You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@jena.apache.org by Sayah Tarek <sa...@gmail.com> on 2015/09/30 15:49:17 UTC
SPARQL service not protected by shiro in Fuseki 2
Hello,
I enabled basic authentication in Jena Fuseki2 by uncommenting /$/** =
authcBasic,user in shiro.ini file. When I use the web page, I am asked to
give username and password, everything works fine. The problem is that when
I execute a query over the sparql service using
QueryExecutionFactory.sparqlService, I get the answer of the query, which
means that the sparql service in fuseki is not secured. Did I miss some
parameter to make sparqlservice ask for authentication?
Thanks in advance
--
*Tarek*
Re: SPARQL service not protected by shiro in Fuseki 2
Posted by Sayah Tarek <sa...@gmail.com>.
Thank you andy, this is very useful.
On Wed, Sep 30, 2015 at 10:51 PM, Andy Seaborne <an...@apache.org> wrote:
> On 30/09/15 14:49, Sayah Tarek wrote:
>
>> Hello,
>> I enabled basic authentication in Jena Fuseki2 by uncommenting /$/** =
>> authcBasic,user in shiro.ini file. When I use the web page, I am asked to
>> give username and password, everything works fine. The problem is that
>> when
>> I execute a query over the sparql service using
>> QueryExecutionFactory.sparqlService, I get the answer of the query, which
>> means that the sparql service in fuseki is not secured. Did I miss some
>> parameter to make sparqlservice ask for authentication?
>>
>> Thanks in advance
>>
>>
> Hi Tarek,
>
> If you add rules to the shiro.ini file for your dataset services then
> these should trigger authentication e.g. "/ds/sparql". The $ in "/$/**"
> isn't a placeholder, it is a real /$/ that the UI uses to mean it does not
> clash with dataset names.
>
> Other options include deploying the .war file in Tomcat and use Tomcat's
> security, or put a reverse proxy (httpd, nginx etc etc) in front of the
> Fuseki server (and only allow traffic via the reverse proxy ) and use the
> security features of the front-facing web server,
>
> Andy
>
>
--
*Tarek*
Re: SPARQL service not protected by shiro in Fuseki 2
Posted by Andy Seaborne <an...@apache.org>.
On 30/09/15 14:49, Sayah Tarek wrote:
> Hello,
> I enabled basic authentication in Jena Fuseki2 by uncommenting /$/** =
> authcBasic,user in shiro.ini file. When I use the web page, I am asked to
> give username and password, everything works fine. The problem is that when
> I execute a query over the sparql service using
> QueryExecutionFactory.sparqlService, I get the answer of the query, which
> means that the sparql service in fuseki is not secured. Did I miss some
> parameter to make sparqlservice ask for authentication?
>
> Thanks in advance
>
Hi Tarek,
If you add rules to the shiro.ini file for your dataset services then
these should trigger authentication e.g. "/ds/sparql". The $ in "/$/**"
isn't a placeholder, it is a real /$/ that the UI uses to mean it does
not clash with dataset names.
Other options include deploying the .war file in Tomcat and use Tomcat's
security, or put a reverse proxy (httpd, nginx etc etc) in front of the
Fuseki server (and only allow traffic via the reverse proxy ) and use
the security features of the front-facing web server,
Andy