.txt

First and Last Name of User 2:

Suzy Kolber

Roles for Suzy:

Suzy Kolber has read permission for A Really Good Magazine

Suzy Kolber has read permission for file.txt

Suzy Kolber has read permission for NBAJAMS.exe

First and Last Name of User 3:

Stan Mikita

Roles for Stan:

Stan Mikita has read permission for file.txt

Stan Mikita has read permission for NBAJAMS.exe

Stan Mikita has read permission for A Really Good Magazine

First and Last Name of User 4:

Nikita Kruschev

Roles for Nikita:

Nikita Kruschev has read permission for file.txt

Nikita Kruschev has read permission for A Really Good Magazine

Nikita Kruschev has read permission for NBAJAMS.exe


Reply | Threaded
Open this post in threaded view
|

RE: JESS: Jess Access Control

Michael Eugene Artz

First of all thanks a lot for that help.   Im not sure if I ever would have found that.  Im a litle mad at myself I missed the tilda thing in the documentation after all the time i spent reading it! haha.  Secondly, now Its not firing the read-write rule at all, I compared the two add new FilePErmission RHS statements, I cant find why it would fire this rule.  Since all FilePErmission are being printed, then there shoudlnt be any problem with that either.  Could it be something with the Jess part that Im not seeing?  I have posted the Jess script that I revised and the output, the Java code is still the same tho and its still down below, for simplicity sake i didnt repost.

 

;; First define templates for the model classes so we can use them
;; in our user access rules. This doesn't create any model objects --
;; it just tells Jess to examine the classes and set up templates
;; using their properties
(import C:.Users.Michael.workspace.JessUserAccess.src*)
;; (deftemplate FilePermission (declare (from-class
;; FilePermission)))
(deftemplate FileRead (declare (from-class FileRead)))
(deftemplate Profile (declare (from-class Profile)))
;; Now define the user access rules themselves. Each rule matches a set
;; of conditions and then creates a Role object to represent a
;; role that user has on a file. The rules assume that
;; there will be just one User, along with all the Files.
(defglobal ?*read-write* = read-write)
 
(defglobal ?*read* = read)
 
(defrule read-role
"Give a user the read role if he or she is not the owner of the file."
(Profile(first ?First)(last ?Last) (idNum ?idNum))
(FileRead (ownerFirst ?ownerFirst)(ownerLast ?ownerLast)(file ?file) (ownerID ~?idNum))
=>
(add (new FilePermission ?file ?idNum ?Last ?First ?*read*)))
 
(defrule owner-role
"Give a user the read-write role if he or she is the owner of the file."
(FileRead (ownerFirst ?ownerFirst)(ownerLast ?ownerLast)(file ?file)(ownerID ?ID))
(Profile(first ?ownerFirst)(last ?ownerLast) (idNum ?ID))
=>
(add (new FilePermission ?file ?ID ?ownerLast ?ownerFirst ?*read-write*)))

 

 

 

 

First and Last Name of User 1:

Mike Artz

Roles for Mike:

Mike Artz has read permission for NBAJAMS.exe

Mike Artz has read permission for A Really Good Magazine

First and Last Name of User 2:

Suzy Kolber

Roles for Suzy:

Suzy Kolber has read permission for file.txt

Suzy Kolber has read permission for A Really Good Magazine

Suzy Kolber has read permission for NBAJAMS.exe

First and Last Name of User 3:

Stan Mikita

Roles for Stan:

Stan Mikita has read permission for A Really Good Magazine

Stan Mikita has read permission for NBAJAMS.exe

Stan Mikita has read permission for file.txt

First and Last Name of User 4:

Nikita Kruschev

Roles for Nikita:

Nikita Kruschev has read permission for NBAJAMS.exe

Nikita Kruschev has read permission for file.txt

Nikita Kruschev has read permission for A Really Good Magazine


 

Date: Mon, 21 Mar 2011 08:13:31 +0100
Subject: Re: JESS: Jess Access Control
From: [hidden email]
To: [hidden email]

(a) There is an error in the first rule:

(defrule owner-role

   "Give a user the read-write role if he or she is the owner of the file."
   (FileRead (ownerFirst ?ownerFirst)
                   (ownerLast ?ownerLast)
                   (file ?file)
               &nb sp;   (ownerID ID?))


