Ouch - so there is a different method for each possible deployment - making it pretty hard to test locally then deploy.
I tried setting up a user and password in the secure store and using that - but it didnt seem to work - maybe because there disnt seem to be any meaningful way to assign the user to permissions on the CreateProjectService. (Its no use to set permissions on individual coillections manually - both because we are creating a collection and the scalability of such a solution would be broken. The text for securePasswordURL say "if it has a value" but there is no documentation about that value - although the name suggest a URL, the value type appears to be string... but if I put "true" it asks for connection for batch@true so i set securePasswordURL with the target URL (instead of arg:url) and it complains arg:url is not set ... so i set them both - and it returns a 500 error with another NPE - even though the url works in an authenticated browser session A 500 error for authentication failure is a bug - it should be 401 or 403 - (although at this stage 418 is perhaps appropriate) So now I have three problems, irreconcilable in combination: 1) checking i have set up the EDg permissions correctly 2) checking my script configuration sets permissions correctly 3) working out how different future deployments might behave There needs to be a step by step testable methodology for setting up and testing access control. On Tuesday, 9 October 2018 18:01:30 UTC+11, Rob Atkinson wrote: > > AFIACT if I want to invoke a EDG service without pasting into a browser I > need to provide authentication - possibly however thats via a session > cookie? > > I have tried using the SPARQLmotion "import text from URL" as the only > obvious way i can see to invoke a URL inside SPARQLmotion - but its not > obvious how access control to web services is handled. > > The most comprehensive overview I can find is > https://www.topquadrant.com/2015/07/24/web-services-and-topquadrant-products/ > but this is completely silent on access control. > > If I use a browser not logged into EDG i get the same result I get from > TBC - another Null pointer exception. > > 1) Is there a better way of invoking an EDG service within TBC? > 2) what are the EDG user/permissions/roles etc needed to provide password > controlled access to services? > 3) Is there a way to avoid putting passwords into SparqlMotion scripts > (perhaps a SPIN template to retrieve them from EDG configuration somehow?) > > -- You received this message because you are subscribed to the Google Groups "TopBraid Suite Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
