0

I am using fuseki 2.4 and have set a basic authentication in shiro.ini, sharing the contents of the current shiro.ini file below. Once after setting the credentials and restart fuseki service, when I try to make a connection to fuseki using direct fuseki endpoint ("/$/datasets/"), I am getting the authentication error as expected. If Iam trying to connect to fuseki data using a sparql, I am expecting the same authentication error as I have set the credentials in shiro.ini and haven't done authentication before making sparql call, but that's not happening and the connection is successful just like as in the case of no authentication. Expectation here is, the respective sparql connection shouldn't happen as I have set the authentication in shiro.ini. Can anyone please help me with this? Contents in shiro.ini:


[main]
# Development
ssl.enabled = false 

plainMatcher=org.apache.shiro.authc.credential.SimpleCredentialsMatcher
#iniRealm=org.apache.shiro.realm.text.IniRealm 
iniRealm.credentialsMatcher = $plainMatcher

localhostFilter=org.apache.jena.fuseki.authz.LocalhostFilter

[users]
# Implicitly adds "iniRealm =  org.apache.shiro.realm.text.IniRealm"
admin=password123

[roles]

[urls]
## Control functions open to anyone
/$/status = anon
/$/ping   = anon

## and the rest are restricted to localhost.
##/$/** = localhostFilter


## If you want simple, basic authentication user/password
## on the operations, 
##    1 - set a better password in [users] above.
##    2 - comment out the "/$/** = localhost" line and use:
/$/** = authcBasic,user[admin]

## or to allow any access.
##/$/** = anon

# Everything else
/**=anon```
Bhavya
  • 45
  • 5
  • 1
    off-topic, but why `fuseki 2.4`? we're now at `4.5` – UninformedUser Aug 24 '22 at 13:53
  • We have been using fuseki 2.4 in the product from a long back, and was not planning for a migration in the near future as it might impact some functionalities (based on TDB and TDB2), so a detailed RnD will be required before migration and thus holded the same :) – Bhavya Aug 24 '22 at 15:22
  • SPARQL query will be something like `/dataset/query`. The match is `/**=anon`. – AndyS Aug 24 '22 at 16:04
  • @AndyS Just wanted to know whether the restriction to sparql queries (using sparqlWrapper) is possible by changing the fuseki configurations or not? If possible, how to change the configuration? Could you please help with that? – Bhavya Aug 26 '22 at 12:00
  • "restriction" meaning so the authentication is applied? Yes. Change the part I pointed to. Your installation appear to be using the the "anon" rule for query on a dataset so change that. `/$/Datasets` was triggering the `/$/**` rule. `$` is not a magic character with any meaning except match a `$` in the URL. – AndyS Aug 26 '22 at 16:06

0 Answers0