You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@jena.apache.org by bu...@apache.org on 2015/03/19 17:31:34 UTC

svn commit: r944360 - in /websites/staging/jena/trunk/content: ./ documentation/fuseki2/fuseki-security.html

Author: buildbot
Date: Thu Mar 19 16:31:33 2015
New Revision: 944360

Log:
Staging update by buildbot for jena

Modified:
    websites/staging/jena/trunk/content/   (props changed)
    websites/staging/jena/trunk/content/documentation/fuseki2/fuseki-security.html

Propchange: websites/staging/jena/trunk/content/
------------------------------------------------------------------------------
--- cms:source-revision (original)
+++ cms:source-revision Thu Mar 19 16:31:33 2015
@@ -1 +1 @@
-1667273
+1667808

Modified: websites/staging/jena/trunk/content/documentation/fuseki2/fuseki-security.html
==============================================================================
--- websites/staging/jena/trunk/content/documentation/fuseki2/fuseki-security.html (original)
+++ websites/staging/jena/trunk/content/documentation/fuseki2/fuseki-security.html Thu Mar 19 16:31:33 2015
@@ -19,7 +19,7 @@
     limitations under the License.
 -->
 
-  <title>Apache Jena - </title>
+  <title>Apache Jena - Security in Fuseki2</title>
   <meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
   <meta name="viewport" content="width=device-width, initial-scale=1.0">
 
@@ -143,15 +143,61 @@
     <div class="row">
     <div class="col-md-12">
     <div id="breadcrumbs"></div>
-    <h1 class="title"></h1>
-  <h2 id="sparql-etc-from-java">SPARQL etc from Java</h2>
-<blockquote>
-<p><em>@@</em> Placeholder.</p>
-</blockquote>
-<p>Provided by <a href="http://shiro.apache.org/">Apache Shiro</a>.</p>
-<p>Defaults:</p>
-<p>Datasets are open</p>
-<p>Admin functions that require security use, by default, user 'admin', password 'pw'.</p>
+    <h1 class="title">Security in Fuseki2</h1>
+  <p>Fuseki2 provides security by using <a href="http://shiro.apache.org/">Apache Shiro</a>.</p>
+<p>The default is that the SPARQL protocols are open but the administrative
+actions are limited to the localhost. "localhost" is determined by
+connecting using the <code>http://localhost:.../...</code>. It must be "localhost", or
+<code>127.0.0.1</code> (IPv4), or <code>[::1]</code> (IPv6), not the external IP address of the
+machine.</p>
+<p>There is an example to enable simple user/password security; this is only
+suitable where the connection is secure, is shown <code>shiro.ini</code> file with
+defaults user 'admin' and password 'pw'.  These should be changed before
+use.</p>
+<p>This has some use where the server is in a secure network environment with
+additional restrictions on extenral requests also applied.  behind a
+reverse proxy and the connection can have addition security (e.g. no access
+to URLs starting '/$/').</p>
+<p>The Apache Shiro website has documentation for creating more sophisticated
+setups.</p>
+<p>The security provided in Fuseki is not intended to replace existing
+mechanisms.  Security can also be given to a Fuseki server outside the
+server using <a href="http://httpd.apache.org/">Apache Httpd</a> or
+<a href="http://nginx.org/">Nginx</a> as a reverse proxy then limiting the fuseki
+server to only process requests from the local machine by controlling
+ports.</p>
+<p>Changing the security setup requires a server restart.</p>
+<p>Contributions of more examples are very welcome.</p>
+<h2 id="examples">Examples</h2>
+<p>The shipped <code>shiro.ini</code> has additional comments.</p>
+<h3 id="the-default-configuration">The default configuration.</h3>
+<p>This is a minimal configuration for the default configuration.</p>
+<p>```
+[main]
+localhost=org.apache.jena.fuseki.authz.LocalhostFilter</p>
+<p>[urls]</p>
+<h2 id="control-functions-open-to-anyone">Control functions open to anyone</h2>
+<p>/$/status = anon
+/$/ping   = anon</p>
+<h2 id="and-the-rest-are-restricted-to-localhost">and the rest are restricted to localhost.</h2>
+<h2 id="see-above-for-localhost">See above for 'localhost'</h2>
+<p>/$/<strong> = localhost
+/</strong>=anon
+```</p>
+<h3 id="simple-userpassword">Simple user/password</h3>
+<p>This extract shows the simple user/password setup.</p>
+<p>It adds a <code>[users]</code> section and changes the <code>/$/**</code> line in <code>[urls]</code></p>
+<p>```
+[users]
+admin=pw</p>
+<p>[urls]</p>
+<h2 id="control-functions-open-to-anyone_1">Control functions open to anyone</h2>
+<p>/$/status = anon
+/$/ping   = anon
+/$/** = authcBasic,user[admin]</p>
+<h1 id="everything-else">Everything else</h1>
+<p>/**=anon
+```</p>
   </div>
 </div>