Discussion:
shiro.ini with custom realm fuseki2
Trevor Donaldson
2015-01-19 01:23:31 UTC
Permalink
Not sure if this is correct place but I will ask regardless. I am trying to
use a custom realm to authenticate users to the fuseki interface. This is
my shiro.ini file but when I hit the fuseki url nothing happens. It doesn't
look like it is authenticating at all.

[main]
# Development
ssl.enabled = true

plainMatcher=org.apache.shiro.authc.credential.AllowAllCredentialsMatcher
#iniRealm=org.apache.shiro.realm.text.IniRealm
#iniRealm.credentialsMatcher = $plainMatcher

certificateRealm=custom.shiro.web.CustomRealm
certificateRealm.credentialsMatcher = $plainMatcher

securityManager.realms=$certificateRealm

certificateFilter=custom.shiro.web.X509AuthenticationFilter
#localhost=org.apache.jena.fuseki.authz.LocalhostFilter

Not sure what I am doing wrong. Thanks in advance
Trevor Donaldson
2015-01-19 01:40:41 UTC
Permalink
I make changes to the shiro.ini file and it is as if no changes are
recognized.
Post by Trevor Donaldson
Not sure if this is correct place but I will ask regardless. I am trying
to use a custom realm to authenticate users to the fuseki interface. This
is my shiro.ini file but when I hit the fuseki url nothing happens. It
doesn't look like it is authenticating at all.
[main]
# Development
ssl.enabled = true
plainMatcher=org.apache.shiro.authc.credential.AllowAllCredentialsMatcher
#iniRealm=org.apache.shiro.realm.text.IniRealm
#iniRealm.credentialsMatcher = $plainMatcher
certificateRealm=custom.shiro.web.CustomRealm
certificateRealm.credentialsMatcher = $plainMatcher
securityManager.realms=$certificateRealm
certificateFilter=custom.shiro.web.X509AuthenticationFilter
#localhost=org.apache.jena.fuseki.authz.LocalhostFilter
Not sure what I am doing wrong. Thanks in advance
Claude Warren
2015-01-19 06:40:25 UTC
Permalink
It's been awhile since I played with the Shiro ini file but as I recall
there are at least 2 ways to specify the Shiro configuration. Make sure
that Fuseki is actually using the shiro file you are editing. (not sure how
to do this).

Claude
Post by Trevor Donaldson
I make changes to the shiro.ini file and it is as if no changes are
recognized.
Post by Trevor Donaldson
Not sure if this is correct place but I will ask regardless. I am trying
to use a custom realm to authenticate users to the fuseki interface. This
is my shiro.ini file but when I hit the fuseki url nothing happens. It
doesn't look like it is authenticating at all.
[main]
# Development
ssl.enabled = true
plainMatcher=org.apache.shiro.authc.credential.AllowAllCredentialsMatcher
#iniRealm=org.apache.shiro.realm.text.IniRealm
#iniRealm.credentialsMatcher = $plainMatcher
certificateRealm=custom.shiro.web.CustomRealm
certificateRealm.credentialsMatcher = $plainMatcher
securityManager.realms=$certificateRealm
certificateFilter=custom.shiro.web.X509AuthenticationFilter
#localhost=org.apache.jena.fuseki.authz.LocalhostFilter
Not sure what I am doing wrong. Thanks in advance
--
I like: Like Like - The likeliest place on the web
<http://like-like.xenei.com>
LinkedIn: http://www.linkedin.com/in/claudewarren
Stian Soiland-Reyes
2015-01-19 12:01:45 UTC
Permalink
I actually modified my shiro.ini yesterday, to enable the basic auth
admin user (as "localhost" inside a Docker image is not the same as
localhost outside..) and this worked fine (except being asked for
username/password on every page, not just admin page)


You have to edit it in /etc/fuseki/ (or in ./run) after starting
Fuseki 2 once - then restart after editing.

I don't know about the details of how to do alternative realms,
however. Are you sure that those classes are available within the
fuseki-server.jar or within the fuseki.war's WEB-INF/lib folder?



