Smalyshev has uploaded a new change for review.
https://gerrit.wikimedia.org/r/211929
Change subject: Add context listener to block remote service requests
......................................................................
Add context listener to block remote service requests
Change-Id: I96945f822b9429aafe7ddbc7b02a972940682e2c
---
A
blazegraph/src/main/java/org/wikidata/query/rdf/blazegraph/WikibaseContextListener.java
M dist/src/config/web.xml
2 files changed, 47 insertions(+), 3 deletions(-)
git pull ssh://gerrit.wikimedia.org:29418/wikidata/query/rdf
refs/changes/29/211929/1
diff --git
a/blazegraph/src/main/java/org/wikidata/query/rdf/blazegraph/WikibaseContextListener.java
b/blazegraph/src/main/java/org/wikidata/query/rdf/blazegraph/WikibaseContextListener.java
new file mode 100644
index 0000000..dcdb3b0
--- /dev/null
+++
b/blazegraph/src/main/java/org/wikidata/query/rdf/blazegraph/WikibaseContextListener.java
@@ -0,0 +1,39 @@
+package org.wikidata.query.rdf.blazegraph;
+
+import javax.servlet.ServletContextEvent;
+
+import com.bigdata.rdf.sail.webapp.BigdataRDFServletContextListener;
+import com.bigdata.rdf.sparql.ast.service.IServiceOptions;
+import com.bigdata.rdf.sparql.ast.service.ServiceCall;
+import com.bigdata.rdf.sparql.ast.service.ServiceCallCreateParams;
+import com.bigdata.rdf.sparql.ast.service.ServiceFactory;
+import com.bigdata.rdf.sparql.ast.service.ServiceRegistry;
+
+/**
+ * Context listener to enact configurations we need on initialization.
+ */
+public class WikibaseContextListener extends BigdataRDFServletContextListener {
+
+ @Override
+ public void contextInitialized(final ServletContextEvent e) {
+ super.contextInitialized(e);
+ ServiceRegistry.getInstance().setDefaultServiceFactory(new
DisableRemotesServiceFactory());
+ }
+
+ /**
+ * Service factory that disables remote access.
+ */
+ private final class DisableRemotesServiceFactory implements ServiceFactory
{
+
+ @Override
+ public IServiceOptions getServiceOptions() {
+ return null;
+ }
+
+ @Override
+ public ServiceCall<?> create(ServiceCallCreateParams params) {
+ throw new IllegalArgumentException("Service call not allowed: " +
params.getServiceURI());
+ }
+
+ }
+}
diff --git a/dist/src/config/web.xml b/dist/src/config/web.xml
index b459f29..222c477 100644
--- a/dist/src/config/web.xml
+++ b/dist/src/config/web.xml
@@ -13,7 +13,7 @@
installation, e.g., by specifying an absolution path. Also, it is a good
idea to review the RWStore.properties file as well and specify the location
of the database file on which it will persist your data.
-
+
Note: You MAY override this parameter using
"-Dcom.bigdata.rdf.sail.webapp.ConfigParams.propertyFile=FILE"
when starting the servlet container.
@@ -55,8 +55,13 @@
<param-name>queryTimeout</param-name>
<param-value>30000</param-value>
</context-param>
+- <context-param>
+ <description>List of allowed services.</description>
+ <param-name>serviceWhitelist</param-name>
+ <param-value>http://www.bigdata.com/rdf#describe</param-value>
+ </context-param>
<listener>
-
<listener-class>com.bigdata.rdf.sail.webapp.BigdataRDFServletContextListener</listener-class>
+
<listener-class>org.wikidata.query.rdf.blazegraph.WikibaseContextListener</listener-class>
</listener>
<servlet>
<servlet-name>REST API</servlet-name>
@@ -105,7 +110,7 @@
<!-- Mapping for access to non-default KB namespaces.
<servlet-mapping>
<servlet-name>REST API</servlet-name>
- <url-pattern>/sparql/*</url-pattern>
+ <url-pattern>/sparql/*</url-pattern>
</servlet-mapping> -->
<!-- Mappings for the multi-tenancy API. -->
<servlet-mapping>
--
To view, visit https://gerrit.wikimedia.org/r/211929
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings
Gerrit-MessageType: newchange
Gerrit-Change-Id: I96945f822b9429aafe7ddbc7b02a972940682e2c
Gerrit-PatchSet: 1
Gerrit-Project: wikidata/query/rdf
Gerrit-Branch: master
Gerrit-Owner: Smalyshev <smalys...@wikimedia.org>
_______________________________________________
MediaWiki-commits mailing list
MediaWiki-commits@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits
