Barry,
Hack for 3.15.0:
Example of installing a wrapper servlet filter in Apache jena Fuseki 3.15.0.
That servlet can put the Principal in ThreadLocal as a last resort to
not having any access tot the servlet request or context.
Don't format to remove cached Principal object after the call to
FusekiFilter!
https://gist.github.com/afs/0fc46097c4f8930ac12da9ca69fc42a8
Minimally tested.
Andy
On 06/06/2020 09:51, Andy Seaborne wrote:
Hi Barry,
On 05/06/2020 14:44, Nouwt, B. (Barry) wrote:
Hi all, thanks for Apache Jena.
We are using Fuseki Main (embedded) together with a password file that
configures Jetty's security settings. We are also using Jena
Permissions and a custom SecurityEvaluator and we are wondering how to
implement the SecurityEvaluator#getPrincipal() method when using
Fuseki Embedded. In the Fuseki as a web application (which uses Shiro
for its security), we were able to use Shiro's
SecurityUtils.getSubject() method in the getPrincipal() method to
retrieve the currently logged in user, but how can we achieve this
using Jetty? I'm searching for a static method in Jetty's security
that returns the currently logged in user, but until now I've only
found ways to get the current user via the HttpRequest. But we do not
have access to that within the SecurityEvaluator.
Shiro seems to be putting the putting the principal into a map held in a
ThreadLocal.
Either doing that as a additional feature or having a way to tap into
the auth-dispatch cycle so that user can can decide to do it seems
reasonable. The latter - a general hook of some kind - would mean the
request could be inspected for this or other things.
For the current released code, I haven't found a way to manipulate the
Jetty server. I had hoped to mess around with the Jetty structure and
insert a filter but I can't find a way in Jetty9 yet. Got close (I can
find the FusekiFilter) but changes aren't being see by the server and
the usual dispatch still occurs. Some code in Jetty is taking a copy of
structures.
FusekiServer.Builder does support adding servlet Filters to the server
added but they go after the Fuseki dispatcher so don't help.
A simple code change is use FusekiServer.Builder.addFilter and change
servletsAndFilters move to line 1008 [1] to 995 [2], just before the
FusekiFilter is created.
Andy
BTW Is there any reason not to have the CORS filter always present in
Fuseki main? e.g. Newer yasgui's loaded from unpkg.com require it.
[1]
https://github.com/apache/jena/blob/master/jena-fuseki2/jena-fuseki-main/src/main/java/org/apache/jena/fuseki/main/FusekiServer.java#L1008
[2]
https://github.com/apache/jena/blob/master/jena-fuseki2/jena-fuseki-main/src/main/java/org/apache/jena/fuseki/main/FusekiServer.java#L1008
Any ideas?
Thanks in advance!
Barry
This message may contain information that is not intended for you. If
you are not the addressee or if this message was sent to you by
mistake, you are requested to inform the sender and delete the
message. TNO accepts no liability for the content of this e-mail, for
the manner in which you use it and for damage of any kind resulting
from the risks inherent to the electronic transmission of messages.