(Yes - the Fuseki2 docker image is coming soon - but I have to get
that admin-user sorted as otherwise you can't load any data :) --
perhaps having a command line option to stage-load with tdb should
also be included.)
Post by Trevor Donaldson
Not sure if this is correct place but I will ask regardless. I am trying to
use a custom realm to authenticate users to the fuseki interface. This is
my shiro.ini file but when I hit the fuseki url nothing happens. It doesn't
look like it is authenticating at all.
[main]
# Development
ssl.enabled = true
plainMatcher=org.apache.shiro.authc.credential.AllowAllCredentialsMatcher
#iniRealm=org.apache.shiro.realm.text.IniRealm
#iniRealm.credentialsMatcher = $plainMatcher
certificateRealm=custom.shiro.web.CustomRealm
certificateRealm.credentialsMatcher = $plainMatcher
securityManager.realms=$certificateRealm
certificateFilter=custom.shiro.web.X509AuthenticationFilter
#localhost=org.apache.jena.fuseki.authz.LocalhostFilter
Not sure what I am doing wrong. Thanks in advance
--
Stian Soiland-Reyes, myGrid team
School of Computer Science
The University of Manchester
http://soiland-reyes.com/stian/work/ http://orcid.org/0000-0001-9842-9718
Md Mizanur Rahoman
2015-01-19 12:23:38 UTC
Permalink
Post by Stian Soiland-Reyes
I actually modified my shiro.ini yesterday, to enable the basic auth
admin user (as "localhost" inside a Docker image is not the same as
localhost outside..) and this worked fine (except being asked for
username/password on every page, not just admin page)
You have to edit it in /etc/fuseki/ (or in ./run) after starting
Fuseki 2 once - then restart after editing.
I don't know about the details of how to do alternative realms,
however. Are you sure that those classes are available within the
fuseki-server.jar or within the fuseki.war's WEB-INF/lib folder?
(Yes - the Fuseki2 docker image is coming soon - but I have to get
that admin-user sorted as otherwise you can't load any data :) --
perhaps having a command line option to stage-load with tdb should
also be included.)
Post by Trevor Donaldson
Not sure if this is correct place but I will ask regardless. I am trying to
use a custom realm to authenticate users to the fuseki interface. This is
my shiro.ini file but when I hit the fuseki url nothing happens. It doesn't
look like it is authenticating at all.
[main]
# Development
ssl.enabled = true
plainMatcher=org.apache.shiro.authc.credential.AllowAllCredentialsMatcher
#iniRealm=org.apache.shiro.realm.text.IniRealm
#iniRealm.credentialsMatcher = $plainMatcher
certificateRealm=custom.shiro.web.CustomRealm
certificateRealm.credentialsMatcher = $plainMatcher
securityManager.realms=$certificateRealm
certificateFilter=custom.shiro.web.X509AuthenticationFilter
#localhost=org.apache.jena.fuseki.authz.LocalhostFilter
Not sure what I am doing wrong. Thanks in advance
Md Mizanur Rahoman
2015-01-19 12:24:56 UTC
Permalink
Post by Stian Soiland-Reyes
I actually modified my shiro.ini yesterday, to enable the basic auth
admin user (as "localhost" inside a Docker image is not the same as
localhost outside..) and this worked fine (except being asked for
username/password on every page, not just admin page)
You have to edit it in /etc/fuseki/ (or in ./run) after starting
Fuseki 2 once - then restart after editing.
I don't know about the details of how to do alternative realms,
however. Are you sure that those classes are available within the
fuseki-server.jar or within the fuseki.war's WEB-INF/lib folder?
(Yes - the Fuseki2 docker image is coming soon - but I have to get
that admin-user sorted as otherwise you can't load any data :) --
perhaps having a command line option to stage-load with tdb should
also be included.)
Post by Trevor Donaldson
Not sure if this is correct place but I will ask regardless. I am trying to
use a custom realm to authenticate users to the fuseki interface. This is
my shiro.ini file but when I hit the fuseki url nothing happens. It doesn't
look like it is authenticating at all.
[main]
# Development
ssl.enabled = true
plainMatcher=org.apache.shiro.authc.credential.AllowAllCredentialsMatcher
#iniRealm=org.apache.shiro.realm.text.IniRealm
#iniRealm.credentialsMatcher = $plainMatcher
certificateRealm=custom.shiro.web.CustomRealm
certificateRealm.credentialsMatcher = $plainMatcher
securityManager.realms=$certificateRealm
certificateFilter=custom.shiro.web.X509AuthenticationFilter
#localhost=org.apache.jena.fuseki.authz.LocalhostFilter
Not sure what I am doing wrong. Thanks in advance
Md Mizanur Rahoman
2015-01-19 12:18:53 UTC
Permalink
Post by Stian Soiland-Reyes
I actually modified my shiro.ini yesterday, to enable the basic auth