ID? => ?ID

As written, this rule never fires - no ownerID is equal to the symbol ID?

(b) If the FilePermission facts should be unique for each owner-file combination, the second rule must make sure that the id values from FileRead and Profile are not equal.

(defrule read-role
  "Give a user the read role if he or she is not the owner of the file."
  (FileRead (ownerFirst ?ownerFirst)
            (ownerLast ?ownerLast)
            (file ?file)
            (ownerID ?ID))
  (Profile (first ?First)
           (last ?Last)
           (idNum ~?ID))

As w ritten, the rule fires for any combination, which explains the output.

-W

2011/3/20 Michael Eugene Artz <[hidden email]>

 

Hi Im still having problems getting this to return the right results.  Eventually I want this to read something from a file, but right now Im hard coding the data in the DemoDatabase class.  The output is at the end, and as you can see, all the file permissions say that everyone has read priveledges, only Mike Artz is supposed to have read-write priveldges on file.txt, acording he data that was hard coded in.  I hve spent quite a bit of time trying to figure out why this doesnt work, and I dont know why.  Maybe when I use the import statement in the Jess Script, (import C:.Users.Michael.workspace.JessUserAccess.src*), but im not sure.  I tried to modify that statement a few different ways but it didnt seem to change anything.  The JEss Script starts right below with the line ";;Users.cp", then the Java code ends after  "}//End D atabase interface".  I just really want the output to say that Mike Artz has readwrite priveledges on file.txt.  Please any assisstance would be great.

 

 

 

;;Users.clp

;; First define templates for the model classes so we can use them
;; in our user access rules. This doesn't create any model objects --
;; it just tells Jess to examine the classes and set up templates
;; using their properties
(import C:.Users.Michael.workspace.JessUserAccess.src*)
(deftemplate FileRead (declare (from-class FileRead)))
(deftemplate Profile (declare (from-class Profile)))
;; Now define the user access rules themselves. Each rule matches a set
;; of conditions and then creates a Role object to represent a
;; role that user has on a file. The rules assume that
;; there will be just one User, along with a ll the Files.
(defglobal ?*read-write* = read-write)
(defglobal ?*read* = read)
(defrule owner-role
"Give a user the read-write role if he or she is the owner of the file."
(FileRead (ownerFirst ?ownerFirst)(ownerLast ?ownerLast)(file ?file)(ownerID ID?))
(Profile(first ?ownerFirst)(last ?ownerLast) (idNum ?ID))
=>
(add (new FilePermission ?file ?ID ?ownerLast ?ownerFirst ?*read-write*)))
(defrule read-role
"Give a user the read role if he or she is not the owner of the file."
(FileRead (ownerFirst ?ownerFirst)(ownerLast ?ownerLast)(file ?file) (ownerID ?ID))
(Profile(first ?First)(last ?Last) (idNum ?idNum))
=>
(add (new FilePermission ?file ?idNum ?Last ?First ?*read*)))
 
 

//follows javabeans conventions

public

class FilePermission

{

//fields that are in the FilePermission object

private String fileName;

private int profileNum;

private String last;

private String first;

private String role;

public FilePermission(String aFileName, int aProfileNum, String aLast, String aFirst, String aRole)

{

last = aLast;

first = aFirst;

fileName = aFileName;

profileNum = aProfileNum;

role = aRole;

}

//end FilePermission constructor

public String getfileName()

{

return fileName;

}

// end getfileName

public int getprofileNum()

{

return profileNum;

}

// end getprofileNum

public String getlast()

{

return last;

}

// end getlast

public String getfirst()

{

return first;

}

// end getfirst

public String getrole()

{

return role;

}

// end getrole

public String toString()

{

return first + " " + last + " has " + role + " permission " + "for "+

fileName;

}

//end toString

} // end FilePermission

 

 

//keeps the info about the file and the owner of the file

public

class FileRead

{

private String ownerFirst;

private String ownerLast;

private String file;

private int ownerID;

//keeps the info about the file and the inf

public FileRead(String aFirst, String aLast, String aFile, int aOwnerID)

{

ownerFirst = aLast;

ownerLast = aFirst;

file = aFile;

ownerID = aOwnerID;

}

// end FileREad constructor

 

public String getownerFirst()

