[
https://issues.apache.org/jira/browse/JENA-218?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13226017#comment-13226017
]
Alexander Dutton commented on JENA-218:
---------------------------------------
Yes, supporting both headers and query parameters sounds sensible. If both are
specified, shall we take the minimum? Taking the minimum woud allow e.g. httpd
to add a Timeout header for unauthed users, which restricts timeouts, but does
not take away the user's freedom to specify a lower timeout.
So, the config could be something like:
<#service3> rdf:type fuseki:Service ;
fuseki:name "tdb" ; # http://host:port/tdb
fuseki:serviceQuery "sparql" ; # SPARQL query service
fuseki:allowTimeoutOverride true ;
fuseki:maximumTimeoutOverride 4 ;
fuseki:dataset <#dataset> .
If allowTimeoutOverride isn't specified we default to leaving it disabled
(hence, backwards compatibility with current behaviour), and if
maximumTimeoutOverride is missing, default to allowing unlimited timeouts (the
documentation can suggest that you probably want to specify both together. Do
we want this specified in seconds or milliseconds?
I would argue that it should silently ignore attempts to set a timeout when
none is allowed, lest a client is optimistically asking timeouts of everything
it queries and gets confused by a 400 or 501.
> Fuseki should allow timeouts to be specified on a per-request basis
> -------------------------------------------------------------------
>
> Key: JENA-218
> URL: https://issues.apache.org/jira/browse/JENA-218
> Project: Apache Jena
> Issue Type: Improvement
> Components: Fuseki
> Affects Versions: Fuseki 0.2.1
> Reporter: Alexander Dutton
> Labels: needsdocumentation, timeout
>
> A query endpoint might want to have different timeouts depending on whether
> queries are from untrusted or trusted users, or maintenance processes. The
> timeout could be passed with an X- header, a Timeout header as per
> http://tools.ietf.org/html/draft-loreto-http-timeout-00, or a query
> parameter, respecting the system default if none is provided. The query
> parameter might be less favourable as it'd be harder to filter out for Fuseki
> instances behind Apache.
> There is a risk that changing the behaviour to allow timeouts to be
> overridden will lead to DoSs of query endpoints open to the world to some
> extent. This can be mitigated by defaulting to disallowing timeout overrides.
> I'm happy to put a patch together and document it at
> http://incubator.apache.org/jena/documentation/serving_data/.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators:
https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
