Details

    • Type: Sub-task
    • Status: Done
    • Priority: High
    • Resolution: Done
    • Affects Version/s: None
    • Fix Version/s: BLAZEGRAPH_RELEASE_1_5_2
    • Component/s: None
    • Labels:
      None

      Description

      This is a feature request to add a mechanism for configuring a whitelist of SERVICE URLs that are permitted. The default policy should be that all SERVICE URLs are permitted. If the whitelist is enabled, then no services other than those explicitly registered, would be permitted. Service URLs that are not local could also be registered and entered into the whitelist. I am pretty sure that the service registry allows the registry of non-local SERVICE URLs in order to configure their preferences (e.g., whether they support SPARQL 1.0 or SPARQL 1.1). So we need to explicitly enable/disable the whitelist. I think that the whitelist might be just all registered services when the whitelist is enabled. Or perhaps it is an explicit enumeration that is distinct from those that are registered.

      The webapp should be modified to read a "whitelist" parameter from web.xml. This could be a boolean or the name of a file containing service URLs to be whitelisted, etc.

      See ServiceRegistry.toServiceCall() - this is where to test the whitelist.
      See BigdataRDFServletContextListener.contextInitialized() - this is where to initialize the whitelist based on the web.xml configuration.

      This feature will be applied by the wikimedia foundation into a patch release and will be present in the official 1.5.2 release.

        Activity

        Hide
        beebs Brad Bebee added a comment -

        BLZG-41 branch in github/SYSTAP and now in CI: http://ci.bigdata.com:8080/job/BLZG-41/.

        Show
        beebs Brad Bebee added a comment - BLZG-41 branch in github/SYSTAP and now in CI: http://ci.bigdata.com:8080/job/BLZG-41/ .
        Hide
        bryanthompson bryanthompson added a comment -

        Brad, has this been resolved?

        Show
        bryanthompson bryanthompson added a comment - Brad, has this been resolved?
        Hide
        beebs Brad Bebee added a comment -

        First CI build is here: https://ci.bigdata.com/job/BLZG-41/1/.

        I pulled up and merged from master today. I've started a new CI build that is queued.

        Show
        beebs Brad Bebee added a comment - First CI build is here: https://ci.bigdata.com/job/BLZG-41/1/ . I pulled up and merged from master today. I've started a new CI build that is queued.
        Hide
        beebs Brad Bebee added a comment -
        Show
        beebs Brad Bebee added a comment - Now in PR: https://github.com/SYSTAP/bigdata/pull/100
        Hide
        bryanthompson bryanthompson added a comment -

        PR has been merged to master. CI job has been cancelled. Closing ticket.

        Show
        bryanthompson bryanthompson added a comment - PR has been merged to master. CI job has been cancelled. Closing ticket.

          People

          • Assignee:
            beebs Brad Bebee
            Reporter:
            bryanthompson bryanthompson
          • Votes:
            0 Vote for this issue
            Watchers:
            4 Start watching this issue

            Dates

            • Created:
              Updated:
              Resolved: