This commit is contained in:
Andy Bunce 2021-11-02 23:06:20 +00:00
parent 481ef0ce09
commit 343379f5d4
2 changed files with 132 additions and 0 deletions

75
fuseki/docker-entry.sh Normal file
View File

@ -0,0 +1,75 @@
#!/bin/bash
# Licensed to the Apache Software Foundation (ASF) under one or more
# contributor license agreements. See the NOTICE file distributed with
# this work for additional information regarding copyright ownership.
# The ASF licenses this file to You under the Apache License, Version 2.0
# (the "License"); you may not use this file except in compliance with
# the License. You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
set -e
if [ ! -f "$FUSEKI_BASE/shiro.ini" ] ; then
# First time
echo "###################################"
echo "Initializing Apache Jena Fuseki"
echo ""
cp "$FUSEKI_HOME/shiro.ini" "$FUSEKI_BASE/shiro.ini"
if [ -z "$ADMIN_PASSWORD" ] ; then
ADMIN_PASSWORD=$(pwgen -s 15)
echo "Randomly generated admin password:"
echo ""
echo "admin=$ADMIN_PASSWORD"
fi
echo ""
echo "###################################"
fi
if [ -d "/fuseki-extra" ] && [ ! -d "$FUSEKI_BASE/extra" ] ; then
ln -s "/fuseki-extra" "$FUSEKI_BASE/extra"
fi
# $ADMIN_PASSWORD only modifies if ${ADMIN_PASSWORD}
# is in shiro.ini
if [ -n "$ADMIN_PASSWORD" ] ; then
export ADMIN_PASSWORD
envsubst '${ADMIN_PASSWORD}' < "$FUSEKI_BASE/shiro.ini" > "$FUSEKI_BASE/shiro.ini.$$" && \
mv "$FUSEKI_BASE/shiro.ini.$$" "$FUSEKI_BASE/shiro.ini"
unset ADMIN_PASSWORD # Don't keep it in memory
export ADMIN_PASSWORD
fi
# fork
exec "$@" &
TDB_VERSION=''
if [ ! -z ${TDB+x} ] && [ "${TDB}" = "2" ] ; then
TDB_VERSION='tdb2'
else
TDB_VERSION='tdb'
fi
# Wait until server is up
while [[ $(curl -I http://localhost:3030 2>/dev/null | head -n 1 | cut -d$' ' -f2) != '200' ]]; do
sleep 1s
done
# Convert env to datasets
printenv | egrep "^FUSEKI_DATASET_" | while read env_var
do
dataset=$(echo $env_var | egrep -o "=.*$" | sed 's/^=//g')
curl -s 'http://localhost:3030/$/datasets'\
-H "Authorization: Basic $(echo -n admin:${ADMIN_PASSWORD} | base64)" \
-H 'Content-Type: application/x-www-form-urlencoded; charset=UTF-8'\
--data "dbName=${dataset}&dbType=${TDB_VERSION}"
done
# rejoin our exec
wait

57
fuseki/shiro.ini Normal file
View File

@ -0,0 +1,57 @@
# Licensed to the Apache Software Foundation (ASF) under one or more
# contributor license agreements. See the NOTICE file distributed with
# this work for additional information regarding copyright ownership.
# The ASF licenses this file to You under the Apache License, Version 2.0
# (the "License"); you may not use this file except in compliance with
# the License. You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
[main]
# Development
ssl.enabled = false
plainMatcher=org.apache.shiro.authc.credential.SimpleCredentialsMatcher
#iniRealm=org.apache.shiro.realm.text.IniRealm
iniRealm.credentialsMatcher = $plainMatcher
#localhost=org.apache.jena.fuseki.authz.LocalhostFilter
[users]
# Implicitly adds "iniRealm = org.apache.shiro.realm.text.IniRealm"
# The admin password will be replaced by value of ADMIN_PASSWORD
# variable by docker-entrypoint.sh on FIRST start up.
admin=${ADMIN_PASSWORD}
[roles]
[urls]
## Control functions open to anyone
/$/status = anon
/$/ping = anon
## and the rest are restricted
/$/** = authcBasic,user[admin]
## Sparql update is restricted
/*/update/** = authcBasic,user[admin]
## If you want simple, basic authentication user/password
## on the operations,
## 1 - set a password in [users]
## 2 - change the line above to:
## /$/** = authcBasic,user[admin]
## and set a better
## or to allow any access.
##/$/** = anon
# Everything else
/**=anon