admin user (as "localhost" inside a Docker image is not the same as
localhost outside..) and this worked fine (except being asked for
username/password on every page, not just admin page)
You have to edit it in /etc/fuseki/ (or in ./run) after starting
Fuseki 2 once - then restart after editing.
I don't know about the details of how to do alternative realms,
however. Are you sure that those classes are available within the
fuseki-server.jar or within the fuseki.war's WEB-INF/lib folder?
(Yes - the Fuseki2 docker image is coming soon - but I have to get
that admin-user sorted as otherwise you can't load any data :) --
perhaps having a command line option to stage-load with tdb should
also be included.)
Post by Trevor Donaldson
Not sure if this is correct place but I will ask regardless. I am trying to
use a custom realm to authenticate users to the fuseki interface. This is
my shiro.ini file but when I hit the fuseki url nothing happens. It doesn't
look like it is authenticating at all.
[main]
# Development
ssl.enabled = true
plainMatcher=org.apache.shiro.authc.credential.
AllowAllCredentialsMatcher
#iniRealm=org.apache.shiro.realm.text.IniRealm
#iniRealm.credentialsMatcher = $plainMatcher
certificateRealm=custom.shiro.web.CustomRealm
certificateRealm.credentialsMatcher = $plainMatcher
securityManager.realms=$certificateRealm
certificateFilter=custom.shiro.web.X509AuthenticationFilter
#localhost=org.apache.jena.fuseki.authz.LocalhostFilter
Not sure what I am doing wrong. Thanks in advance
Md Mizanur Rahoman
2015-01-19 12:27:19 UTC
Permalink
Post by Stian Soiland-Reyes
I actually modified my shiro.ini yesterday, to enable the basic auth
admin user (as "localhost" inside a Docker image is not the same as
localhost outside..) and this worked fine (except being asked for
username/password on every page, not just admin page)
You have to edit it in /etc/fuseki/ (or in ./run) after starting
Fuseki 2 once - then restart after editing.
I don't know about the details of how to do alternative realms,
however. Are you sure that those classes are available within the
fuseki-server.jar or within the fuseki.war's WEB-INF/lib folder?
(Yes - the Fuseki2 docker image is coming soon - but I have to get
that admin-user sorted as otherwise you can't load any data :) --
perhaps having a command line option to stage-load with tdb should
also be included.)
Post by Trevor Donaldson
Not sure if this is correct place but I will ask regardless. I am trying to
use a custom realm to authenticate users to the fuseki interface. This is
my shiro.ini file but when I hit the fuseki url nothing happens. It doesn't
look like it is authenticating at all.
[main]
# Development
ssl.enabled = true
plainMatcher=org.apache.shiro.authc.credential.AllowAllCredentialsMatcher
#iniRealm=org.apache.shiro.realm.text.IniRealm
#iniRealm.credentialsMatcher = $plainMatcher
certificateRealm=custom.shiro.web.CustomRealm
certificateRealm.credentialsMatcher = $plainMatcher
securityManager.realms=$certificateRealm
certificateFilter=custom.shiro.web.X509AuthenticationFilter
#localhost=org.apache.jena.fuseki.authz.LocalhostFilter
Not sure what I am doing wrong. Thanks in advance
Trevor Donaldson
2015-01-19 12:48:14 UTC
Permalink
Yes the classes are available. I don't think fuseki is using my shiro.ini.
I modified the file in. /run but I don't see anything different. I
restarted tomcat and it isn't recognizing any change I make. I even wiped
out the shiro.ini file to see if it would error, nothing happens.
On Jan 19, 2015 7:04 AM, "Stian Soiland-Reyes" <
Post by Stian Soiland-Reyes
I actually modified my shiro.ini yesterday, to enable the basic auth
admin user (as "localhost" inside a Docker image is not the same as
localhost outside..) and this worked fine (except being asked for
username/password on every page, not just admin page)
You have to edit it in /etc/fuseki/ (or in ./run) after starting
Fuseki 2 once - then restart after editing.
I don't know about the details of how to do alternative realms,
however. Are you sure that those classes are available within the
fuseki-server.jar or within the fuseki.war's WEB-INF/lib folder?
(Yes - the Fuseki2 docker image is coming soon - but I have to get
that admin-user sorted as otherwise you can't load any data :) --
perhaps having a command line option to stage-load with tdb should
also be included.)
Post by Trevor Donaldson
Not sure if this is correct place but I will ask regardless. I am trying
to
Post by Trevor Donaldson
use a custom realm to authenticate users to the fuseki interface. This is
my shiro.ini file but when I hit the fuseki url nothing happens. It
doesn't
Post by Trevor Donaldson
