Hi Rumi,
Using vhost_define() through isql we can achieve the same thing:
DB.DBA.VHOST_DEFINE (
lhost=><ip:port>,
vhost=><name>,
lpath=>'/sparql',
ppath=>'/!sparql/',
is_dav=>1,
vsp_user=>'dba',
ses_vars=>0,
sec=>'digest',
auth_fn=>'DB.DBA.HP_AUTH_SPARQL_USER',
realm=>'SPARQL',
opts=>vector('noinherit', 1, 'exec_as_get', 1),
is_default_host=>0
);
It is password protected, but it is read+write ,even though I have:
'exec_as_get', 1
Best,
Gang
On Wed, Feb 4, 2015 at 6:57 AM, Rumi <rtsek...@openlinksw.com> wrote:
> Hi Gang Fu,
>
> On 04-Feb-15 2:22 AM, Gang Fu wrote:
>
> Hi Rumi,
>
> I have tried to expose a password-protected sparql endpoint, actually it
> can be done using vhost_define() function as well, just add sec=>'digest'
> and authentication function. But the vsp_user to expose a
> password-protected sparql endpoint is still dba.
>
>
> By default /sparq-auth is protected, so what you can try is :
>
> 1. Export /sparq-auth definition from Conductor->Web Application Server ->
> Virtual Domains & Directories
> 2. Change in the generated script /sparql-auth with /sparql.
> * Note: the vsp_user is dba, but in the next step you can change in
> the authentication function a connection setting so to use your user.
> 3. In the authentication function DB.DBA.HP_AUTH_SPARQL_USER
> (sparql_io.sql) there is:
> Lin: 2935 user_id := connection_get ('SPARQLUserId', 'SPARQL');
> Change it respectively so to use your user and execute the function
> creation so the change to kick in.
> 4. Execute from Conductor or iSQL the changed script from step 2.
>
> Please let me know if that worked for you.
>
>
> Best Regards,
> Rumi Kocis
>
>
> Best,
> Gang
>
> On Tue, Feb 3, 2015 at 12:35 PM, Rumi <rtsek...@openlinksw.com> wrote:
>
>> Hi Gang Fu,
>>
>> On 03-Feb-15 3:47 PM, Gang Fu wrote:
>>
>> Hi Rumi,
>>
>> I looked at the source code of libsrc/Wi/sparql_io.sql for procedure
>> WS.WS."/!sparql/":
>> create procedure WS.WS."/!sparql/" (inout path varchar, inout params
>> any, inout lines any)
>>
>> I am not sure whether the user as "SPARQL" for /sparql endpoint are set
>> by default here:
>> user_id := connection_get ('SPARQLUserId', 'SPARQL');
>> set_user_id (user_id, 1);
>>
>>
>> I have tried to grant SPARQL_UPDATE to user "SPARQL", then the /sparql
>> endpoint is not read-only....
>> And when I tried to grant another role, I got
>> The object "SPARQL_LOAD_SERVICE_DATA" does not exist.
>>
>> But it does not allow me to expose /sparql endpoint using vsp_user
>> "SPARQL". What I am really interested in is how to expose sparql endpoint
>> using vsp users other than dba.
>>
>>
>> Hm, I would say you grant the roles to another vsp user as this is what
>> you want to achieve is this correct?
>> As now you granted them to "SPARQL" instead?
>> Additionally, did you try the steps from the guide
>> http://virtuoso.openlinksw.com/dataspace/doc/dav/wiki/Main/VirtSPARQLProtectSQLDigestAuthentication
>> ?
>>
>>
>> Best Regards,
>> Rumi Kocis
>>
>>
>> Best,
>> Gang
>>
>> On Tue, Feb 3, 2015 at 8:10 AM, Rumi <rtsek...@openlinksw.com> wrote:
>>
>>> Hi Gang Fu,
>>>
>>> On 03-Feb-15 1:15 PM, Gang Fu wrote:
>>>
>>> Hi,
>>>
>>> I am using function vhost_define() to expose read-only sparql endpoint
>>> through another port (different from 8890) for security concern.