{

return ownerFirst;

}

// end getownerFirst

public String getownerLast()

{

return ownerLast;

}

// end ownerLast

public String getfile()

{

return file;

}

// end getFile

public int getownerID()

{

return ownerID;

}

//end getownerID

}

// end FileRead

 

 

 

//follows Javabeans properties, holds info about the people trying to access

//a file

public

class Profile

{

private String last;

private String first;

private int idNum;

public Profile(int aID, String aFirst, String aLast)

{

idNum = aID;

last = aLast;

first = aFirst;

}

public String getlast()

{

return last;

}

// end getlast

public String getfirst()

{

return first;

}

//end getfirst

public int getidNum()

{

return idNum;

}

//end getidNum } // end Profile
 

import

jess.*; import java.util.Iterator;

public class UserAccessEngine

{

private Rete engine;

private WorkingMemoryMarker marker;

private Database database;

public UserAccessEngine(Database aDatabase) throws JessException

{

// Create a Jess rule engine

engine = new Rete();

engine.reset();

// Load the pricing rules

engine.batch("C:\\Users\\Michael\\workspace\\JessUserAccess\\lib\\users.clp");

// Load the catalog data into working memory

database = aDatabase;

engine.addAll(database.getFiles());

// Mark end of catalog data for later

marker = engine.mark();

}

private void loadOrderData(int profileNumber) throws JessException

{

// Retrieve the order from the database

Profile profile =

database.getProfile(profileNumber);

if (profile != null)

{

// Add the profile to working memory

engine.add(profile);

}

// end if

}

public Iterator run(int profileNumber) throws JessException

{

// Remove any previous order data, leaving only catalog data

engine.resetToMark(marker);

// Load data for this order

loadOrderData(profileNumber);

// Fire the rules that apply to this profile

engine.run();

// Return the list of roles created by the rules

return engine.getObjects(new Filter.ByClass(FilePermission.class));

}

// end run

} // end

 

 

import

java.util.ArrayList;

import

java.util.Map;

import

java.util.Collection; import java.util.HashMap;

 

/**

* A toy implementation of the Database interface with some

* hard

-coded file and profile data. This uses an ArrayList and a HashMap

* to hold the files and profiles respectively. This data is hard coded

* for testing purposes

*/

public

class DemoDatabase implements Database {

private ArrayList files; //will hold the files that we will be reading

private Profile profile; //

private Map profiles;

public DemoDatabase()

{

createFiles();

//do the createFiles method

createProfiles();

//do the createProfiles method

}

private void createProfiles()

{

//creates new HashMap

profiles = new HashMap();

//ArrayList userProfiles = new ArrayList();

profiles.put(new Integer(1),(new Profile(1, "Mike", "Artz")));

profiles.put(new Integer(2),(new Profile(2, "Suzy", "Kolber")));

profiles.put(new Integer(3),(new Profile(3, "Stan", "Mikita")));

profiles.put(new Integer(4),(new Profile(4, "Nikita", "Kruschev")));

}

//creates an ArrayList to hold the hard coded data

private void createFiles()

{

files = new ArrayList(); //creates an ArrayList of files to hold the files

files.add(new FileRead("Mike", "Artz", "file.txt", 1));

files.add(new FileRead("Tom", "Saywer", "A Really Good Magazine", 5));

files.add(new FileRead("Chris", "Webber", "NBAJAMS.exe", 6));

}

public Collection getFiles()

{

return files; //returns the files ArrayList as a Collection, they share the same Super

}

/*get a specific profile from the hashMap profiles dependent upon the profile number that is

* passed as parameter

*/

public Profile getProfile(int profileNumber)

{

//return new Profile(1, "Mike", "Artz");

return (Profile)profiles.get(new Integer(profileNumber));

}

}// End DemoDatabase

 

 

import

java.util.Iterator;

import jess.JessException;

 

public

class Demo {

public static void main(String[] args) {

try

{

DemoDatabase database =

new DemoDatabase(); //creates a new demodatabase object

UserAccessEngine engine =

new UserAccessEngine(database); //creates new UserAccessEngine

processRole(database, engine, 1);

//processes a role using the two objects above, and profile 1

processRole(database, engine, 2);

processRole(database, engine, 3);

processRole(database, engine, 4);