look like it is authenticating at all.
[main]
# Development
ssl.enabled = true
plainMatcher=org.apache.shiro.authc.credential.AllowAllCredentialsMatcher
#iniRealm=org.apache.shiro.realm.text.IniRealm
#iniRealm.credentialsMatcher = $plainMatcher
certificateRealm=custom.shiro.web.CustomRealm
certificateRealm.credentialsMatcher = $plainMatcher
securityManager.realms=$certificateRealm
certificateFilter=custom.shiro.web.X509AuthenticationFilter
#localhost=org.apache.jena.fuseki.authz.LocalhostFilter
Not sure what I am doing wrong. Thanks in advance
--
Stian Soiland-Reyes, myGrid team
School of Computer Science
The University of Manchester
http://soiland-reyes.com/stian/work/ http://orcid.org/0000-0001-9842-9718
Trevor Donaldson
2015-01-19 13:38:44 UTC
Permalink
More info, I think it may be a problem with the war vs jetty. I tried to
start fuseki from command line and I get the expected class not found
exception. Unfortunately I don't get that from the war file.
Post by Trevor Donaldson
Yes the classes are available. I don't think fuseki is using my
shiro.ini. I modified the file in. /run but I don't see anything different.
I restarted tomcat and it isn't recognizing any change I make. I even wiped
out the shiro.ini file to see if it would error, nothing happens.
On Jan 19, 2015 7:04 AM, "Stian Soiland-Reyes" <
Post by Stian Soiland-Reyes
I actually modified my shiro.ini yesterday, to enable the basic auth
admin user (as "localhost" inside a Docker image is not the same as
localhost outside..) and this worked fine (except being asked for
username/password on every page, not just admin page)
You have to edit it in /etc/fuseki/ (or in ./run) after starting
Fuseki 2 once - then restart after editing.
I don't know about the details of how to do alternative realms,
however. Are you sure that those classes are available within the
fuseki-server.jar or within the fuseki.war's WEB-INF/lib folder?
(Yes - the Fuseki2 docker image is coming soon - but I have to get
that admin-user sorted as otherwise you can't load any data :) --
perhaps having a command line option to stage-load with tdb should
also be included.)
Post by Trevor Donaldson
Not sure if this is correct place but I will ask regardless. I am
trying to
Post by Trevor Donaldson
use a custom realm to authenticate users to the fuseki interface. This
is
Post by Trevor Donaldson
my shiro.ini file but when I hit the fuseki url nothing happens. It
doesn't
Post by Trevor Donaldson
look like it is authenticating at all.
[main]
# Development
ssl.enabled = true
plainMatcher=org.apache.shiro.authc.credential.AllowAllCredentialsMatcher
Post by Trevor Donaldson
#iniRealm=org.apache.shiro.realm.text.IniRealm
#iniRealm.credentialsMatcher = $plainMatcher
certificateRealm=custom.shiro.web.CustomRealm
certificateRealm.credentialsMatcher = $plainMatcher
securityManager.realms=$certificateRealm
certificateFilter=custom.shiro.web.X509AuthenticationFilter
#localhost=org.apache.jena.fuseki.authz.LocalhostFilter
Not sure what I am doing wrong. Thanks in advance
--
Stian Soiland-Reyes, myGrid team
School of Computer Science
The University of Manchester
http://soiland-reyes.com/stian/work/ http://orcid.org/0000-0001-9842-9718
Trevor Donaldson
2015-01-19 13:42:01 UTC
Permalink
Found the problem from tomcat. Why is fuseki looking here for the shiro.ini
file? Shouldn't it be relative to ./run not relative to tomcat/bin.
[2015-01-19 08:34:43] Config INFO Shiro file:
file:///home/trevor/servers/tomcat/apache-tomcat-7.0.57/bin/home/trevor/servers/fuseki/jena-fuseki-dist-2.0.0-SNAPSHOT/run/shiro.ini
Post by Trevor Donaldson
More info, I think it may be a problem with the war vs jetty. I tried to
start fuseki from command line and I get the expected class not found
exception. Unfortunately I don't get that from the war file.
Post by Trevor Donaldson
Yes the classes are available. I don't think fuseki is using my
shiro.ini. I modified the file in. /run but I don't see anything different.
I restarted tomcat and it isn't recognizing any change I make. I even wiped
out the shiro.ini file to see if it would error, nothing happens.
On Jan 19, 2015 7:04 AM, "Stian Soiland-Reyes" <
Post by Stian Soiland-Reyes
I actually modified my shiro.ini yesterday, to enable the basic auth
admin user (as "localhost" inside a Docker image is not the same as
localhost outside..) and this worked fine (except being asked for
username/password on every page, not just admin page)
You have to edit it in /etc/fuseki/ (or in ./run) after starting
Fuseki 2 once - then restart after editing.
I don't know about the details of how to do alternative realms,
however. Are you sure that those classes are available within the
