On 08/04/15 12:16, Sorin Gheorghiu wrote:
Hi Stain,
you're right, I don't want anyone to access the server. I learnt from
Andy it is working without restriction on /$/** and using the simple
user/password.
My misunderstanding was I could replace 'localhost' with a specific IP
address and restrict the access, like 'pg_hba.conf' for Postgres does. I
guess Shiro can filter it, as discussed here:
http://stackoverflow.com/questions/7584484/is-there-a-way-to-get-the-ip-address-of-the-client-caller-in-a-shiro-filter-in-g
but . Just for my information, do you know is there a easier way?
Thank you,
Sorin
So I'll change the name to "localhostFilter" to make that part clearer.
The Shiro filter actually used is provided by Fuseki:
https://github.com/apache/jena/blob/master/jena-fuseki2/jena-fuseki-core/src/main/java/org/apache/jena/fuseki/authz/LocalhostFilter.java
(Contributed back to Shiro so eventually it will appear there, I hope)
A specific IP address version could be created - the problem is that
with proxies and reverse proxies, and "X-Forwarded-For" and load
balancers, it is really a complicated matter of knowing the true remote
client, if it is possible at all.
A "SpecificHostFilter" would be OK for local LAN deployments.
It would be nice to have a digest password filter as well. "Basic" is
really too basic unless https is used. Digest is an extra round trip :
return 401 with a WWW-Authenticate header but I don't see why the filter
can't do that if it can force the first response via onAccessDenied.
Does anyone know of one for shiro anywhere to use an an example starting
point?
Andy
SHIRO-20 is caught up in other more complicated setups.
Am 08.04.2015 um 10:59 schrieb Stian Soiland-Reyes:
If you are unable to access Fuseki from the actual localhost for
dataset management (e.g. it's a remote server and you don't want to
use tricks like SSH tunnels), then you still probably do not want
anyone on your network which can access the server from being able to
change the datasets, right?
(I've checked that I can't access it from the internet, so either you
have a firewall sorted, or have turned it off for now)
If you don't already have a firewall that restricts 134...195:3030 to
only be accessed by client IPs which are allowed to manage your Fuseki
installation, then you will probably want to set up username/password
protection in your shiro.ini.
Unfortunately the Fuseki 2 user interface is not yet very good yet at
"hiding" bits you don't have access to - so if you enable
username/password, it will easily ask other visitors for the password
as soon as they click on "manage".
Here's the shiro.ini I use for username/password:
https://github.com/stain/jena/blob/fuseki2-docker-maven/jena-fuseki2/jena-fuseki-docker/shiro.ini
You will probably want a better password than "pw" :)
("pw" above is search-replaced with a random password in my Docker
deployment)
On 5 April 2015 at 19:24, Sorin Gheorghiu
<[email protected]
<mailto:[email protected]>> wrote:
Hi,
after starting the server without errors and loading few triples
successfully, no dataset is shown on the server web interface
(neither on port 3030 nor 8080).
Moreover it is not posible to manage the datasets. What am I doing
wrong? The server runs under Ubuntu 12.04.
Thanks,
Sorin
# java -Xmx8G -jar fuseki-server.jar --config=/etc/fuseki/config.ttl
[2015-04-05 19:48:02] Server INFO Fuseki 2.0.0
2015-03-08T09:49:20+0000
[2015-04-05 19:48:02] Config INFO
FUSEKI_HOME=/opt/apache-jena-fuseki-2.0.0/.
[2015-04-05 19:48:02] Config INFO
FUSEKI_BASE=/opt/apache-jena-fuseki-2.0.0/run
[2015-04-05 19:48:02] Servlet INFO Initializing Shiro environment
[2015-04-05 19:48:02] Config INFO Shiro file:
file:///opt/apache-jena-fuseki-2.0.0/run/shiro.ini
[2015-04-05 19:48:02] Config INFO Configuration file:
/etc/fuseki/config.ttl
[2015-04-05 19:48:03] Builder INFO Service: TDB/text service
[2015-04-05 19:48:03] Config INFO Register: /GND030215
[2015-04-05 19:48:03] Server INFO Started 2015/04/05 19:48:03
CEST on port 3030
# /opt/apache-jena-2.13.0/bin/tdbloader --loc:GND030215
GND_example.ttl
19:36:37 INFO loader :: -- Start triples data phase
19:36:37 INFO loader :: ** Load empty triples table
19:36:37 INFO loader :: -- Start quads data phase
19:36:37 INFO loader :: ** Load empty quads table
19:36:37 INFO loader :: Load: GND_example.ttl --
2015/04/05 19:36:37 CEST
19:36:38 INFO loader :: -- Finish triples data phase
19:36:38 INFO loader :: ** Data: 196 triples loaded
in 0,41 seconds [Rate: 483,95 per second]
19:36:38 INFO loader :: -- Finish quads data phase
19:36:38 INFO loader :: -- Start triples index phase
19:36:38 INFO loader :: ** Index SPO->POS: 194
slots indexed in 0,02 seconds [Rate: 12.125,00 per second]
19:36:38 INFO loader :: ** Index SPO->OSP: 194
slots indexed in 0,01 seconds [Rate: 12.933,33 per second]
19:36:38 INFO loader :: -- Finish triples index phase
19:36:38 INFO loader :: ** 194 triples indexed in
0,03 seconds [Rate: 6.258,06 per second]
19:36:38 INFO loader :: -- Finish triples load
19:36:38 INFO loader :: ** Completed: 196 triples
loaded in 0,46 seconds [Rate: 428,88 per second]
19:36:38 INFO loader :: -- Finish quads load
http://134.34.201.195:3030/GND030215/query?query=SELECT%20*%20%7B%3Fs%20%3Fp%20%3Fo%7D%20limit%205
[2015-04-05 19:40:38] Fuseki INFO [1] GET
http://134.34.201.195:3030/GND030215/query?query=SELECT%20*%20%7B%3Fs%20%3Fp%20%3Fo%7D%20limit%205
[2015-04-05 19:40:38] Fuseki INFO [1] GET /GND030215 ::
'query' :: <none> ?
query=SELECT%20*%20%7B%3Fs%20%3Fp%20%3Fo%7D%20limit%205
[2015-04-05 19:40:38] Fuseki INFO [1] Query = SELECT * {?s ?p
?o} limit 5
[2015-04-05 19:40:38] Fuseki INFO [1] exec/select
[2015-04-05 19:40:38] Fuseki INFO [1] 200 OK (86 ms)
--
Stian Soiland-Reyes
Apache Taverna (incubating), Apache Commons RDF (incubating)
http://orcid.org/0000-0001-9842-9718