}

//end try

/* Prints out the trace of the exception if JessException is thrown*/

catch (JessException e)

{

e.printStackTrace();

}

// end catch

}

private static void processRole(DemoDatabase database, UserAccessEngine engine, int aID) throws JessException

{

//Iterator files, prints out a message prior to getting the needed info

Iterator roles;

System.

out.println("First and Last Name of User " + aID + ":");

//Prints out first and last name referred to by the specified ID num

//uses the getFirst getter Method to return the the profile of aID and first Name of profile

String firstName = database.getProfile(aID).getfirst();

//Same only with last name

String lastName = database.getProfile(aID).getlast();

//Prints out last name and first name

System.

out.println(firstName + " " + lastName);

//uses the Jess method run from the rete class and returns the values to role iterator

roles = engine.run(aID);

System.

out.println("Roles for " + firstName + ":");

//While the interator continues to have tokens, prints out the results, which are obviously roles

while (roles.hasNext())

{

//Prints out the next role and uses the toString method from the iterator

System.

out.println(" " + (String)roles.next().toString());

}

// end while

System.

out.println();

}

//end processRole

}

// End Demo

 

 

import

java.util.ArrayList; import java.util.Collection;

/*This interface is the interface that will be implemented by DemoDatabase*/

public

interface Database

{

public Collection getFiles(); //returns a Collection, gets all the files

public Profile getProfile(int profileNumber); //gets a Profile dependant on a profile number }//End Database interface
 
 
 

First and Last Name of User 1:

Mike Artz

Roles for Mike:

Mike Artz has read permission for NBAJAMS.exe

Mike Artz has read permission for A Really Good Magazine

Mike Artz has read permission for file.txt

First and Last Name of User 2:

Suzy Kolber

Roles for Suzy:

Suzy Kolber has read permission for A Really Good Magazine

Suzy Kolber has read permission for file.txt

Suzy Kolber has read permission for NBAJAMS.exe

First and Last Name of User 3:

Stan Mikita

Roles for Stan:

Stan Mikita has read permission for file.txt

Stan Mikita has read permission for NBAJAMS.exe

Stan Mikita has read permission for A Really Good Magazine

First and Last Name of User 4:

Nikita Kruschev

Roles for Nikita:

Nikita Kruschev has read permission for file.txt

Nikita Kruschev has read permission for A Really Good Magazine

Nikita Kruschev has read permission for NBAJAMS.exe


Reply | Threaded
Open this post in threaded view
|

Re: JESS: Jess Access Control

Wolfgang Laun-2
The FileRead constructor swaps first and last name.
-W



2011/3/21 Michael Eugene Artz <[hidden email]>

First of all thanks a lot for that help.   Im not sure if I ever would have found that.  Im a litle mad at myself I missed the tilda thing in the documentation after all the time i spent reading it! haha.  Secondly, now Its not firing the read-write rule at all, I compared the two add new FilePErmission RHS statements, I cant find why it would fire this rule.  Since all FilePErmission are being printed, then there shoudlnt be any problem with that either.  Could it be something with the Jess part that Im not seeing?  I have posted the Jess script that I revised and the output, the Java code is still the same tho and its still down below, for simplicity sake i didnt repost.

 

;; First define templates for the model classes so we can use them
;; in our user access rules. This doesn't create any model objects --
;; it just tells Jess to examine the classes and set up templates
;; using their properties
(import C:.Users.Michael.workspace.JessUserAccess.src*)
;; (deftemplate FilePermission (declare (from-class
;; FilePermission)))
(deftemplate FileRead (declare (from-class FileRead)))
(deftemplate Profile (declare (from-class Profile)))
;; Now define the user access rules themselves. Each rule matches a set
;; of conditions and then creates a Role object to represent a
;; role that user has on a file. The rules assume that
;; there will be just one User, along with all the Files.
(defglobal ?*read-write* = read-write)
 
(defglobal ?*read* = read)
 
(defrule read-role
"Give a user the read role if he or she is not the owner of the file."
(Profile(first ?First)(last ?Last) (idNum ?idNum))
(FileRead (ownerFirst ?ownerFirst)(ownerLast ?ownerLast)(file ?file) (ownerID ~?idNum))
=>
(add (new FilePermission ?file ?idNum ?Last ?First ?*read*)))
 