fuseki-server.jar or within the fuseki.war's WEB-INF/lib folder?
(Yes - the Fuseki2 docker image is coming soon - but I have to get
that admin-user sorted as otherwise you can't load any data :) --
perhaps having a command line option to stage-load with tdb should
also be included.)
Post by Trevor Donaldson
Not sure if this is correct place but I will ask regardless. I am
trying to
Post by Trevor Donaldson
use a custom realm to authenticate users to the fuseki interface. This
is
Post by Trevor Donaldson
my shiro.ini file but when I hit the fuseki url nothing happens. It
doesn't
Post by Trevor Donaldson
look like it is authenticating at all.
[main]
# Development
ssl.enabled = true
plainMatcher=org.apache.shiro.authc.credential.AllowAllCredentialsMatcher
Post by Trevor Donaldson
#iniRealm=org.apache.shiro.realm.text.IniRealm
#iniRealm.credentialsMatcher = $plainMatcher
certificateRealm=custom.shiro.web.CustomRealm
certificateRealm.credentialsMatcher = $plainMatcher
securityManager.realms=$certificateRealm
certificateFilter=custom.shiro.web.X509AuthenticationFilter
#localhost=org.apache.jena.fuseki.authz.LocalhostFilter
Not sure what I am doing wrong. Thanks in advance
--
Stian Soiland-Reyes, myGrid team
School of Computer Science
The University of Manchester
http://soiland-reyes.com/stian/work/
http://orcid.org/0000-0001-9842-9718
Trevor Donaldson
2015-01-19 13:58:00 UTC
Permalink
Ok, so looks like I found the secret sauce which makes this work. You have
to create a symbolic link to /etc/fuseki -> $FUSEKI_HOME/run. Once you do
that, it looks in the location. If you try to use setenv.sh to define
FUSEKI_BASE, fuseki looks relatively for the shiro.ini file.
Post by Trevor Donaldson
Found the problem from tomcat. Why is fuseki looking here for the
shiro.ini file? Shouldn't it be relative to ./run not relative to
tomcat/bin.
file:///home/trevor/servers/tomcat/apache-tomcat-7.0.57/bin/home/trevor/servers/fuseki/jena-fuseki-dist-2.0.0-SNAPSHOT/run/shiro.ini
Post by Trevor Donaldson
More info, I think it may be a problem with the war vs jetty. I tried to
start fuseki from command line and I get the expected class not found
exception. Unfortunately I don't get that from the war file.
Post by Trevor Donaldson
Yes the classes are available. I don't think fuseki is using my
shiro.ini. I modified the file in. /run but I don't see anything different.
I restarted tomcat and it isn't recognizing any change I make. I even wiped
out the shiro.ini file to see if it would error, nothing happens.
On Jan 19, 2015 7:04 AM, "Stian Soiland-Reyes" <
Post by Stian Soiland-Reyes
I actually modified my shiro.ini yesterday, to enable the basic auth
admin user (as "localhost" inside a Docker image is not the same as
localhost outside..) and this worked fine (except being asked for
username/password on every page, not just admin page)
You have to edit it in /etc/fuseki/ (or in ./run) after starting
Fuseki 2 once - then restart after editing.
I don't know about the details of how to do alternative realms,
however. Are you sure that those classes are available within the
fuseki-server.jar or within the fuseki.war's WEB-INF/lib folder?
(Yes - the Fuseki2 docker image is coming soon - but I have to get
that admin-user sorted as otherwise you can't load any data :) --
perhaps having a command line option to stage-load with tdb should
also be included.)
Post by Trevor Donaldson
Not sure if this is correct place but I will ask regardless. I am
trying to
Post by Trevor Donaldson
use a custom realm to authenticate users to the fuseki interface.
This is
Post by Trevor Donaldson
my shiro.ini file but when I hit the fuseki url nothing happens. It
doesn't
Post by Trevor Donaldson
look like it is authenticating at all.
[main]
# Development
ssl.enabled = true
plainMatcher=org.apache.shiro.authc.credential.AllowAllCredentialsMatcher
Post by Trevor Donaldson
#iniRealm=org.apache.shiro.realm.text.IniRealm
#iniRealm.credentialsMatcher = $plainMatcher
certificateRealm=custom.shiro.web.CustomRealm
certificateRealm.credentialsMatcher = $plainMatcher
securityManager.realms=$certificateRealm
certificateFilter=custom.shiro.web.X509AuthenticationFilter
#localhost=org.apache.jena.fuseki.authz.LocalhostFilter
Not sure what I am doing wrong. Thanks in advance
--
Stian Soiland-Reyes, myGrid team
School of Computer Science
The University of Manchester
http://soiland-reyes.com/stian/work/
http://orcid.org/0000-0001-9842-9718
Stian Soiland-Reyes
2015-01-19 14:05:17 UTC
Permalink
You can set the FUSEKI_BASE environment variable within your Tomcat
startup script (e.g. in /usr/share/tomcat7/bin/setenv.sh) to customize
the folder.

