You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@jena.apache.org by Bangalore Akhilesh <ba...@gmail.com> on 2016/04/25 17:21:47 UTC
Limit requests to localhost
Hi,
We have deployed Fuseki 2 on Tomcat and would like to limit the requests to
localhost (for security reasons).
I am not well versed with Apache Shiro. So, can you please let me know how
to go about it?
I would also like to know how to extend Apache Shiro to include custom
authoization schemes.
Thanks,
Akhilesh
Re: Limit requests to localhost
Posted by Don Rolph <do...@gmail.com>.
See below and experiment.
But I think that by moving the localhostfilter up before all URLs you get
your desired behavior.
The default shiro.ini file looks something like this:
# Licensed under the terms of http://www.apache.org/licenses/LICENSE-2.0
[main]
# Development
ssl.enabled = false
plainMatcher=org.apache.shiro.authc.credential.SimpleCredentialsMatcher
#iniRealm=org.apache.shiro.realm.text.IniRealm
iniRealm.credentialsMatcher = $plainMatcher
localhostFilter=org.apache.jena.fuseki.authz.LocalhostFilter
[users]
# Implicitly adds "iniRealm = org.apache.shiro.realm.text.IniRealm"
admin=pw
[roles]
[urls]
## Control functions open to anyone
/$/status = anon
/$/ping = anon
## and the rest are restricted to localhost.
/$/** = localhostFilter
## If you want simple, basic authentication user/password
## on the operations,
## 1 - set a better password in [users] above.
## 2 - comment out the "/$/** = localhost" line and use:
## "/$/** = authcBasic,user[admin]"
## or to allow any access.
##/$/** = anon
# Everything else
/**=anon
I believe the key is the local filter statement.
My sense is something like this shold work:
# Licensed under the terms of http://www.apache.org/licenses/LICENSE-2.0
[main]
# Development
ssl.enabled = false
plainMatcher=org.apache.shiro.authc.credential.SimpleCredentialsMatcher
#iniRealm=org.apache.shiro.realm.text.IniRealm
iniRealm.credentialsMatcher = $plainMatcher
localhostFilter=org.apache.jena.fuseki.authz.LocalhostFilter
[users]
# Implicitly adds "iniRealm = org.apache.shiro.realm.text.IniRealm"
admin=pw
[roles]
[urls]
##restricted to localhost.
/** = localhostFilter
## Control functions open to anyone
/$/status = anon
/$/ping = anon
## If you want simple, basic authentication user/password
## on the operations,
## 1 - set a better password in [users] above.
## 2 - comment out the "/$/** = localhost" line and use:
## "/$/** = authcBasic,user[admin]"
## or to allow any access.
##/$/** = anon
# Everything else
/**=anon
On Mon, Apr 25, 2016 at 11:21 AM, Bangalore Akhilesh <
bangalore.akhilesh@gmail.com> wrote:
> Hi,
>
> We have deployed Fuseki 2 on Tomcat and would like to limit the requests to
> localhost (for security reasons).
>
> I am not well versed with Apache Shiro. So, can you please let me know how
> to go about it?
>
> I would also like to know how to extend Apache Shiro to include custom
> authoization schemes.
>
> Thanks,
> Akhilesh
>
--
73,
AB1PH
Don Rolph