(defrule owner-role
"Give a user the read-write role if he or she is the owner of the file."
(FileRead (ownerFirst ?ownerFirst)(ownerLast ?ownerLast)(file ?file)(ownerID ?ID))
(Profile(first ?ownerFirst)(last ?ownerLast) (idNum ?ID))
=>
(add (new FilePermission ?file ?ID ?ownerLast ?ownerFirst ?*read-write*)))

 

 

 

 

First and Last Name of User 1:

Mike Artz

Roles for Mike:

Mike Artz has read permission for NBAJAMS.exe

Mike Artz has read permission for A Really Good Magazine

First and Last Name of User 2:

Suzy Kolber

Roles for Suzy:

Suzy Kolber has read permission for file.txt

Suzy Kolber has read permission for A Really Good Magazine

Suzy Kolber has read permission for NBAJAMS.exe

First and Last Name of User 3:

Stan Mikita

Roles for Stan:

Stan Mikita has read permission for A Really Good Magazine

Stan Mikita has read permission for NBAJAMS.exe

Stan Mikita has read permission for file.txt

First and Last Name of User 4:

Nikita Kruschev

Roles for Nikita:

Nikita Kruschev has read permission for NBAJAMS.exe

Nikita Kruschev has read permission for file.txt

Nikita Kruschev has read permission for A Really Good Magazine


 

Date: Mon, 21 Mar 2011 08:13:31 +0100
Subject: Re: JESS: Jess Access Control
From: [hidden email]
To: [hidden email]

(a) There is an error in the first rule:

(defrule owner-role

   "Give a user the read-write role if he or she is the owner of the file."
   (FileRead (ownerFirst ?ownerFirst)
                   (ownerLast ?ownerLast)
                   (file ?file)
               &nb sp;   (ownerID ID?))


ID? => ?ID

As written, this rule never fires - no ownerID is equal to the symbol ID?

(b) If the FilePermission facts should be unique for each owner-file combination, the second rule must make sure that the id values from FileRead and Profile are not equal.

(defrule read-role
  "Give a user the read role if he or she is not the owner of the file."
  (FileRead (ownerFirst ?ownerFirst)
            (ownerLast ?ownerLast)
            (file ?file)
            (ownerID ?ID))
  (Profile (first ?First)
           (last ?Last)
           (idNum ~?ID))

As w ritten, the rule fires for any combination, which explains the output.

-W

2011/3/20 Michael Eugene Artz <[hidden email]>

 

Hi Im still having problems getting this to return the right results.  Eventually I want this to read something from a file, but right now Im hard coding the data in the DemoDatabase class.  The output is at the end, and as you can see, all the file permissions say that everyone has read priveledges, only Mike Artz is supposed to have read-write priveldges on file.txt, acording he data that was hard coded in.  I hve spent quite a bit of time trying to figure out why this doesnt work, and I dont know why.  Maybe when I use the import statement in the Jess Script, (import C:.Users.Michael.workspace.JessUserAccess.src*), but im not sure.  I tried to modify that statement a few different ways but it didnt seem to change anything.  The JEss Script starts right below with the line ";;Users.cp", then the Java code ends after  "}//End D atabase interface".  I just really want the output to say that Mike Artz has readwrite priveledges on file.txt.  Please any assisstance would be great.

 

 

 

;;Users.clp

;; First define templates for the model classes so we can use them
;; in our user access rules. This doesn't create any model objects --
;; it just tells Jess to examine the classes and set up templates
;; using their properties
(import C:.Users.Michael.workspace.JessUserAccess.src*)
(deftemplate FileRead (declare (from-class FileRead)))
(deftemplate Profile (declare (from-class Profile)))
;; Now define the user access rules themselves. Each rule matches a set
;; of conditions and then creates a Role object to represent a
;; role that user has on a file. The rules assume that
;; there will be just one User, along with a ll the Files.
(defglobal ?*read-write* = read-write)
(defglobal ?*read* = read)
(defrule owner-role
"Give a user the read-write role if he or she is the owner of the file."
(FileRead (ownerFirst ?ownerFirst)(ownerLast ?ownerLast)(file ?file)(ownerID ID?))
(Profile(first ?ownerFirst)(last ?ownerLast) (idNum ?ID))
=>
(add (new FilePermission ?file ?ID ?ownerLast ?ownerFirst ?*read-write*)))
(defrule read-role
"Give a user the read role if he or she is not the owner of the file."
(FileRead (ownerFirst ?ownerFirst)(ownerLast ?ownerLast)(file ?file) (ownerID ?ID))
(Profile(first ?First)(last ?Last) (idNum ?idNum))
=>
(add (new FilePermission ?file ?idNum ?Last ?First ?*read*)))
 