e.g.

FUSEKI_BASE=/etc/fuseki
export FUSEKI_BASE

The folder /etc/fuseki is the default when running the WAR - this
folder must be writeable by the tomcat UNIX user.
Post by Trevor Donaldson
Found the problem from tomcat. Why is fuseki looking here for the shiro.ini
file? Shouldn't it be relative to ./run not relative to tomcat/bin.
file:///home/trevor/servers/tomcat/apache-tomcat-7.0.57/bin/home/trevor/servers/fuseki/jena-fuseki-dist-2.0.0-SNAPSHOT/run/shiro.ini
Post by Trevor Donaldson
More info, I think it may be a problem with the war vs jetty. I tried to
start fuseki from command line and I get the expected class not found
exception. Unfortunately I don't get that from the war file.
Post by Trevor Donaldson
Yes the classes are available. I don't think fuseki is using my
shiro.ini. I modified the file in. /run but I don't see anything different.
I restarted tomcat and it isn't recognizing any change I make. I even wiped
out the shiro.ini file to see if it would error, nothing happens.
On Jan 19, 2015 7:04 AM, "Stian Soiland-Reyes" <
Post by Stian Soiland-Reyes
I actually modified my shiro.ini yesterday, to enable the basic auth
admin user (as "localhost" inside a Docker image is not the same as
localhost outside..) and this worked fine (except being asked for
username/password on every page, not just admin page)
You have to edit it in /etc/fuseki/ (or in ./run) after starting
Fuseki 2 once - then restart after editing.
I don't know about the details of how to do alternative realms,
however. Are you sure that those classes are available within the
fuseki-server.jar or within the fuseki.war's WEB-INF/lib folder?
(Yes - the Fuseki2 docker image is coming soon - but I have to get
that admin-user sorted as otherwise you can't load any data :) --
perhaps having a command line option to stage-load with tdb should
also be included.)
Post by Trevor Donaldson
Not sure if this is correct place but I will ask regardless. I am
trying to
Post by Trevor Donaldson
use a custom realm to authenticate users to the fuseki interface. This
is
Post by Trevor Donaldson
my shiro.ini file but when I hit the fuseki url nothing happens. It
doesn't
Post by Trevor Donaldson
look like it is authenticating at all.
[main]
# Development
ssl.enabled = true
plainMatcher=org.apache.shiro.authc.credential.AllowAllCredentialsMatcher
Post by Trevor Donaldson
#iniRealm=org.apache.shiro.realm.text.IniRealm
#iniRealm.credentialsMatcher = $plainMatcher
certificateRealm=custom.shiro.web.CustomRealm
certificateRealm.credentialsMatcher = $plainMatcher
securityManager.realms=$certificateRealm
certificateFilter=custom.shiro.web.X509AuthenticationFilter
#localhost=org.apache.jena.fuseki.authz.LocalhostFilter
Not sure what I am doing wrong. Thanks in advance
--
Stian Soiland-Reyes, myGrid team
School of Computer Science
The University of Manchester
http://soiland-reyes.com/stian/work/
http://orcid.org/0000-0001-9842-9718
--
Stian Soiland-Reyes, myGrid team
School of Computer Science
The University of Manchester
http://soiland-reyes.com/stian/work/ http://orcid.org/0000-0001-9842-9718
Trevor Donaldson
2015-01-19 14:16:02 UTC
Permalink
My bad. Forgot the leading / in FUSEKI_BASE. Sorry for confusion.
Everything is ok.

