4

I'm in the process of finishing an RDF server. The requirements for the project are: 1) Triple Store that can be queried online. 2) Two RDF's that need to be generated on a weekly basis; (based on new data import) 3) Generation and import of those RDF's happens automatically.

Here's what I've done so far: I installed Tomcat on a testserver and Jena Fuseki; I've configured it to my best of knowledge using the web.xml, shiro.ini and config.ttl files.

The RDF files are generated automatically in Python, triggered at the end of the new data import. This script runs on the server (localhost) and uses RDFLIB to generate the file; then I use CURL to delete the old dataset and import the new one.

When I go to another computer and visit the Triplestore over http://192.168.0.12:8080/fuseki I can query the data, but (as intended) can't update or delete triple contents.... However, when going through CURL I can delete and upload new graphs remotely (effectively giving anyone the possibility to do so on my server)

CURL -X POST -H content-type:application/rdf+xml -T /path/to/my/file/triples.xml -G http://192.168.0.12:8080/fuseki/mygraph --data-urlencode graph = http://192.168.0.12:8080/fuseki/mygraph/mydataset

I'm stuck at a draw here, why does the localhostfilter work when visiting over the GUI and not for CURL? Did I forgot a filter/security-option? Are there better ways to accomplish the weekly update automatically?

For what it's worth my config.ttl file holds only configuration related to the time-out of the script. Here's my shiro.ini file:

[main]
# Development
ssl.enabled = false

plainMatcher=org.apache.shiro.authc.credential.SimpleCredentialsMatcher
#iniRealm=org.apache.shiro.realm.text.IniRealm
iniRealm.credentialsMatcher = $plainMatcher

localhostFilter=org.apache.jena.fuseki.authz.LocalhostFilter

[users]
# Implicitly adds "iniRealm =  org.apache.shiro.realm.text.IniRealm"
admin=Change_On_Production!

[roles]

[urls]
## Control functions open to anyone
/$/status = anon
/$/ping   = anon
/**/query = anon
/**/data** = authcBasic,user[admin]
/**/update** = authcBasic,user[admin]
/**/upload** = authcBasic,user[admin]
/**/manage** = authcBasic,user[admin]

## and the rest are restricted to localhost.
#/$/** = anon

/**/update** = localhostFilter
/**/upload** = localhostFilter
/**/manage** = localhostFilter
/**/data** = localhostFilter
/**/get** = localhostFilter

# Everything else
/**=anon
Clueless_captain
  • 420
  • 2
  • 13

0 Answers0