You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@jena.apache.org by bu...@apache.org on 2018/11/26 14:46:09 UTC
svn commit: r1037309 - in /websites/staging/jena/trunk/content: ./
documentation/fuseki2/data-access-control.html
Author: buildbot
Date: Mon Nov 26 14:46:09 2018
New Revision: 1037309
Log:
Staging update by buildbot for jena
Modified:
websites/staging/jena/trunk/content/ (props changed)
websites/staging/jena/trunk/content/documentation/fuseki2/data-access-control.html
Propchange: websites/staging/jena/trunk/content/
------------------------------------------------------------------------------
--- cms:source-revision (original)
+++ cms:source-revision Mon Nov 26 14:46:09 2018
@@ -1 +1 @@
-1847475
+1847476
Modified: websites/staging/jena/trunk/content/documentation/fuseki2/data-access-control.html
==============================================================================
--- websites/staging/jena/trunk/content/documentation/fuseki2/data-access-control.html (original)
+++ websites/staging/jena/trunk/content/documentation/fuseki2/data-access-control.html Mon Nov 26 14:46:09 2018
@@ -175,16 +175,22 @@ to provide authentication of the user.
<h2 id="contents">Contents<a class="headerlink" href="#contents" title="Permanent link">¶</a></h2>
<ul>
<li><a href="#https">HTTPS</a></li>
-<li><a href="#authentication">Authentication</a></li>
+<li><a href="#authentication">Authentication</a><ul>
<li><a href="#using-curl">Using curl</a></li>
<li><a href="#using-wget">Using wget</a></li>
-<li><a href="#acl">Access control lists</a></li>
+</ul>
+</li>
+<li><a href="#acl">Access control lists</a><ul>
<li><a href="#alloweduser">Format of ja:allowedUsers</a></li>
<li id="server-acl">[Server Level ACLs]<a class="elementid-permalink" href="#server-acl" title="Permanent link">¶</a></li>
<li id="dataset-acl">[Dataset Level ACLs]<a class="elementid-permalink" href="#dataset-acl" title="Permanent link">¶</a></li>
<li id="endpoint-acl">[Endpoint Level ACLs]<a class="elementid-permalink" href="#endpoint-acl" title="Permanent link">¶</a></li>
-<li><a href="#graph-acl">Graph Access Control Lists</a></li>
-<li><a href="">Graph Security Registry</a>#graph-security-registry)</li>
+</ul>
+</li>
+<li><a href="#graph-acl">Graph Access Control Lists</a><ul>
+<li><a href="#graph-security-registry">Graph Security Registry</a></li>
+</ul>
+</li>
<li><a href="#jetty-configuration">Configuring Jetty directly</a></li>
</ul>
<h2 id="https">HTTPS<a class="headerlink" href="#https" title="Permanent link">¶</a></h2>
@@ -276,7 +282,7 @@ system. Fuseki Main provides users/passw
<p>and passwords can be stored in hash or obfuscated form.</p>
-<p><a href="http://www.eclipse.org/jetty/documentation/current/configuring-security.html#hash-login-service">Password file format</a>.</p>
+<p>Documentation of the <a href="http://www.eclipse.org/jetty/documentation/current/configuring-security.html#hash-login-service">Eclipse Jetty Password file format</a>.</p>
<p>If different authentication is required, the full facilities of
<a href="http://www.eclipse.org/jetty/documentation/current/configuring-security.html">Eclipse Jetty configuration</a>
are available - see <a href="#jetty-configuration">the section below</a>.</p>
@@ -363,9 +369,9 @@ details. This section is a breif summar
graphs within a dataset. This section covers server, dataset and endpoint access control
lists. Graph-level access control is <a href="#graph-acl">covered below</a>.</p>
<p>Access control lists (ACL) as part of the server configuration file.</p>
-<div class="codehilite"><pre><span class="n">fuseki</span> <span class="o">--</span><span class="n">conf</span> <span class="n">assembler</span><span class="p">.</span><span class="n">ttl</span> <span class="p">...</span>
-</pre></div>
-
+<pre>
+ fuseki --conf <i>configFile.ttl</i>
+</pre>
<p>ACLs are provided by the <code>ja:allowedUsers</code> property</p>
<h3 id="alloweduser">Format of <code>ja:allowedUsers</code><a class="headerlink" href="#alloweduser" title="Permanent link">¶</a></h3>
@@ -385,7 +391,7 @@ the property or a mixture. The different
<h3 id="server-acl">Server Level ACLs<a class="headerlink" href="#server-acl" title="Permanent link">¶</a></h3>
<pre>
<#server> rdf:type fuseki:Server ;
- <i>fuseki:allowedUsers "user1", "user2", "user3";</i>
+ <b>fuseki:allowedUsers "user1", "user2", "user3";</b>
...
fuseki:services ( ... ) ;
...
@@ -395,14 +401,14 @@ the property or a mixture. The different
<p>A useful pattern is:</p>
<pre>
<#server> rdf:type fuseki:Server ;
- <i>fuseki:allowedUsers "*";</i>
+ <b>fuseki:allowedUsers "*";</b>
...
fuseki:services ( ... ) ;
...
.
