On 11/12/14 13:37, Daniel Hernández wrote:
Sorry, I found the shiro.ini file in the folder "./run" after running
the server the first time.
Yes, that's how it gets setup. Not ideal but the idea is that it can
work as a war file and nothing else, so formatting it's own area on
startup seemed like the way to get a simple experience (i.e. no file
editing)
Andy
Daniel
On Thu, 2014-12-11 at 09:30 -0300, Daniel Hernández wrote:
Yes - by default the admin functions the UI uses are restricted to
browsers from "localhost" (and not even the IP address). This is done
to stop remote people being able to mess around with your data. I was a
bit surprised that as much of the interface worked as it did! There is a
403 in the developers console. It might be better to block more rather
than just the JSON-API calls to "/$/*"
For a fixed security template file, we didn't want a default
user/password because that would be not very secret.
It is controlled by the shiro.ini file
--------------------
[main]
...
localhost=org.apache.jena.fuseki.authz.LocalhostFilter
...
[urls]
...
## and the rest are restricted
/$/** = localhost
## If you want simple, basic authentication user/password on the
## operations, change the line above to:
## /$/** = authcBasic,user[admin]
--------------------
user='admin'; password in in the file a few lines above (which is not
very secure!)
The Fuseki specific shiro filters fix a couple of things and are simpler
that the general ones in Shiro itself. They have been contributed to
Apache Shiro.
Andy
Thanks a lot. However I have no much experience in Java development, so
I don't known where the shiro.in file is. I searched it with
find -name '*.ini'
in the distribution folder, but I got no results. Thus, I suppose that
it is into the jar files in the distribution. I need compile Fuseki from
the source to change the shiro.ini?
Daniel