On Mon, Jan 19, 2015 at 9:05 AM, Stian Soiland-Reyes <
Post by Stian Soiland-Reyes
You can set the FUSEKI_BASE environment variable within your Tomcat
startup script (e.g. in /usr/share/tomcat7/bin/setenv.sh) to customize
the folder.
e.g.
FUSEKI_BASE=/etc/fuseki
export FUSEKI_BASE
The folder /etc/fuseki is the default when running the WAR - this
folder must be writeable by the tomcat UNIX user.
Post by Trevor Donaldson
Found the problem from tomcat. Why is fuseki looking here for the
shiro.ini
Post by Trevor Donaldson
file? Shouldn't it be relative to ./run not relative to tomcat/bin.
file:///home/trevor/servers/tomcat/apache-tomcat-7.0.57/bin/home/trevor/servers/fuseki/jena-fuseki-dist-2.0.0-SNAPSHOT/run/shiro.ini
Post by Trevor Donaldson
Post by Trevor Donaldson
More info, I think it may be a problem with the war vs jetty. I tried to
start fuseki from command line and I get the expected class not found
exception. Unfortunately I don't get that from the war file.
Post by Trevor Donaldson
Yes the classes are available. I don't think fuseki is using my
shiro.ini. I modified the file in. /run but I don't see anything
different.
Post by Trevor Donaldson
Post by Trevor Donaldson
Post by Trevor Donaldson
I restarted tomcat and it isn't recognizing any change I make. I even
wiped
Post by Trevor Donaldson
Post by Trevor Donaldson
Post by Trevor Donaldson
out the shiro.ini file to see if it would error, nothing happens.
On Jan 19, 2015 7:04 AM, "Stian Soiland-Reyes" <
Post by Stian Soiland-Reyes
I actually modified my shiro.ini yesterday, to enable the basic auth
admin user (as "localhost" inside a Docker image is not the same as
localhost outside..) and this worked fine (except being asked for
username/password on every page, not just admin page)
You have to edit it in /etc/fuseki/ (or in ./run) after starting
Fuseki 2 once - then restart after editing.
I don't know about the details of how to do alternative realms,
however. Are you sure that those classes are available within the
fuseki-server.jar or within the fuseki.war's WEB-INF/lib folder?
(Yes - the Fuseki2 docker image is coming soon - but I have to get
that admin-user sorted as otherwise you can't load any data :) --
perhaps having a command line option to stage-load with tdb should
also be included.)
Post by Trevor Donaldson
Not sure if this is correct place but I will ask regardless. I am
trying to
Post by Trevor Donaldson
use a custom realm to authenticate users to the fuseki interface.
This
Post by Trevor Donaldson
Post by Trevor Donaldson
Post by Trevor Donaldson
Post by Stian Soiland-Reyes
is
Post by Trevor Donaldson
my shiro.ini file but when I hit the fuseki url nothing happens. It
doesn't
Post by Trevor Donaldson
look like it is authenticating at all.
[main]
# Development
ssl.enabled = true
plainMatcher=org.apache.shiro.authc.credential.AllowAllCredentialsMatcher
Post by Trevor Donaldson
Post by Trevor Donaldson
Post by Trevor Donaldson
Post by Stian Soiland-Reyes
Post by Trevor Donaldson
#iniRealm=org.apache.shiro.realm.text.IniRealm
#iniRealm.credentialsMatcher = $plainMatcher
certificateRealm=custom.shiro.web.CustomRealm
certificateRealm.credentialsMatcher = $plainMatcher
securityManager.realms=$certificateRealm
certificateFilter=custom.shiro.web.X509AuthenticationFilter
#localhost=org.apache.jena.fuseki.authz.LocalhostFilter
Not sure what I am doing wrong. Thanks in advance
--
Stian Soiland-Reyes, myGrid team
School of Computer Science
The University of Manchester
http://soiland-reyes.com/stian/work/
http://orcid.org/0000-0001-9842-9718
--
Stian Soiland-Reyes, myGrid team
School of Computer Science
The University of Manchester
http://soiland-reyes.com/stian/work/ http://orcid.org/0000-0001-9842-9718
Andy Seaborne
2015-01-19 15:25:45 UTC
Permalink
Thanks for the feedback - much appreciated.

I am attempting to capture all the learnings here (as my time permits
[*]) to incorporate into the documentation but don't let that stop
anyone sending a few bullets in email as draft material.

