Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Enable stateless HTTP Basic Authentication #62

Closed
enridaga opened this issue Mar 24, 2017 · 4 comments
Closed

Enable stateless HTTP Basic Authentication #62

enridaga opened this issue Mar 24, 2017 · 4 comments
Assignees
@enridaga
Labels
enhancement
Milestone
v0.4.0

Comments

@enridaga
Copy link
Contributor

With the implementation of the shiro session based authorization Basil supports users and roles so that only the API creator can modify or delete an entry.
However, the current implementation is based on sessions, that are unhandy to be managed from the curl command line. When the Shiro Subject is not authenticated, we should forcely check whether the request also contains an HTTP Basic Header and authenticate the Subject forcely, without opening a session this time.
@enridaga enridaga self-assigned this Mar 24, 2017
@enridaga enridaga added this to the v0.4.0 milestone Mar 24, 2017
enridaga added a commit that referenced this issue Mar 24, 2017
@enridaga
Implementation of stateless authentication. About #62
cf678ab
@barrynl
Copy link

barrynl commented Apr 4, 2017

I was wondering whether Basil supports a SPARQL endpoint with HTTP Basic Authentication, but I guess this issue is not about the SPARQL endpoint?

@costasvassilakis
Copy link

@barrynl , a quick-and-dirty solution to supporting queries to SPARQL endpoint with HTTP Basic Authentication is to modify basil/src/main/java/uk/ac/open/kmi/basil/invoke/DirectExecutor.java so that public InvocationResult execute(Query q, String endpoint) reads as follows:

            CredentialsProvider credsProvider = new BasicCredentialsProvider();
            Credentials credentials = new UsernamePasswordCredentials("USERNAME", "PASSWORD");
            credsProvider.setCredentials(AuthScope.ANY, credentials);
            HttpClient httpclient = HttpClients.custom()
                .setDefaultCredentialsProvider(credsProvider)
                .build();
            QueryExecution qe = QueryExecutionFactory.sparqlService(endpoint, q, httpclient);

Make sure that you substitute USERNAME and PASSWORD with appropriate values, and of course a rebuild is needed.

The solution is clearly suboptimal since it assumes that all endpoints queried by the same installation share the same username and password. The best way to implement it would cater for providing the authentication method within the query specification (even different queries to the same endpoint might need different credentials) and then the execute method would examine whether authentication is needed and accordingly set the http client needed.

@enridaga
Copy link
Contributor Author

I know this is a very late reaction. The above comments, very relevant in general, are not related to this issue specifically as here we refer to the way basil handles authentication for managing api creation etc... This specific issue has been fixed.

@enridaga
Copy link
Contributor Author

Created #69 to track the issue discussed by @barrynl and @costasvassilakis

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@enridaga enridaga

Labels
enhancement
Projects
None yet
Milestone
v0.4.0
Development

No branches or pull requests
3 participants
@enridaga @barrynl @costasvassilakis