Menu
▾
▴
[Bigdata-developers] Read-only access to NanoSparqlServer
|
From: Antoni M. <ant...@qu...> - 2015-07-23 09:38:03
|
Hello, How to grant someone read-only access to NanoSparqlServer? The readOnly context-param won't work AFAIU, because I still want to write, I just want to limit certain requests to be read-only. We have a bigdata instance running behing a firewall and a public front-end. We want to expose an API for other apps to post SPARQL queries. I didn't want to reinvent the wheel, so I just wrote a trivial proxy servlet, based on https://github.com/mitre/HTTP-Proxy-Servlet. With it I was able to expose the entire NanoSparqlServer functionality in our frontend. Then I started extending my servlet to detect mutating requests and reject them. This turned out to be tricky. I wanted to allow all kinds of queries: - GET and POST with 'query' parameter, CONSTRUCT, SELECT, ASK, DESCRIBE - ESTCARD and HASSTMT - with all allowed parameters (s=, p=, o=, exact=true, etc.) - with all supported output formats But I wanted to refuse all kinds of mutations - everything with 'update' parameter, including those with both 'query' and 'update', GET and POST - POST with body - POST with uri - POST with multipart form data - DELETE all - DELETE with a triple pattern - PUT with a query and a body After a while I got my proxy servlet to cover all those cases, but now I ask myself: is there a better way? The code I wrote seems brittle. I don't know if it really covers everything and it will have to be adapted if the API changes in future versions of Blazegraph. So, is there a better way? Best regards -- Antoni Myłka Software Engineer Quantinum AG, Birkenweg 61, CH-3013 Bern - Fon +41 31 388 20 40 http://www.quantinum.com - Experience the Power of Data |
