Discussion:
Authentication of endpoints in federated queries
Zak Mc Kracken
2016-11-10 16:59:49 UTC
Permalink
Hello everyone,

I need a federated SPARQL query, where the SERVICE endpoint requires
basic HTTP authentication (the one that is based on .htaccess and works
by sending user/pass to the server).

I cannot understand if this is possible in Jena and how. Some
documentation mentions the simpler case where you authenticate against
the main endpoint
(https://jena.apache.org/documentation/query/http-auth.html), does this
apply to SERVICE too? If yes, do I just need the ServiceAuthenticator?
(By the way, the link to
http://jena.apache.org/documentation/javadoc/arq/org/apache/jena/atlas/web/auth/ServiceAuthenticator.html
is broken in that page, I found it via browsing the code).

Thanks in advance,
Marco.
A. Soroka
2016-11-10 17:09:39 UTC
Permalink
We are currently refreshing that very documentation, but in the meantime I will help you directly. You _can_ use HTTP authN with SERVICE, it's just a question of how. The most important question is, what version of Jena are you using? (The reason those links don't work is exactly because we changed this part of the code with the recent release of 3.1.1.)

---
A. Soroka
The University of Virginia Library
Post by Zak Mc Kracken
Hello everyone,
I need a federated SPARQL query, where the SERVICE endpoint requires basic HTTP authentication (the one that is based on .htaccess and works by sending user/pass to the server).
I cannot understand if this is possible in Jena and how. Some documentation mentions the simpler case where you authenticate against the main endpoint (https://jena.apache.org/documentation/query/http-auth.html), does this apply to SERVICE too? If yes, do I just need the ServiceAuthenticator? (By the way, the link to http://jena.apache.org/documentation/javadoc/arq/org/apache/jena/atlas/web/auth/ServiceAuthenticator.html is broken in that page, I found it via browsing the code).
Thanks in advance,
Marco.
Zak Mc Kracken
2016-11-10 18:22:54 UTC
Permalink
Hi Adam,

thanks for your reply.

I'm using 3.1.0, but upgrading shouldn't be a big deal. The question is
how to use it. Is passing an authenticator to
QueryExecutionFactory.sparqlService enogh? Will the authenticator be
used with "SERVICE <url>", in addition to the endpoint sent as first
parameter of this method?

If that is the case, it would be fine for my use case, but what if the
only endpoint needing authentication is the one mentioned by SERVICE?
Can I specify credentials on a per-URL basis somehow? Via Context passed
to ServiceAuthenticator?

Marco
Post by A. Soroka
We are currently refreshing that very documentation, but in the meantime I will help you directly. You _can_ use HTTP authN with SERVICE, it's just a question of how. The most important question is, what version of Jena are you using? (The reason those links don't work is exactly because we changed this part of the code with the recent release of 3.1.1.)
---
A. Soroka
The University of Virginia Library
A. Soroka
2016-11-10 20:46:42 UTC
Permalink
You can stay with 3.1.0 for the moment (obviously, you'll eventually want to upgrade to get all the other good things in 3.1.1 {grin}).

For 3.1.0, please look at:

https://jena.apache.org/documentation/query/service.html#controlling-service-requests

and especially at the last paragraph:

https://jena.apache.org/documentation/query/service.html#srvservicecontext

In that paragraph is explained the mechanism by which you can "override system context settings on a per URI basis" (quoting from it). That's a way that you supply a specific username/password combo (aka srv:queryAuthUser/srv:queryAuthPwd combo) for a specific service at a specific URL. As the notes there say, you can do this either on a per-query basis (by passing in a Context, just as you surmised) or in the static ARQ context (which would make your config available to all queries).

Does this help?

---
A. Soroka
The University of Virginia Library
Post by Zak Mc Kracken
Hi Adam,
thanks for your reply.
I'm using 3.1.0, but upgrading shouldn't be a big deal. The question is how to use it. Is passing an authenticator to QueryExecutionFactory.sparqlService enogh? Will the authenticator be used with "SERVICE <url>", in addition to the endpoint sent as first parameter of this method?
If that is the case, it would be fine for my use case, but what if the only endpoint needing authentication is the one mentioned by SERVICE? Can I specify credentials on a per-URL basis somehow? Via Context passed to ServiceAuthenticator?
Marco
Post by A. Soroka
We are currently refreshing that very documentation, but in the meantime I will help you directly. You _can_ use HTTP authN with SERVICE, it's just a question of how. The most important question is, what version of Jena are you using? (The reason those links don't work is exactly because we changed this part of the code with the recent release of 3.1.1.)
---
A. Soroka
The University of Virginia Library
Zak Mc Kracken
2016-11-11 10:56:45 UTC
Permalink
Cool!

I'll give it a try, thank you so much!

Marco.
Post by A. Soroka
You can stay with 3.1.0 for the moment (obviously, you'll eventually want to upgrade to get all the other good things in 3.1.1 {grin}).
https://jena.apache.org/documentation/query/service.html#controlling-service-requests
https://jena.apache.org/documentation/query/service.html#srvservicecontext
In that paragraph is explained the mechanism by which you can "override system context settings on a per URI basis" (quoting from it). That's a way that you supply a specific username/password combo (aka srv:queryAuthUser/srv:queryAuthPwd combo) for a specific service at a specific URL. As the notes there say, you can do this either on a per-query basis (by passing in a Context, just as you surmised) or in the static ARQ context (which would make your config available to all queries).
Does this help?
---
A. Soroka
The University of Virginia Library
Loading...