There are more deployment choices than I can imagine, driven by
environmental concerns and constraints.

Andy

[*] Writing an improved an transaction coordinator is too much like fun!
Post by Trevor Donaldson
My bad. Forgot the leading / in FUSEKI_BASE. Sorry for confusion.
Everything is ok.
On Mon, Jan 19, 2015 at 9:05 AM, Stian Soiland-Reyes <
Post by Stian Soiland-Reyes
You can set the FUSEKI_BASE environment variable within your Tomcat
startup script (e.g. in /usr/share/tomcat7/bin/setenv.sh) to customize
the folder.
e.g.
FUSEKI_BASE=/etc/fuseki
export FUSEKI_BASE
The folder /etc/fuseki is the default when running the WAR - this
folder must be writeable by the tomcat UNIX user.
Post by Trevor Donaldson
Found the problem from tomcat. Why is fuseki looking here for the
shiro.ini
Post by Trevor Donaldson
file? Shouldn't it be relative to ./run not relative to tomcat/bin.
file:///home/trevor/servers/tomcat/apache-tomcat-7.0.57/bin/home/trevor/servers/fuseki/jena-fuseki-dist-2.0.0-SNAPSHOT/run/shiro.ini
Post by Trevor Donaldson
Post by Trevor Donaldson
More info, I think it may be a problem with the war vs jetty. I tried to
start fuseki from command line and I get the expected class not found
exception. Unfortunately I don't get that from the war file.
Post by Trevor Donaldson
Yes the classes are available. I don't think fuseki is using my
shiro.ini. I modified the file in. /run but I don't see anything
different.
Post by Trevor Donaldson
Post by Trevor Donaldson
Post by Trevor Donaldson
I restarted tomcat and it isn't recognizing any change I make. I even
wiped
Post by Trevor Donaldson
Post by Trevor Donaldson
Post by Trevor Donaldson
out the shiro.ini file to see if it would error, nothing happens.
On Jan 19, 2015 7:04 AM, "Stian Soiland-Reyes" <
Post by Stian Soiland-Reyes
I actually modified my shiro.ini yesterday, to enable the basic auth
admin user (as "localhost" inside a Docker image is not the same as
localhost outside..) and this worked fine (except being asked for
username/password on every page, not just admin page)
You have to edit it in /etc/fuseki/ (or in ./run) after starting
Fuseki 2 once - then restart after editing.
I don't know about the details of how to do alternative realms,
however. Are you sure that those classes are available within the
fuseki-server.jar or within the fuseki.war's WEB-INF/lib folder?
(Yes - the Fuseki2 docker image is coming soon - but I have to get
that admin-user sorted as otherwise you can't load any data :) --
perhaps having a command line option to stage-load with tdb should
also be included.)
Post by Trevor Donaldson
Not sure if this is correct place but I will ask regardless. I am
trying to
Post by Trevor Donaldson
use a custom realm to authenticate users to the fuseki interface.
This
Post by Trevor Donaldson
Post by Trevor Donaldson
Post by Trevor Donaldson
Post by Stian Soiland-Reyes
is
Post by Trevor Donaldson
my shiro.ini file but when I hit the fuseki url nothing happens. It
doesn't
Post by Trevor Donaldson
look like it is authenticating at all.
[main]
# Development
ssl.enabled = true
plainMatcher=org.apache.shiro.authc.credential.AllowAllCredentialsMatcher
Post by Trevor Donaldson
Post by Trevor Donaldson
Post by Trevor Donaldson
Post by Stian Soiland-Reyes
Post by Trevor Donaldson
#iniRealm=org.apache.shiro.realm.text.IniRealm
#iniRealm.credentialsMatcher = $plainMatcher
certificateRealm=custom.shiro.web.CustomRealm
certificateRealm.credentialsMatcher = $plainMatcher
securityManager.realms=$certificateRealm
certificateFilter=custom.shiro.web.X509AuthenticationFilter
#localhost=org.apache.jena.fuseki.authz.LocalhostFilter
Not sure what I am doing wrong. Thanks in advance
--
Stian Soiland-Reyes, myGrid team
School of Computer Science
The University of Manchester
http://soiland-reyes.com/stian/work/
http://orcid.org/0000-0001-9842-9718
--
Stian Soiland-Reyes, myGrid team
School of Computer Science
The University of Manchester
http://soiland-reyes.com/stian/work/ http://orcid.org/0000-0001-9842-9718
Loading...