You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@jena.apache.org by Andreas Plank <an...@gmail.com> on 2020/03/31 11:13:21 UTC
Re: How to prevent data set action ���������remove��������� for read only sparql data (FUSEKI 3.14.0)
On 2020/03/31 10:19:53, Andreas Plank <an...@gmail.com> wrote:
> So far
> * I can manage to prevent update URL (via shiro.ini)
> * I can manage to prevent upload URL (via shiro.ini)
> * but I can not manage to prevent the Request Method: DELETE
I still don’t comprehend how to prevent the Request Method: DELETE.
The only work around so far (in the shiro.ini) I tried out is to disable the manage.html url for anon. The following tries to let anonymous users read and play around with queries but requests a log in on (update, upload, manage.html)
#-- START shiro.ini attempt for anonymous: read only -------------
[main]
# Development
ssl.enabled = false
plainMatcher=org.apache.shiro.authc.credential.SimpleCredentialsMatcher
#iniRealm=org.apache.shiro.realm.text.IniRealm
# localhostFilter=org.apache.jena.fuseki.authz.LocalhostFilter
iniRealm.credentialsMatcher = $plainMatcher
rest = org.apache.shiro.web.filter.authz.HttpMethodPermissionFilter
[users]
# Implicitly adds "iniRealm = org.apache.shiro.realm.text.IniRealm"
admin = secret, administrator
wwwuser = publicpw
[roles]
administrator=*
wwwuser=rest:read # ?correct or how to let this user only able to read and nothing else ?
[urls]
## Control functions open to anyone
/$/server = anon
/$/status = anon
/$/ping = anon
/$/stats = anon
/$/stats/* = anon
/*/query/** = anon
/*/sparql/** = anon
/*/get/** = anon
/$/** = authcBasic,roles[administrator]
## restricted URLs
/manage.html** = authcBasic,roles[administrator]
/*/data/** = authcBasic,roles[administrator]
/*/upload/** = authcBasic,roles[administrator]
/*/delete/** = authcBasic,roles[administrator]
/*/update/** = authcBasic,roles[administrator]
# Everything else
/**=anon
#-- END shiro.ini attempt for anonymous: read only -------------