On 30/09/15 14:49, Sayah Tarek wrote:
Hello,
I enabled basic authentication in Jena Fuseki2 by uncommenting /$/** =
authcBasic,user in shiro.ini file. When I use the web page, I am asked to
give username and password, everything works fine. The problem is that when
I execute a query over the sparql service using
QueryExecutionFactory.sparqlService, I get the answer of the query, which
means that the sparql service in fuseki is not secured. Did I miss some
parameter to make sparqlservice ask for authentication?
Thanks in advance
Hi Tarek,
If you add rules to the shiro.ini file for your dataset services then
these should trigger authentication e.g. "/ds/sparql". The $ in "/$/**"
isn't a placeholder, it is a real /$/ that the UI uses to mean it does
not clash with dataset names.
Other options include deploying the .war file in Tomcat and use Tomcat's
security, or put a reverse proxy (httpd, nginx etc etc) in front of the
Fuseki server (and only allow traffic via the reverse proxy ) and use
the security features of the front-facing web server,
Andy