 

//follows javabeans conventions

public

class FilePermission

{

//fields that are in the FilePermission object

private String fileName;

private int profileNum;

private String last;

private String first;

private String role;

public FilePermission(String aFileName, int aProfileNum, String aLast, String aFirst, String aRole)

{

last = aLast;

first = aFirst;

fileName = aFileName;

profileNum = aProfileNum;

role = aRole;

}

//end FilePermission constructor

public String getfileName()

{

return fileName;

}

// end getfileName

public int getprofileNum()

{

return profileNum;

}

// end getprofileNum

public String getlast()

{

return last;

}

// end getlast

public String getfirst()

{

return first;

}

// end getfirst

public String getrole()

{

return role;

}

// end getrole

public String toString()

{

return first + " " + last + " has " + role + " permission " + "for "+

fileName;

}

//end toString

} // end FilePermission

 

 

//keeps the info about the file and the owner of the file

public

class FileRead

{

private String ownerFirst;

private String ownerLast;

private String file;

private int ownerID;

//keeps the info about the file and the inf

public FileRead(String aFirst, String aLast, String aFile, int aOwnerID)

{

ownerFirst = aLast;

ownerLast = aFirst;

file = aFile;

ownerID = aOwnerID;

}

// end FileREad constructor

 

public String getownerFirst()

{

return ownerFirst;

}

// end getownerFirst

public String getownerLast()

{

return ownerLast;

}

// end ownerLast

public String getfile()

{

return file;

}

// end getFile

public int getownerID()

{

return ownerID;

}

//end getownerID

}

// end FileRead

 

 

 

//follows Javabeans properties, holds info about the people trying to access

//a file

public

class Profile

{

private String last;

private String first;

private int idNum;

public Profile(int aID, String aFirst, String aLast)

{

idNum = aID;

last = aLast;

first = aFirst;

}

public String getlast()

{

return last;

}

// end getlast

public String getfirst()

{

return first;

}

//end getfirst

public int getidNum()

{

return idNum;

}

//end getidNum } // end Profile
 

import

jess.*; import java.util.Iterator;

public class UserAccessEngine

{

private Rete engine;

private WorkingMemoryMarker marker;

private Database database;

public UserAccessEngine(Database aDatabase) throws JessException

{

// Create a Jess rule engine

engine = new Rete();

engine.reset();

// Load the pricing rules

engine.batch("C:\\Users\\Michael\\workspace\\JessUserAccess\\lib\\users.clp");

// Load the catalog data into working memory

database = aDatabase;

engine.addAll(database.getFiles());

// Mark end of catalog data for later

marker = engine.mark();

}

private void loadOrderData(int profileNumber) throws JessException

{

// Retrieve the order from the database

Profile profile =

database.getProfile(profileNumber);

if (profile != null)

{

// Add the profile to working memory

engine.add(profile);

}

// end if

}

public Iterator run(int profileNumber) throws JessException

{

// Remove any previous order data, leaving only catalog data

engine.resetToMark(marker);

// Load data for this order

loadOrderData(profileNumber);

// Fire the rules that apply to this profile

engine.run();

// Return the list of roles created by the rules

return engine.getObjects(new Filter.ByClass(FilePermission.class));

}

// end run

} // end

 

 

import

java.util.ArrayList;

import

java.util.Map;

import

java.util.Collection; import java.util.HashMap;

 

/**

* A toy implementation of the Database interface with some

* hard

-coded file and profile data. This uses an ArrayList and a HashMap

* to hold the files and profiles respectively. This data is hard coded

* for testing purposes

*/

public

class DemoDatabase implements Database {

private ArrayList files; //will hold the files that we will be reading

private Profile profile; //

private Map profiles;

public DemoDatabase()

