Authentication for Virtuoso HTTP POST/PUT

Question

I tried to execute an INSERT statement for an RDF triple in Virtuoso using its web-based SPARQL endpoint (http://localhost:8890/sparql/):

INSERT DATA
  { 
      GRAPH <http://my.graph> 
      { 
        <http://test.com/someid> <http://namespace.ref#someVar> 123
      } 
  }

but I got

Virtuoso 42000 Error SR186:SECURITY: No permission to execute procedure DB.DBA.SPARQL_INSERT_DICT_CONTENT with user ID 107, group ID 107

I was able to run the same statement through my DB editor that uses a JDBC driver on port 1111, using the DBA login.

The web interface/service insert was successful after I ran the following as a DBA through port 1111:

grant execute on DB.DBA.SPARQL_INSERT_DICT_CONTENT to "SPARQL";
grant execute on DB.DBA.SPARQL_INSERT_DICT_CONTENT to SPARQL_UPDATE;

However, I would like to revoke those privileges from user SPARQL, which I understand is associated with the web interface, and send HTTP POST/PUT/DELETE requests with supplied user credentials using digest authentication. Is that possible and how? I went to this page of the manual but it was empty.

The manual is undergoing some restructuring. The section you wanted is [now here](http://docs.openlinksw.com/virtuoso/rdfsparqlprotocolendpoint/#rdfsupportedprotocolendpointurisparqlauthex) (the chapter is now split over multiple pages). — TallTed, Dec 01 '16 at 15:34
thanks. if you would like to up your score (and increase the visibility of your product through search engines), consider posting a digest of that page as it pertains to my question in an answer. — amphibient, Dec 01 '16 at 15:39

score 6 · Answer 1 · answered Oct 17 '17 at 16:22

The OP's goal is discussed in the new location of the manual page they originally tried to visit. (More details are on the product site, than are reproduced below.)

Virtuoso reserves the path /sparql-auth/ for a SPARQL service supporting authenticated SPARUL (a/k/a SPARQL-Update). This endpoint allows specific SQL accounts to perform SPARUL over the SPARQL protocol. To be allowed to log in via SQL or ODBC and update physical triples, a user must be granted SPARQL_UPDATE privileges. To grant this role:

Go to the Virtuoso administration UI, i.e., http://host:port/conductor

Log in as user dba

Go to System Admin → User Accounts → Users

Click the Edit link

Set User type to SQL/ODBC Logins and WebDAV.

From the list of available Account Roles, select SPARQL_UPDATE and click the >> button to add it to the right-hand list.

Click the Save button.

score 0 · Answer 2 · edited Oct 09 '17 at 01:57

0

This procedure, which I picked up here, worked for me:

Logged in as dba, under System Admin > User Accounts,

grant SPARQL_UPDATE to "SPARQL"

edited Oct 09 '17 at 01:57

Stephen Rauch

47,830
31
106
135

answered Oct 09 '17 at 01:36

Will Hanley

457
3
16

This answer doesn't address the OP's wish to use "supplied user credentials using digest authentication", and simply opens the public endpoint to updates from anyone. – TallTed Oct 17 '17 at 16:14

Authentication for Virtuoso HTTP POST/PUT

2 Answers2

Linked