</pre>
-<p>which requires all access to authenticated and the allowed users are
+<p>which requires all access to to be authenticated and the allowed users are
those in the password file.</p>
<h3 id="dataset-acl">Dataset Level ACLs<a class="headerlink" href="#dataset-acl" title="Permanent link">¶</a></h3>
<p>When there is an access control list on the <code>fuseki:Service</code>, it applies
@@ -414,7 +420,7 @@ levels must allow the user access.</p>
rdfs:label "ACL controlled dataset" ;
fuseki:name "db-acl" ;
- <i>fuseki:allowedUsers "user1", "user3";</i>
+ <b>fuseki:allowedUsers "user1", "user3";</b>
## Choice of operations.
fuseki:serviceQuery "query" ;
@@ -440,7 +446,7 @@ server-wide) also applies.</p>
</pre></div>
-<p>Only <em>user1</em> can use SPARQL update both <em>user1</em> and
+<p>Only <em>user1</em> can use SPARQL update; both <em>user1</em> and
<em>user2</em> can use SPARQL query.</p>
<h2 id="graph-acl">Graph Access Control Lists<a class="headerlink" href="#graph-acl" title="Permanent link">¶</a></h2>
<p>Graph level access control is defined using a specific dataset
@@ -453,25 +459,28 @@ implementation for the service.</p>
<p>Graph ACLs are defined in a <a href="#graph-security-registry">Graph Security Registry</a> which lists the users and graph URIs.</p>
-<div class="codehilite"><pre><span class="o"><</span>#<span class="n">service_tdb2</span><span class="o">></span> <span class="n">rdf</span><span class="p">:</span><span class="n">type</span> <span class="n">fuseki</span><span class="p">:</span><span class="n">Service</span> <span class="p">;</span>
- <span class="n">rdfs</span><span class="p">:</span><span class="n">label</span> "<span class="n">Graph</span><span class="o">-</span><span class="n">level</span> <span class="n">access</span> <span class="n">controlled</span> <span class="n">dataset</span>" <span class="p">;</span>
- <span class="n">fuseki</span><span class="p">:</span><span class="n">name</span> "<span class="n">db</span><span class="o">-</span><span class="n">graph</span><span class="o">-</span><span class="n">acl</span>" <span class="p">;</span>
- ## <span class="n">Read</span><span class="o">-</span><span class="n">only</span> <span class="n">operations</span><span class="p">.</span>
- <span class="n">fuseki</span><span class="p">:</span><span class="n">serviceQuery</span> "<span class="n">query</span>" <span class="p">;</span>
- <span class="n">fuseki</span><span class="p">:</span><span class="n">serviceQuery</span> "<span class="n">sparql</span>" <span class="p">;</span>
- <span class="n">fuseki</span><span class="p">:</span><span class="n">serviceReadGraphStore</span> "<span class="n">get</span>" <span class="p">;</span>
- <span class="n">fuseki</span><span class="p">:</span><span class="n">dataset</span> <span class="o"><</span>#<span class="n">access_dataset</span><span class="o">></span><span class="p">;</span>
- <span class="p">.</span>
+<pre>
+ <#service_tdb2> rdf:type fuseki:Service ;
+ rdfs:label "Graph-level access controlled dataset" ;
+ fuseki:name "db-graph-acl" ;
+ ## Read-only operations.
+ fuseki:serviceQuery "query" ;
+ fuseki:serviceQuery "sparql" ;
+ fuseki:serviceReadGraphStore "get" ;
+ fuseki:dataset <b><#access_dataset></b> ;
+ .
-<span class="o"><</span>#<span class="n">access_dataset</span><span class="o">></span> <span class="n">rdf</span><span class="p">:</span><span class="n">type</span> <span class="n">access</span><span class="p">:</span><span class="n">AccessControlledDataset</span> <span class="p">;</span>
- <span class="n">access</span><span class="p">:</span><span class="n">registry</span> <span class="o"><</span>#<span class="n">securityRegistry</span><span class="o">></span> <span class="p">;</span>
- <span class="n">access</span><span class="p">:</span><span class="n">dataset</span> <span class="o"><</span>#<span class="n">tdb_dataset_shared</span><span class="o">></span> <span class="p">;</span>
- <span class="p">.</span>
+ <#access_dataset> rdf:type access:AccessControlledDataset ;
+ access:registry <#securityRegistry> ;
+ access:dataset <#tdb_dataset_shared> ;
+ .
-<span class="o"><</span>#<span class="n">tdb_dataset_shared</span><span class="o">></span> <span class="n">rdf</span><span class="p">:</span><span class="n">type</span> <span class="n">tdb</span><span class="p">:</span><span class="n">DatasetTDB</span> <span class="p">;</span>
- <span class="p">.</span> <span class="p">.</span> <span class="p">.</span>
-</pre></div>
+ <#securityRegistry>rdf:type access:SecurityRegistry ;
+ . . .
+ <#tdb_dataset_shared> rdf:type tdb:DatasetTDB ;
+ . . .
+</pre>
<p>All dataset storage types are supported. TDB1 and TBD2 have special implementations for handling graph access control.</p>
<h3 id="graph-security-registry">Graph Security Registry<a class="headerlink" href="#graph-security-registry" title="Permanent link">¶</a></h3>
@@ -497,8 +506,7 @@ list of URIs as its object.</p>
<p>For authentication configuration not covered by Fuseki configuration,
the deployed server can be run using a Jetty configuration.</p>
<p>Server command line: <tt>--jetty=<i>jetty.xml</i></tt>.</p>
-<p><a href="https://www.eclipse.org/jetty/documentation/current/jetty-xml-config.html">Documentation for
-<code>jetty.xml</code></a>.</p>
+<p><a href="https://www.eclipse.org/jetty/documentation/current/jetty-xml-config.html">Documentation for <code>jetty.xml</code></a>.</p>
</div>
</div>