Actions

Difference between revisions of "Fuseki SPARQL server"

From /oooooooooo.io/

Line 67: Line 67:
 
Fuseki security settings are defined in file /etc/fuseki/shiro.ini  by https://jena.apache.org/documentation/fuseki2/fuseki-security.html
 
Fuseki security settings are defined in file /etc/fuseki/shiro.ini  by https://jena.apache.org/documentation/fuseki2/fuseki-security.html
  
Here I will change the default admin password
+
Here I can change the default admin password
 +
 
 +
And also the rights to Fuseki Administative HTTP protocol<ref>https://jena.apache.org/documentation/fuseki2/fuseki-server-protocol.html</ref>
 +
and access to the existing DBs.
 +
 
 +
I will allow the db <code>test</code> to be queried by anyone but only updated by the locahost, so that the SMW can write to it, but requests coming from outside cannot update it, but can query, with:
 +
 
 +
/test/query  = anon
 +
/test/update  = localhostFilter
 +
 
 +
Full shiro.ini
 
<pre>
 
<pre>
 +
# Licensed under the terms of http://www.apache.org/licenses/LICENSE-2.0
 +
 +
[main]
 +
ssl.enabled = false
 +
 +
plainMatcher=org.apache.shiro.authc.credential.SimpleCredentialsMatcher
 +
#iniRealm=org.apache.shiro.realm.text.IniRealm
 +
iniRealm.credentialsMatcher = $plainMatcher
 +
 +
localhostFilter=org.apache.jena.fuseki.authz.LocalhostFilter
 +
 
[users]
 
[users]
admin=changedefaultpwd
+
# Implicitly adds "iniRealm =  org.apache.shiro.realm.text.IniRealm"
 +
admin=pw123
 +
 
 +
[roles]
 +
 
 +
[urls]
 +
 
 +
# All admin operations have URL paths starting /$/ to avoid clashes with dataset names and this prefix is reserved for the Fuseki control functions.
 +
 
 +
/$/status = anon
 +
/$/ping  = anon
 +
/$/stats/**  = anon
 +
# example:  /$/stats/test
 +
 
 +
# test db
 +
/test/query  = anon
 +
/test/update  = localhostFilter
 +
 
 +
# everything else only accessible to localhost
 +
/** = localhostFilter
 +
 
 +
 
 +
 
 
</pre>
 
</pre>
  
Line 78: Line 121:
 
SEE MORE in
 
SEE MORE in
 
* https://stackoverflow.com/questions/52622178/limit-jena-fusekis-curl-access-to-localhost-only
 
* https://stackoverflow.com/questions/52622178/limit-jena-fusekis-curl-access-to-localhost-only
*  
+
*
 +
 
 
==Test Query/Update==
 
==Test Query/Update==
  

Revision as of 19:10, 21 May 2020


Run Fuseki as a systemd service

As root got

cd /usr/local/src

Download & untar

wget https://apache.redkiwi.nl/jena/binaries/apache-jena-fuseki-3.15.0.tar.gz
tar xfvz apache-jena-fuseki-3.15.0.tar.gz
cd apache-jena-fuseki-3.15.0

Fuseki File Layout

I will follow the Filesystem layout suggested by the official documentation for [1] for running Fuseki as a service

Environment Variable 	Default Setting
FUSEKI_HOME 	        /usr/share/fuseki
FUSEKI_BASE 	        /etc/fuseki
  • FUSEKI_HOME(Distribution area) – a is essentially the fuseki-server binary and a few helper scripts
  • FUSEKI_BASE(Runtime area) – is a directory that contains the configuration, dbs, logs - which should be backup and not changed with updates of the Fuseki binaries.

So let's go ahead and create those directories and move the corresponding files to the right dir

mkdir /usr/share/fuseki
mkdir /etc/fuseki
mv {fuseki,fuseki-server,fuseki-server.bat,fuseki-server.jar,fuseki.war,bin,webapp} /usr/share/fuseki/
mv -r run/* /etc/fuseki/

And we can make a test run by running:

/usr/share/fuseki/fuseki-server

And checking the if the server is up by visiting http://localhost:3030/index.html


Service file

Inside the untared dir /usr/local/src/apache-jena-fuseki-3.15.0 you can find the file fuseki.service

This file should be copied to /etc/system.d/system and edited in order to run Fuseki as a service. The file itself is quite self explanatory, so I will only write here my changes, which match the file system structure I went for.

cp fuseki.service /etc/systemd/system
vi /etc/systemd/system/fuseki.service
Environment=FUSEKI_HOME=/usr/share/fuseki

Environment=FUSEKI_BASE=/etc/fuseki

ExecStart=/usr/share/fuseki/fuseki-server

User=root

Enable and run the service:

systemctl enable fuseki
systemctl start fuseki

Check it's status

systemctl status fuseki

And again check its web UI at http://localhost:3030

  • you try to create a db a make and perform and INSERT statement, which be stored in /etc/fuseki/databases/databasename/

Config

Security

Fuseki security settings are defined in file /etc/fuseki/shiro.ini by https://jena.apache.org/documentation/fuseki2/fuseki-security.html

Here I can change the default admin password

And also the rights to Fuseki Administative HTTP protocol[2] and access to the existing DBs.

