Disable only unauthenticated adding of datasets to Fuseki

Question

I'm trying to set up a SPARQL endpoint for an Organisation as part of a Open source project with Apache Jena Fuseki and will be hosting it on a server publicly soon and i've uploaded the open data into it.

While i want users to be able to directly query the dataset without any authentication i'd like to disable only adding of new datasets through any sort of auth(Even Basic auth would do as of now , ie : major concern is only that other people should not corrupt the endpoint)

Right now i've identified three ways users can do this

1. Through the admin UI from a browser ( internally calls the POST request to {fusekihostedURL}/dataset/update?=xxxx )

2. through a POST request through command line to the publicly hosted dataset

3. through the Sparql Graph protocol ( sends POST request to {fusekiURl}/dataset/data )

i can use a shiro.ini with a basic auth of username and password , but that blocks the fuseki landing page itself with a pop-up of username and password which i don't want to enable querying for the public .

Apart from sitting behind a reverse proxy ( using fuseki as a war file on tomcat so blocking that port would mean blocking all other applications ) is there anything that could be done ?

Any help would be greatly appreciated

Answer 1

If you write a configuration file for your dataset, then you can simply not provide endpoints for update and graph store protocol update (which will also disable dataset update).

You can also do this in shiro.ini - it will take editing of the shiro.ini file to put in more sophistiated rules than the default. Not providing the services is the most secure.