>>>
>>> I have two questions:
>>> 1) how can I expose a sparql endpoint using account other than 'dba'. I
>>> have tried to using vsp_user=>'SPARQL', but I got '404 cannot access' error
>>> when I tried the url. I also set the opts->(executable, 'yes'), this option
>>> seems to allow any vsp user to have execute permission, but it still does
>>> not work. I also tried to set user 'SPARQL' to administrator role, but
>>> still cannot work....
>>>
>>>
>>> Please try the steps from this guide: "Secure SPARQL Endpoint via SQL
>>> Accounts -- usage path digest authentication"
>>>
>>> Link:
>>> http://virtuoso.openlinksw.com/dataspace/doc/dav/wiki/Main/VirtSPARQLProtectSQLDigestAuthentication
>>>
>>> Related:
>>> -- Securing SPARQL endpoints:
>>> http://virtuoso.openlinksw.com/dataspace/doc/dav/wiki/Main/VirtTipsAndTricksGuideSPARQLEndpoints
>>> -- Securing your SPARQL Endpoint via OAuth:
>>> http://virtuoso.openlinksw.com/dataspace/dav/wiki/Main/VirtOAuthSPARQL
>>> -- Securing your SPARQL Endpoint via WebID:
>>> http://virtuoso.openlinksw.com/dataspace/dav/wiki/Main/VirtSPARQLSecurityWebID
>>>
>>>
>>> 2) how can I know and configure the user account to use '/sparql'
>>> endpoint by default. The system table 'DB.DBA.HTTP_PATH' only shows that
>>> the vsp_user is 'dba', but it does not show the default user of that
>>> endpoint is 'SPARLQ' (ID=106). The documentation says the user is 'SPARLQ'
>>> for both '/sparql' and '/sparql-graph-crud', but I cannot find any system
>>> table for that. Our system team wants to audit that information.
>>>
>>>
>>> The name 'SPARQL' is a constant in the code of SPARQL web service
>>> endpoint pages ( /sparql and /sparql-auth ).
>>> Another name can be used if authentication function sets connection
>>> variable 'SPARQLUserId' to that name, for ex., placing inside
>>> authentication call:
>>>
>>> connection_set ('SPARQLUserId', 'SOME_USER_NAME');
>>>
>>>
>>> What you could try is to grant more roles to the user if needed, such as:
>>> SPARQL_LOAD_SERVICE_DATA or SPARQL_UPDATE, by granting directly to the
>>> user or, better, to SPARQL_SELECT, since the endpoint page will require
>>> that the user is member of SPARQL_SELECT group -- that's the minimal
>>> practical permission, however one can grant more permissions.
>>>
>>>
>>> Best Regards,
>>> Rumi Kocis
>>>
>>>
>>> Best,
>>> Gang
>>>
>>>
>>> ------------------------------------------------------------------------------
>>> Dive into the World of Parallel Programming. The Go Parallel Website,
>>> sponsored by Intel and developed in partnership with Slashdot Media, is your
>>> hub for all things parallel software development, from weekly thought
>>> leadership blogs to news, videos, case studies, tutorials and more. Take a
>>> look and join the conversation now. http://goparallel.sourceforge.net/
>>>
>>>
>>>
>>> _______________________________________________
>>> Virtuoso-users mailing
>>> listVirtuoso-users@lists.sourceforge.nethttps://lists.sourceforge.net/lists/listinfo/virtuoso-users
>>>
>>>
>>>
>>
>>
>
>
------------------------------------------------------------------------------
Dive into the World of Parallel Programming. The Go Parallel Website,
sponsored by Intel and developed in partnership with Slashdot Media, is your
hub for all things parallel software development, from weekly thought
leadership blogs to news, videos, case studies, tutorials and more. Take a
look and join the conversation now. http://goparallel.sourceforge.net/
_______________________________________________
Virtuoso-users mailing list
Virtuoso-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/virtuoso-users
