Login | Register   
RSS Feed
Download our iPhone app
Browse DevX
Sign up for e-mail newsletters from DevX


Migrating an Existing Application to the Semantic Web : Page 2

Learn how to migrate to the semantic web.


Refactoring the Existing Security Model

The existing CDMS application stores its user and role information in the database tables user and role with a third table user_role linking them together. Additional tables link the project owner, the building project, and users participating in project activities.

User and Role classes map to the user and role tables using Hibernate JPA and implement the Spring Security framework interfaces UserDetails and GrantedAuthority respectively. The UserServiceImpl implements the UserDetailsService.

In the semantic web version of the application, a building project is stored as an RDF Named Graph in SDB. The URI of this graph contains the user name of the project owner. Also, as shown in this example project, roles are now defined by an owl:ObjectProperty such as foaf:fundedBy, building: builtBy, and building:designedBy. People are represented as foaf:Person. A URI to the foaf:Person definition for a person, such as contained in their personal FOAF page, links the person to the project.

To bridge the existing user table to the RDF project, the column person_uri is added to the user table, linking a CDMS user to their foaf:Person definition.

Access to a project can be controlled based on a person:

  • Having a CDMS user account for accessing restricted information
  • Being the owner of the project
  • Having a role on the project
If the user is the owner of the project, the username is part of the URI of the project. If the user has a role on the project, they are associated via an RDF property.
Figure 3. Access: An example of who has access to the project.
For example, Alex, who is the architect, is given access to the Breaker Bay project (see Figure 3).

A user is still authenticated using the user name and password held in the user table, but the Spring Security authorization now includes an additional AccessDecisionVoter, called ProjectMemberVoter, which implements the access rules above.

When a user who is not the project owner requests project access, the result of the SPARQL query below is used to check the projects they are associated with:

'SELECT DISTINCT ?s { GRAPH ?g { ?s a <http://3kbo.com/examples/building4.rdf#BuildingProject> . ?s ?p < person_uri > } } '

where < person_uri > is the person's FOAF URI.

For the project example above, the query grants Alex access to the BreakerBay project.

Next Steps

You now know how to take the first steps in migrating to the semantic web, just enough to begin publishing data to the semantic web and incorporating information already there.

The next steps include:

  • Publishing project information as Linked Data
  • Providing a user-friendly interface to the application, including AJAX controls for the lookup of external Linked Data information and querying of local project information
The the attached source code contains a full semantic web application. You should build the maven project 3kbo-security first, because the buildings project (which is the semantic web application) has a dependency on the security project.

Richard Hancock is a Software Developer with 20 software years experience, primarily in Java, XML, and Web Service technologies. His current interest is in developing Semantic Web applications.
Comment and Contribute






(Maximum characters: 1200). You have 1200 characters left.