Thanks Andy. Indeed the packing/unpacking isn't necessary. Another fuseki docker distribution we use (https://github.com/linked-solutions/jena-docker/blob/master/jena-fuseki/Dockerfile) is based on Stian's image and doesn't unpack fuseki. Getting the fuseki jar via maven rather than wget however seems quite convenient so I would like to combine the two approaches.
I didn't know that Fuseki has HTTPS support. I usually set this up with the Traefik reverse proxy. I've created a video where I describe how to set up things with Traefik and Keycloak: https://www.youtube.com/watch?v=4jI5GM_AOFs I assumed the SecurityEvaluator also applies to GSP. I can run some tests. You think that posting quads to the default graph could bypass the evaluation? Cheers, Reto -----Original Message----- From: Andy Seaborne <[email protected]> Sent: Thursday, May 30, 2019 4:30 PM To: [email protected] Subject: Re: Fuseki OIDC: OpenId authenticated Fuseki access Hi Reto, Looks interesting. Fuseki Main should be able to have the Shiro filter added to it which might be a easier way to build the server, rather than unpack/pack. Fuseki main does have read-level access control per graph: https://jena.apache.org/documentation/fuseki2/data-access-control#graph-acl including HTTPS support and endpoint access control. In Fuseki, incepting add/remove Quad is enough though I am not sure about GSP - if the app POSTs to ?default then Fuseki does get the graph and insert data directly, which can bypass quad operations for some link-based datasets. Andy On 24/05/2019 15:46, Reto Gmür wrote: > Hi Jean-Claude > > OpenID Connect is an identity layer on top of OAuth 2. Our solution includes > a Fuseki DataSetAssembler that provides secured datasets, so it doesn't > modifies Fuseki but merely provides an add-on. It also includes a Shiro > AuthenticatingFilter taking care of the authentication part. We provide a > docker distribution of Fuseki with this add-ons. > > Cheers, > Reto > > -----Original Message----- > From: Jean-Claude Moissinac > <[email protected]> > Sent: Friday, May 24, 2019 4:22 PM > To: [email protected] > Subject: Re: Fuseki OIDC: OpenId authenticated Fuseki access > > Hi Reto > > Interesting > I would like to support such access (or OAuth) Is your solution a modified > version of Fuseki or the integration of some features via the Shiro support > of fuseki? > > Cheers > > -- > Jean-Claude Moissinac > > > > Le ven. 24 mai 2019 à 15:56, Reto Gmür <[email protected]> a écrit : > >> Hi all, >> >> At FactsMission we've been experimenting with controlling Fuseki >> access with OpenID (OIDC) authentication and we would like to invite >> you to try out the results and give us feedback. >> >> >> * You may either set up your own instance using the code available >> here: https://github.com/linked-solutions/fuseki-oidc >> * Or, try out our demo-instance here: >> https://fuseki-oidc-sample-client.factsmission.org/ >> >> While you'll need to set up an account to try it out, you can do so >> with any fake email-address as verification is disabled. >> >> Once you logged in with OIDC you will be able to read data from any >> graph but only allowed to write to a specific graph associated with your >> account. >> The motivation for this configuration is to allow guest-book style >> (client-side) applications where user can add and edit entries in >> their personal graph and see the entries from any graph. >> >> Let me know if you find this useful or if we missed something. >> >> Cheers, >> Reto >> >> >>
