From 343379f5d4342fdb3221d003888111172f9125af Mon Sep 17 00:00:00 2001 From: apb Date: Tue, 2 Nov 2021 23:06:20 +0000 Subject: [PATCH] [add] --- fuseki/docker-entry.sh | 75 ++++++++++++++++++++++++++++++++++++++++++ fuseki/shiro.ini | 57 ++++++++++++++++++++++++++++++++ 2 files changed, 132 insertions(+) create mode 100644 fuseki/docker-entry.sh create mode 100644 fuseki/shiro.ini diff --git a/fuseki/docker-entry.sh b/fuseki/docker-entry.sh new file mode 100644 index 0000000..80bdb19 --- /dev/null +++ b/fuseki/docker-entry.sh @@ -0,0 +1,75 @@ +#!/bin/bash +# Licensed to the Apache Software Foundation (ASF) under one or more +# contributor license agreements. See the NOTICE file distributed with +# this work for additional information regarding copyright ownership. +# The ASF licenses this file to You under the Apache License, Version 2.0 +# (the "License"); you may not use this file except in compliance with +# the License. You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +set -e + +if [ ! -f "$FUSEKI_BASE/shiro.ini" ] ; then + # First time + echo "###################################" + echo "Initializing Apache Jena Fuseki" + echo "" + cp "$FUSEKI_HOME/shiro.ini" "$FUSEKI_BASE/shiro.ini" + if [ -z "$ADMIN_PASSWORD" ] ; then + ADMIN_PASSWORD=$(pwgen -s 15) + echo "Randomly generated admin password:" + echo "" + echo "admin=$ADMIN_PASSWORD" + fi + echo "" + echo "###################################" +fi + +if [ -d "/fuseki-extra" ] && [ ! -d "$FUSEKI_BASE/extra" ] ; then + ln -s "/fuseki-extra" "$FUSEKI_BASE/extra" +fi + +# $ADMIN_PASSWORD only modifies if ${ADMIN_PASSWORD} +# is in shiro.ini +if [ -n "$ADMIN_PASSWORD" ] ; then + export ADMIN_PASSWORD + envsubst '${ADMIN_PASSWORD}' < "$FUSEKI_BASE/shiro.ini" > "$FUSEKI_BASE/shiro.ini.$$" && \ + mv "$FUSEKI_BASE/shiro.ini.$$" "$FUSEKI_BASE/shiro.ini" + unset ADMIN_PASSWORD # Don't keep it in memory + export ADMIN_PASSWORD +fi + +# fork +exec "$@" & + +TDB_VERSION='' +if [ ! -z ${TDB+x} ] && [ "${TDB}" = "2" ] ; then + TDB_VERSION='tdb2' +else + TDB_VERSION='tdb' +fi + +# Wait until server is up +while [[ $(curl -I http://localhost:3030 2>/dev/null | head -n 1 | cut -d$' ' -f2) != '200' ]]; do + sleep 1s +done + +# Convert env to datasets +printenv | egrep "^FUSEKI_DATASET_" | while read env_var +do + dataset=$(echo $env_var | egrep -o "=.*$" | sed 's/^=//g') + curl -s 'http://localhost:3030/$/datasets'\ + -H "Authorization: Basic $(echo -n admin:${ADMIN_PASSWORD} | base64)" \ + -H 'Content-Type: application/x-www-form-urlencoded; charset=UTF-8'\ + --data "dbName=${dataset}&dbType=${TDB_VERSION}" +done + +# rejoin our exec +wait diff --git a/fuseki/shiro.ini b/fuseki/shiro.ini new file mode 100644 index 0000000..dd11997 --- /dev/null +++ b/fuseki/shiro.ini @@ -0,0 +1,57 @@ +# Licensed to the Apache Software Foundation (ASF) under one or more +# contributor license agreements. See the NOTICE file distributed with +# this work for additional information regarding copyright ownership. +# The ASF licenses this file to You under the Apache License, Version 2.0 +# (the "License"); you may not use this file except in compliance with +# the License. You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +[main] +# Development +ssl.enabled = false + +plainMatcher=org.apache.shiro.authc.credential.SimpleCredentialsMatcher +#iniRealm=org.apache.shiro.realm.text.IniRealm +iniRealm.credentialsMatcher = $plainMatcher + +#localhost=org.apache.jena.fuseki.authz.LocalhostFilter + +[users] +# Implicitly adds "iniRealm = org.apache.shiro.realm.text.IniRealm" +# The admin password will be replaced by value of ADMIN_PASSWORD +# variable by docker-entrypoint.sh on FIRST start up. +admin=${ADMIN_PASSWORD} + +[roles] + +[urls] +## Control functions open to anyone +/$/status = anon +/$/ping = anon + +## and the rest are restricted +/$/** = authcBasic,user[admin] + +## Sparql update is restricted +/*/update/** = authcBasic,user[admin] + + +## If you want simple, basic authentication user/password +## on the operations, +## 1 - set a password in [users] +## 2 - change the line above to: +## /$/** = authcBasic,user[admin] +## and set a better + +## or to allow any access. +##/$/** = anon + +# Everything else +/**=anon