Example 1 with SecurityContextView
use of org.apache.jena.fuseki.access.SecurityContextView in project jena by apache.
the class ExFuseki_06_DataAccessCtl method main.
public static void main(String... a) {
FusekiLogging.setLogging();
int port = WebLib.choosePort();
String datasetName = "/ds";
String URL = format("http://localhost:%d%s", port, datasetName);
// ---- Set up the registry.
AuthorizationService authorizeSvc;
{
SecurityRegistry reg = new SecurityRegistry();
// user1 can see the default graph and :g1
reg.put("user1", new SecurityContextView("http://example/g1", Quad.defaultGraphIRI.getURI()));
// user2 can see :g1
reg.put("user2", new SecurityContextView("http://example/g1"));
// user3 can see :g1 and :g2
reg.put("user3", new SecurityContextView("http://example/g1", "http://example/g2"));
// Hide implementation.
authorizeSvc = reg;
}
// ---- Some data
DatasetGraph dsg = createData();
// ---- User authentication database (Jetty specific)
UserStore userStore = new UserStore();
addUserPassword(userStore, "user1", "pw1", "**");
addUserPassword(userStore, "user2", "pw2", "**");
try {
userStore.start();
} catch (Exception ex) {
throw new RuntimeException("UserStore", ex);
}
// ---- Build server, start server.
FusekiServer server = fuseki(port, userStore, authorizeSvc, datasetName, dsg);
server.start();
// ---- HttpClient connection with user and password basic authentication.
Authenticator authenticator = AuthLib.authenticator("user1", "pw1");
HttpClient client = HttpClient.newBuilder().authenticator(authenticator).connectTimeout(Duration.ofSeconds(10)).build();
// ---- Use it.
try (RDFConnection conn = RDFConnectionRemote.newBuilder().destination(URL).httpClient(client).build()) {
// What can we see of the database? user1 can see g1 and the default graph
System.out.println("\nFetch dataset");
Dataset ds1 = conn.fetchDataset();
RDFDataMgr.write(System.out, ds1, RDFFormat.TRIG_FLAT);
// Get a graph.
System.out.println("\nFetch named graph");
Model m1 = conn.fetch("http://example/g1");
RDFDataMgr.write(System.out, m1, RDFFormat.TURTLE_FLAT);
// Get a graph. user tries to get a graph they have no permission for ==> 404
System.out.println("\nFetch unexistent named graph");
try {
Model m2 = conn.fetch("http://example/g2");
} catch (HttpException ex) {
System.out.println(ex.getMessage());
}
}
// Need to exit the JVM : there is a background server
System.exit(0);
}
Also used :
Dataset(org.apache.jena.query.Dataset)
SecurityContextView(org.apache.jena.fuseki.access.SecurityContextView)
FusekiServer(org.apache.jena.fuseki.main.FusekiServer)
HttpException(org.apache.jena.atlas.web.HttpException)
DatasetGraph(org.apache.jena.sparql.core.DatasetGraph)
UserStore(org.eclipse.jetty.security.UserStore)
AuthorizationService(org.apache.jena.fuseki.access.AuthorizationService)
RDFConnection(org.apache.jena.rdfconnection.RDFConnection)
HttpClient(java.net.http.HttpClient)
Model(org.apache.jena.rdf.model.Model)
HttpException(org.apache.jena.atlas.web.HttpException)
Authenticator(java.net.Authenticator)
SecurityRegistry(org.apache.jena.fuseki.access.SecurityRegistry)
Example 2 with SecurityContextView
use of org.apache.jena.fuseki.access.SecurityContextView in project jena by apache.
the class TestSecurityFilterFuseki method beforeClass.
// Set up Fuseki with two datasets, "data1" backed by TDB and "data2" backed by TDB2.
@BeforeClass
public static void beforeClass() {
addTestData(testdsg1);
addTestData(testdsg2);
addTestData(testdsg3);
SecurityRegistry reg = new SecurityRegistry();
reg.put("userNone", SecurityContext.NONE);
reg.put("userDft", SecurityContextView.DFT_GRAPH);
reg.put("user0", new SecurityContextView(Quad.defaultGraphIRI.getURI()));
reg.put("user1", new SecurityContextView("http://test/g1", Quad.defaultGraphIRI.getURI()));
reg.put("user2", new SecurityContextView("http://test/g1", "http://test/g2", "http://test/g3"));
reg.put("user3", new SecurityContextView(Quad.defaultGraphIRI.getURI(), "http://test/g2", "http://test/g3"));
testdsg1 = DataAccessCtl.controlledDataset(testdsg1, reg);
testdsg2 = DataAccessCtl.controlledDataset(testdsg2, reg);
testdsg3 = DataAccessCtl.controlledDataset(testdsg3, reg);
UserStore userStore = userStore();
ConstraintSecurityHandler sh = JettyLib.makeSecurityHandler("*", userStore);
JettyLib.addPathConstraint(sh, "/*");
// If used, also check log4j2.properties.
// FusekiLogging.setLogging();
fusekiServer = FusekiServer.create().securityHandler(sh).port(0).add("data1", testdsg1).add("data2", testdsg2).add("data3", testdsg3).build();
fusekiServer.start();
}
Also used :
UserStore(org.eclipse.jetty.security.UserStore)
SecurityContextView(org.apache.jena.fuseki.access.SecurityContextView)
ConstraintSecurityHandler(org.eclipse.jetty.security.ConstraintSecurityHandler)
SecurityRegistry(org.apache.jena.fuseki.access.SecurityRegistry)
BeforeClass(org.junit.BeforeClass)
Aggregations
SecurityContextView (org.apache.jena.fuseki.access.SecurityContextView)2
SecurityRegistry (org.apache.jena.fuseki.access.SecurityRegistry)2
UserStore (org.eclipse.jetty.security.UserStore)2
Authenticator (java.net.Authenticator)1
HttpClient (java.net.http.HttpClient)1
HttpException (org.apache.jena.atlas.web.HttpException)1
AuthorizationService (org.apache.jena.fuseki.access.AuthorizationService)1
FusekiServer (org.apache.jena.fuseki.main.FusekiServer)1
Dataset (org.apache.jena.query.Dataset)1
Model (org.apache.jena.rdf.model.Model)1
RDFConnection (org.apache.jena.rdfconnection.RDFConnection)1
DatasetGraph (org.apache.jena.sparql.core.DatasetGraph)1
ConstraintSecurityHandler (org.eclipse.jetty.security.ConstraintSecurityHandler)1
BeforeClass (org.junit.BeforeClass)1