{

createFiles();

//do the createFiles method

createProfiles();

//do the createProfiles method

}

private void createProfiles()

{

//creates new HashMap

profiles = new HashMap();

//ArrayList userProfiles = new ArrayList();

profiles.put(new Integer(1),(new Profile(1, "Mike", "Artz")));

profiles.put(new Integer(2),(new Profile(2, "Suzy", "Kolber")));

profiles.put(new Integer(3),(new Profile(3, "Stan", "Mikita")));

profiles.put(new Integer(4),(new Profile(4, "Nikita", "Kruschev")));

}

//creates an ArrayList to hold the hard coded data

private void createFiles()

{

files = new ArrayList(); //creates an ArrayList of files to hold the files

files.add(new FileRead("Mike", "Artz", "file.txt", 1));

files.add(new FileRead("Tom", "Saywer", "A Really Good Magazine", 5));

files.add(new FileRead("Chris", "Webber", "NBAJAMS.exe", 6));

}

public Collection getFiles()

{

return files; //returns the files ArrayList as a Collection, they share the same Super

}

/*get a specific profile from the hashMap profiles dependent upon the profile number that is

* passed as parameter

*/

public Profile getProfile(int profileNumber)

{

//return new Profile(1, "Mike", "Artz");

return (Profile)profiles.get(new Integer(profileNumber));

}

}// End DemoDatabase

 

 

import

java.util.Iterator;

import jess.JessException;

 

public

class Demo {

public static void main(String[] args) {

try

{

DemoDatabase database =

new DemoDatabase(); //creates a new demodatabase object

UserAccessEngine engine =

new UserAccessEngine(database); //creates new UserAccessEngine

processRole(database, engine, 1);

//processes a role using the two objects above, and profile 1

processRole(database, engine, 2);

processRole(database, engine, 3);

processRole(database, engine, 4);

}

//end try

/* Prints out the trace of the exception if JessException is thrown*/

catch (JessException e)

{

e.printStackTrace();

}

// end catch

}

private static void processRole(DemoDatabase database, UserAccessEngine engine, int aID) throws JessException

{

//Iterator files, prints out a message prior to getting the needed info

Iterator roles;

System.

out.println("First and Last Name of User " + aID + ":");

//Prints out first and last name referred to by the specified ID num

//uses the getFirst getter Method to return the the profile of aID and first Name of profile

String firstName = database.getProfile(aID).getfirst();

//Same only with last name

String lastName = database.getProfile(aID).getlast();

//Prints out last name and first name

System.

out.println(firstName + " " + lastName);

//uses the Jess method run from the rete class and returns the values to role iterator

roles = engine.run(aID);

System.

out.println("Roles for " + firstName + ":");

//While the interator continues to have tokens, prints out the results, which are obviously roles

while (roles.hasNext())

{

//Prints out the next role and uses the toString method from the iterator

System.

out.println(" " + (String)roles.next().toString());

}

// end while

System.

out.println();

}

//end processRole

}

// End Demo

 

 

import

java.util.ArrayList; import java.util.Collection;

/*This interface is the interface that will be implemented by DemoDatabase*/

public

interface Database

{

public Collection getFiles(); //returns a Collection, gets all the files

public Profile getProfile(int profileNumber); //gets a Profile dependant on a profile number }//End Database interface
 
 
 

First and Last Name of User 1:

Mike Artz

Roles for Mike:

Mike Artz has read permission for NBAJAMS.exe

Mike Artz has read permission for A Really Good Magazine

Mike Artz has read permission for file.txt

First and Last Name of User 2:

Suzy Kolber

Roles for Suzy:

Suzy Kolber has read permission for A Really Good Magazine

Suzy Kolber has read permission for file.txt

Suzy Kolber has read permission for NBAJAMS.exe

First and Last Name of User 3:

Stan Mikita

Roles for Stan:

Stan Mikita has read permission for file.txt

Stan Mikita has read permission for NBAJAMS.exe

Stan Mikita has read permission for A Really Good Magazine

First and Last Name of User 4:

Nikita Kruschev

Roles for Nikita:

Nikita Kruschev has read permission for file.txt

Nikita Kruschev has read permission for A Really Good Magazine

Nikita Kruschev has read permission for NBAJAMS.exe