GitHub user afs opened a pull request:
https://github.com/apache/jena/pull/486
JENA-1623 : Fuseki server and service access control
Includes authentication support. This is packaging up the Jetty facilities
to make them more accessible for typical usage in Fuseki.
Not included in this PR: https support (again, packaging of what is
available in Jetty).
With JENA-1595, the access control options are:
* server access control by user/password
* per-service (i.e. `rdf:type fuseki:Service`) access control
* graph-visibility level control for a read-only dataset; SPARQL Query,
including FROM/FROM NAMED, and Graph Store Protocol, including (it can be
updated by a different service, different access control, sharing the same
database). Works for all storage; it works efficiently with TDB1 and TDB2 to
filter quads coming out of the database.
Not provided (yet):
* endpoint access control (i.e. a particular operation within a service)
* per graph update (graph level access currently blocks update)
At the time of PR submission: there is one missing case yet to be done
which `SELECT * FROM { ?s ?p ?o }` and other special
graphs. The more correct/useful `GRAPH ` does work
correctly.
You can merge this pull request into a Git repository by running:
$ git pull https://github.com/afs/jena fuseki-access
Alternatively you can review and apply these changes as the patch at:
https://github.com/apache/jena/pull/486.patch
To close this pull request, make a commit to your master/trunk branch
with (at least) the following in the commit message:
This closes #486
commit df9f849122f18fc28d7ffa5704fcd0fb653b18cd
Author: Andy Seaborne
Date: 2018-10-31T10:33:01Z
Removed deprecated constructors in favour of the builder pattern.
commit 0a12d4e446c21b2272b1356cd204dfa52793286f
Author: Andy Seaborne
Date: 2018-11-01T09:37:10Z
Refactor the do-nothing DatasetGraphs.
commit 616072ed8547a5a353913556b8d70a27423ddd47
Author: Andy Seaborne
Date: 2018-11-01T18:46:06Z
Tidy up and maintenance.
commit 2c46f9af17585530902c949ea3220639e3243016
Author: Andy Seaborne
Date: 2018-11-01T18:46:56Z
Cope with non-existent graphs in "GRAPH ?g" loop.
commit 213677f50cdabb2b29f561d9dace11e1d8742ebd
Author: Andy Seaborne
Date: 2018-11-01T19:55:42Z
JENA-1594: Add authentication support (digest or basic).
Add support for FROM handling with graph-access-controlled datasets.
Code cleaning.
commit 35fa63eaece862271c661fb6e0bf4df2509d4037
Author: Andy Seaborne
Date: 2018-11-01T20:44:50Z
Merge branch 'master' into fuseki-access
Overlapping changes in SPARQL_QueryGeneral.java
commit 3790008a014ce6bf34961e052f0a11f95e3f1051
Author: Andy Seaborne
Date: 2018-11-02T12:03:31Z
Remove unused import.
commit 52f4edd7e5e1d633a84e37596c8ee0815425c0b0
Author: Andy Seaborne
Date: 2018-11-02T14:46:34Z
Maintainence.
commit 7f72fbf62a6b1268f42743bafd5f31ddb9f36c20
Author: Andy Seaborne
Date: 2018-11-02T17:15:04Z
JENA-1594: Add filtering for all operations.
commit d12b6e3fda14f8400144b2a2d5c492c6c2f1c536
Author: Andy Seaborne
Date: 2018-11-02T17:21:19Z
JENA-1623: Service authorization by HTTP authentication.
commit 2bb97e4e70a1fba5663772796a50cca2502860c7
Author: Andy Seaborne
Date: 2018-11-02T18:17:58Z
Refactor parsing and processing Fuseki configuration files.
commit b4bc12a9c6f2070e84ca55a526eeab1dfa675846
Author: Andy Seaborne
Date: 2018-11-02T18:18:18Z
Rename FusekiSystem as FusekiWebapp.
commit c66c263cf92bc3fee3b86146628b175745e4b8bb
Author: Andy Seaborne
Date: 2018-11-03T16:57:13Z
JENA-1623: Server authorization by HTTP authentication.
---