I will allow the db test to be queried by anyone but only updated by the locahost, so that the SMW can write to it, but requests coming from outside cannot update it, but can query, with:

/test/query  = anon
/test/update  = localhostFilter

Full shiro.ini

# Licensed under the terms of http://www.apache.org/licenses/LICENSE-2.0

[main]
ssl.enabled = false 

plainMatcher=org.apache.shiro.authc.credential.SimpleCredentialsMatcher
#iniRealm=org.apache.shiro.realm.text.IniRealm 
iniRealm.credentialsMatcher = $plainMatcher

localhostFilter=org.apache.jena.fuseki.authz.LocalhostFilter

[users]
# Implicitly adds "iniRealm =  org.apache.shiro.realm.text.IniRealm"
admin=pw123

[roles]

[urls]

# All admin operations have URL paths starting /$/ to avoid clashes with dataset names and this prefix is reserved for the Fuseki control functions.

/$/status = anon
/$/ping   = anon
/$/stats/**  = anon
# example:  /$/stats/test 

# test db
/test/query  = anon
/test/update  = localhostFilter

# everything else only accessible to localhost 
/** = localhostFilter



curl http://localhost:3030/test -X POST --data 'update=PREFIX+foaf%3A+%3Chttp%3A%2F%2Fxmlns.com%2Ffoaf%2F0.1%2F%3E%0APREFIX+country%3A+%3Chttp%3A%2F%2Feulersharp.sourceforge.net%2F2003%2F03swap%2Fcountries%23%3E%0A%0AINSERT+DATA%0A%7B%0A++country%3Azy+foaf%3Aname+%22Zyz%22%40en+.+%0A%7D' -H 'Accept: text/plain,*/*;q=0.9'


SEE MORE in

Test Query/Update

PREFIX foaf: <http://xmlns.com/foaf/0.1/>
PREFIX country: <http://eulersharp.sourceforge.net/2003/03swap/countries#>

SELECT *
{
  ?o ?p ?v. 
}
<pre>
Or via curl:
 curl http://localhost:3030/test -X POST --data 'query=PREFIX+foaf%3A+%3Chttp%3A%2F%2Fxmlns.com%2Ffoaf%2F0.1%2F%3E%0APREFIX+country%3A+%3Chttp%3A%2F%2Feulersharp.sourceforge.net%2F2003%2F03swap%2Fcountries%23%3E%0A%0ASELECT+*%0A%7B%0A++%3Fo+%3Fp+%3Fv.+%0A%7D' -H 'Accept: application/sparql-results+json,*/*;q=0.9'


<pre>
PREFIX foaf: <http://xmlns.com/foaf/0.1/>
PREFIX country: <http://eulersharp.sourceforge.net/2003/03swap/countries#>

INSERT DATA
{
  country:ou foaf:name "Ouoaoo"@en . 
}

Or via curl:

curl http://localhost:3030/test -X POST --data 'update=PREFIX+foaf%3A+%3Chttp%3A%2F%2Fxmlns.com%2Ffoaf%2F0.1%2F%3E%0APREFIX+country%3A+%3Chttp%3A%2F%2Feulersharp.sourceforge.net%2F2003%2F03swap%2Fcountries%23%3E%0A%0AINSERT+DATA%0A%7B%0A++country%3Aou+foaf%3Aname+%22Ouoaoo%22%40en+.+%0A%7D' -H 'Accept: text/plain,*/*;q=0.9'


From other machine:

This is still succeeding - TODO: adjust settings to allow only update from Localhost curl http://10.0.20.2:3030/test -X POST --data 'update=PREFIX+foaf%3A+%3Chttp%3A%2F%2Fxmlns.com%2Ffoaf%2F0.1%2F%3E%0APREFIX+country%3A+%3Chttp%3A%2F%2Feulersharp.sourceforge.net%2F2003%2F03swap%2Fcountries%23%3E%0A%0AINSERT+DATA%0A%7B%0A++country%3Aou+foaf%3Aname+%22Ouoaoo%22%40en+.+%0A%7D' -H 'Accept: text/plain,*/*;q=0.9'

  • /test/upload


Logging

Backups

Errors

2020-05-19 20:47:16,859 main ERROR Unable to locate plugin type for Loggers
2020-05-19 20:47:16,859 main ERROR Unable to locate plugin type for Appenders
2020-05-19 20:47:16,859 main ERROR Unable to locate plugin type for ThresholdFilter
2020-05-19 20:47:16,861 main ERROR Unable to locate plugin for Logger
2020-05-19 20:47:16,861 main ERROR Unable to locate plugin for Logger
2020-05-19 20:47:16,861 main ERROR Unable to locate plugin for Logger
2020-05-19 20:47:16,862 main ERROR Unable to locate plugin for Logger
2020-05-19 20:47:16,862 main ERROR Unable to locate plugin for Logger
2020-05-19 20:47:16,862 main ERROR Unable to locate plugin for AppenderRef
2020-05-19 20:47:16,862 main ERROR Unable to locate plugin for Logger
2020-05-19 20:47:16,862 main ERROR Unable to locate plugin for Logger
2020-05-19 20:47:16,863 main ERROR Unable to locate plugin for Logger
2020-05-19 20:47:16,863 main ERROR Unable to locate plugin for Logger
2020-05-19 20:47:16,863 main ERROR Unable to locate plugin for AppenderRef
2020-05-19 20:47:16,863 main ERROR Unable to locate plugin for Root
2020-05-19 20:47:16,863 main ERROR Unable to locate plugin for Loggers
2020-05-19 20:47:16,864 main ERROR Unable to locate plugin for PatternLayout
2020-05-19 20:47:16,864 main ERROR Unable to locate plugin for Console
2020-05-19 20:47:16,864 main ERROR Unable to locate plugin for PatternLayout
2020-05-19 20:47:16,864 main ERROR Unable to locate plugin for Console
2020-05-19 20:47:16,864 main ERROR Unable to locate plugin for Appenders
2020-05-19 20:47:16,865 main ERROR Unable to locate plugin for ThresholdFilter


systemctl daemon-reload