Github user afs commented on a diff in the pull request: https://github.com/apache/jena/pull/492#discussion_r235441879 --- Diff: jena-fuseki2/jena-fuseki-core/src/main/java/org/apache/jena/fuseki/build/FusekiBuilder.java --- @@ -70,16 +69,42 @@ public static void populateStdServices(DataService dataService, boolean allowUpd /** Add an operation to a {@link DataService} with a given endpoint name */ public static void addServiceEP(DataService dataService, Operation operation, String endpointName) { - dataService.addEndpoint(operation, endpointName) ; + dataService.addEndpoint(operation, endpointName) ; + } + + /** Add an operation to a {@link DataService} with a given endpoint name */ + public static void addServiceEP(DataService dataService, Operation operation, String endpointName, AuthPolicy requestAuth) { + dataService.addEndpoint(operation, endpointName, requestAuth) ; } public static void addServiceEP(DataService dataService, Operation operation, Resource svc, Property property) { String p = "<"+property.getURI()+">" ; ResultSet rs = FusekiBuildLib.query("SELECT * { ?svc " + p + " ?ep}", svc.getModel(), "svc", svc) ; for ( ; rs.hasNext() ; ) { QuerySolution soln = rs.next() ; - String epName = soln.getLiteral("ep").getLexicalForm() ; - addServiceEP(dataService, operation, epName); + AuthPolicy requestAuth = null; --- End diff -- Yes - the authorization setup needs to be passed out of the "else" arm of the if it is found, otherwise it is "no AuthPolicy". Java scope issue. "null" means "no value seen in the configuration". An alternative would have been to always have an executable AuthPolicy even if it's "anyone, unauthenticated or not". For keeping track of setup, which can be become quite complicated, I found it slightly easier to use a null as "this hasn't been set" rather than use a marker AuthPolicy. Comment added.
---