Discussion:
shiro.ini with custom realm fuseki2
Trevor Donaldson
11 years ago
Permalink
Not sure if this is correct place but I will ask regardless. I am trying to
use a custom realm to authenticate users to the fuseki interface. This is
my shiro.ini file but when I hit the fuseki url nothing happens. It doesn't
look like it is authenticating at all.

[main]
# Development
ssl.enabled = true

plainMatcher=org.apache.shiro.authc.credential.AllowAllCredentialsMatcher
#iniRealm=org.apache.shiro.realm.text.IniRealm
#iniRealm.credentialsMatcher = $plainMatcher

certificateRealm=custom.shiro.web.CustomRealm
certificateRealm.credentialsMatcher = $plainMatcher

securityManager.realms=$certificateRealm

certificateFilter=custom.shiro.web.X509AuthenticationFilter
#localhost=org.apache.jena.fuseki.authz.LocalhostFilter

Not sure what I am doing wrong. Thanks in advance
Trevor Donaldson
11 years ago
Permalink
I make changes to the shiro.ini file and it is as if no changes are
recognized.
...
Claude Warren
11 years ago
Permalink
It's been awhile since I played with the Shiro ini file but as I recall
there are at least 2 ways to specify the Shiro configuration. Make sure
that Fuseki is actually using the shiro file you are editing. (not sure how
to do this).

Claude
...
--
I like: Like Like - The likeliest place on the web
<http://like-like.xenei.com>
LinkedIn: http://www.linkedin.com/in/claudewarren
Stian Soiland-Reyes
11 years ago
Permalink
I actually modified my shiro.ini yesterday, to enable the basic auth
admin user (as "localhost" inside a Docker image is not the same as
localhost outside..) and this worked fine (except being asked for
username/password on every page, not just admin page)


You have to edit it in /etc/fuseki/ (or in ./run) after starting
Fuseki 2 once - then restart after editing.

I don't know about the details of how to do alternative realms,
however. Are you sure that those classes are available within the
fuseki-server.jar or within the fuseki.war's WEB-INF/lib folder?



(Yes - the Fuseki2 docker image is coming soon - but I have to get
that admin-user sorted as otherwise you can't load any data :) --
perhaps having a command line option to stage-load with tdb should
also be included.)
...
--
Stian Soiland-Reyes, myGrid team
School of Computer Science
The University of Manchester
http://soiland-reyes.com/stian/work/ http://orcid.org/0000-0001-9842-9718
Md Mizanur Rahoman
11 years ago
Permalink
...
Md Mizanur Rahoman
11 years ago
Permalink
...
Md Mizanur Rahoman
11 years ago
Permalink
...
Md Mizanur Rahoman
11 years ago
Permalink
...
Trevor Donaldson
11 years ago
Permalink
Yes the classes are available. I don't think fuseki is using my shiro.ini.
I modified the file in. /run but I don't see anything different. I
restarted tomcat and it isn't recognizing any change I make. I even wiped
out the shiro.ini file to see if it would error, nothing happens.
On Jan 19, 2015 7:04 AM, "Stian Soiland-Reyes" <
...
Trevor Donaldson
11 years ago
Permalink
More info, I think it may be a problem with the war vs jetty. I tried to
start fuseki from command line and I get the expected class not found
exception. Unfortunately I don't get that from the war file.
...
Trevor Donaldson
11 years ago
Permalink
Found the problem from tomcat. Why is fuseki looking here for the shiro.ini
file? Shouldn't it be relative to ./run not relative to tomcat/bin.
[2015-01-19 08:34:43] Config INFO Shiro file:
file:///home/trevor/servers/tomcat/apache-tomcat-7.0.57/bin/home/trevor/servers/fuseki/jena-fuseki-dist-2.0.0-SNAPSHOT/run/shiro.ini
...
Trevor Donaldson
11 years ago
Permalink
Ok, so looks like I found the secret sauce which makes this work. You have
to create a symbolic link to /etc/fuseki -> $FUSEKI_HOME/run. Once you do
that, it looks in the location. If you try to use setenv.sh to define
FUSEKI_BASE, fuseki looks relatively for the shiro.ini file.
...
Stian Soiland-Reyes
11 years ago
Permalink
You can set the FUSEKI_BASE environment variable within your Tomcat
startup script (e.g. in /usr/share/tomcat7/bin/setenv.sh) to customize
the folder.

e.g.

FUSEKI_BASE=/etc/fuseki
export FUSEKI_BASE

The folder /etc/fuseki is the default when running the WAR - this
folder must be writeable by the tomcat UNIX user.
...
--
Stian Soiland-Reyes, myGrid team
School of Computer Science
The University of Manchester
http://soiland-reyes.com/stian/work/ http://orcid.org/0000-0001-9842-9718
Trevor Donaldson
11 years ago
Permalink
My bad. Forgot the leading / in FUSEKI_BASE. Sorry for confusion.
Everything is ok.

On Mon, Jan 19, 2015 at 9:05 AM, Stian Soiland-Reyes <
...
Andy Seaborne
11 years ago
Permalink
Thanks for the feedback - much appreciated.

I am attempting to capture all the learnings here (as my time permits
[*]) to incorporate into the documentation but don't let that stop
anyone sending a few bullets in email as draft material.

There are more deployment choices than I can imagine, driven by
environmental concerns and constraints.

Andy

[*] Writing an improved an transaction coordinator is too much like fun!
...
Loading...