Hi Barry,
On 05/06/2020 14:44, Nouwt, B. (Barry) wrote:
Hi all, thanks for Apache Jena.
We are using Fuseki Main (embedded) together with a password file that
configures Jetty's security settings. We are also using Jena Permissions and a
custom SecurityEvaluator and we are wondering how to implement the
SecurityEvaluator#getPrincipal() method when using Fuseki Embedded. In the
Fuseki as a web application (which uses Shiro for its security), we were able
to use Shiro's SecurityUtils.getSubject() method in the getPrincipal() method
to retrieve the currently logged in user, but how can we achieve this using
Jetty? I'm searching for a static method in Jetty's security that returns the
currently logged in user, but until now I've only found ways to get the current
user via the HttpRequest. But we do not have access to that within the
SecurityEvaluator.
Shiro seems to be putting the putting the principal into a map held in a
ThreadLocal.
Either doing that as a additional feature or having a way to tap into
the auth-dispatch cycle so that user can can decide to do it seems
reasonable. The latter - a general hook of some kind - would mean the
request could be inspected for this or other things.
For the current released code, I haven't found a way to manipulate the
Jetty server. I had hoped to mess around with the Jetty structure and
insert a filter but I can't find a way in Jetty9 yet. Got close (I can
find the FusekiFilter) but changes aren't being see by the server and
the usual dispatch still occurs. Some code in Jetty is taking a copy of
structures.
FusekiServer.Builder does support adding servlet Filters to the server
added but they go after the Fuseki dispatcher so don't help.
A simple code change is use FusekiServer.Builder.addFilter and change
servletsAndFilters move to line 1008 [1] to 995 [2], just before the
FusekiFilter is created.
Andy
BTW Is there any reason not to have the CORS filter always present in
Fuseki main? e.g. Newer yasgui's loaded from unpkg.com require it.
[1]
https://github.com/apache/jena/blob/master/jena-fuseki2/jena-fuseki-main/src/main/java/org/apache/jena/fuseki/main/FusekiServer.java#L1008
[2]
https://github.com/apache/jena/blob/master/jena-fuseki2/jena-fuseki-main/src/main/java/org/apache/jena/fuseki/main/FusekiServer.java#L1008
Any ideas?
Thanks in advance!
Barry
This message may contain information that is not intended for you. If you are
not the addressee or if this message was sent to you by mistake, you are
requested to inform the sender and delete the message. TNO accepts no liability
for the content of this e-mail, for the manner in which you use it and for
damage of any kind resulting from the risks inherent to the electronic
transmission of messages.
