apacheGH-2902: Fuseki Server Modules

jena-base/src/main/java/org/apache/jena/atlas/net/Host.java

@@ -128,27 +128,4 @@ public static InetAddress getLocalHostLANAddress() {
             throw unknownHostException;
         }
     }
-
-    // @formatter:off
-//    public static void main(String ... arg) throws UnknownHostException {
-//        try {
-//            for (Enumeration<NetworkInterface> ifaces = NetworkInterface.getNetworkInterfaces(); ifaces.hasMoreElements();) {
-//                NetworkInterface iface = ifaces.nextElement();
-//                // Iterate all IP addresses assigned to each card...
-//                for (Enumeration<InetAddress> inetAddrs = iface.getInetAddresses(); inetAddrs.hasMoreElements();) {
-//                    InetAddress inetAddr = inetAddrs.nextElement();
-//                    System.out.println("IP Address : '" +inetAddr.getHostAddress()+"'");
-//                }
-//            }
-//            System.out.println();
-//
-//            InetAddress inetAddr = getLocalHostLANAddress();
-//            //InetAddress localhost = InetAddress.getLocalHost();
-//            System.out.println("System IP Address : '" +inetAddr.getHostAddress()+"'");
-//        } catch (Exception ex) {
-//            ex.printStackTrace();
-//            System.exit(0);
-//        }
-//    }
-    // @formatter:on
 }

jena-fuseki2/jena-fuseki-main/pom.xml

@@ -83,6 +83,19 @@
       <artifactId>jetty-xml</artifactId>
     </dependency>
 
+    <!-- Apache Shiro -->
+    <dependency>
+      <groupId>org.apache.shiro</groupId>
+      <artifactId>shiro-core</artifactId>
+    </dependency>
+
+    <dependency>
+      <groupId>org.apache.shiro</groupId>
+      <artifactId>shiro-web</artifactId>
+      <classifier>jakarta</classifier>
+    </dependency>
+
+    <!-- Testing -->
     <dependency>
       <groupId>org.junit.vintage</groupId>
       <artifactId>junit-vintage-engine</artifactId>
@@ -96,41 +109,39 @@
     </dependency>
 
     <dependency>
-      <groupId>org.junit.platform</groupId>
-      <artifactId>junit-platform-suite</artifactId>
+      <groupId>org.junit.jupiter</groupId>
+      <artifactId>junit-jupiter-params</artifactId>
       <scope>test</scope>
     </dependency>
-
+    
     <dependency>
-      <groupId>org.apache.logging.log4j</groupId>
-      <artifactId>log4j-slf4j2-impl</artifactId>
-      <optional>true</optional>
-      <scope>compile</scope>
+      <groupId>org.junit.platform</groupId>
+      <artifactId>junit-platform-suite</artifactId>
+      <scope>test</scope>
     </dependency>
 
-    <!-- Include Shiro - for the example in src/test/java/ -->
-
-    <dependency>
-      <groupId>org.apache.shiro</groupId>
-      <artifactId>shiro-core</artifactId>
-      <classifier>jakarta</classifier>
+<!-- 
+   Only needed if the Junit5 artifacts don't pick the right runner
+   <dependency>
+      <groupId>junit</groupId>
+      <artifactId>junit</artifactId>
+      <version>${ver.junit}</version>
       <scope>test</scope>
-      <optional>true</optional>
     </dependency>
+-->    
+
 
     <dependency>
-      <groupId>org.apache.shiro</groupId>
-      <artifactId>shiro-config-core</artifactId>
+      <groupId>org.awaitility</groupId>
+      <artifactId>awaitility</artifactId>
       <scope>test</scope>
-      <optional>true</optional>
     </dependency>
 
     <dependency>
-      <groupId>org.apache.shiro</groupId>
-      <artifactId>shiro-web</artifactId>
-      <classifier>jakarta</classifier>
-      <scope>test</scope>
+      <groupId>org.apache.logging.log4j</groupId>
+      <artifactId>log4j-slf4j2-impl</artifactId>
       <optional>true</optional>
+      <scope>compile</scope>
     </dependency>
 
     <!-- Testing for custom functions only -->

jena-fuseki2/jena-fuseki-main/src/main/java/org/apache/jena/fuseki/authz/AuthorizationFilter403.java

@@ -0,0 +1,58 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership.  The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License.  You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.jena.fuseki.authz;
+
+import java.io.IOException;
+
+import jakarta.servlet.ServletRequest;
+import jakarta.servlet.ServletResponse;
+import jakarta.servlet.http.HttpServletResponse;
+import org.apache.jena.web.HttpSC;
+import org.apache.shiro.web.filter.authz.AuthorizationFilter;
+import org.apache.shiro.web.util.WebUtils;
+
+/** Specialise AuthorizationFilter to yield HTTP 403 on access denied */
+public abstract class AuthorizationFilter403 extends AuthorizationFilter
+{
+    private String message;
+
+    protected AuthorizationFilter403(String text)   { setMessage(text); }
+    protected AuthorizationFilter403()              { this(null); }
+
+    /** Set the message used in HTTP 403 responses */
+    public void setMessage(String msg) { message = msg; }
+
+    public String getMessage() { return message; }
+
+    @Override
+    protected boolean onAccessDenied(ServletRequest request, ServletResponse response) throws IOException {
+        HttpServletResponse httpResponse;
+        try { httpResponse = WebUtils.toHttp(response); }
+        catch (ClassCastException ex) {
+            // Not a HTTP Servlet operation
+            return super.onAccessDenied(request, response);
+        }
+        if ( message == null )
+            httpResponse.sendError(HttpSC.FORBIDDEN_403);
+        else
+            httpResponse.sendError(HttpSC.FORBIDDEN_403, message);
+        return false;  // No further processing.
+    }
+}
+

jena-fuseki2/jena-fuseki-main/src/main/java/org/apache/jena/fuseki/authz/DenyFilter.java

@@ -0,0 +1,33 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership.  The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License.  You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.jena.fuseki.authz;
+
+import jakarta.servlet.ServletRequest;
+import jakarta.servlet.ServletResponse;
+
+/** An authorization filter that always denies access and sends back HTTP 403 */
+public class DenyFilter extends AuthorizationFilter403 {
+
+    public DenyFilter() { super("Access denied"); }
+
+    @Override
+    protected boolean isAccessAllowed(ServletRequest request, ServletResponse response, Object mappedValue) {
+        return false;
+    }
+}

jena-fuseki2/jena-fuseki-main/src/main/java/org/apache/jena/fuseki/authz/LocalhostFilter.java

@@ -0,0 +1,71 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership.  The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License.  You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.jena.fuseki.authz;
+
+import java.util.Arrays;
+import java.util.Collection;
+import java.util.Set;
+
+import jakarta.servlet.ServletRequest;
+import jakarta.servlet.ServletResponse;
+import org.apache.shiro.web.filter.authz.PortFilter;
+
+/**
+ * A Filter that can allow or deny access based on whether the
+ * the host that sent the request is the loopback address (AKA localhost).
+ * Use of the external IP address of the local machine does not permit access,
+ * only the loopback interface is authorized.
+ * Responds with HTTP 403 on any denied request.
+ *
+ * Example:
+ * <pre>
+ * [main]
+ * localhost=org.apache.jena.fuseki.authz.LocalhostFilter
+ * ...
+ * [urls]
+ * /LocalFilesForLocalPeople/** = localhost
+ * </pre>
+ * @see PortFilter
+ */
+
+public class LocalhostFilter extends AuthorizationFilter403 {
+
+    private static final String message = "Access denied : only localhost access allowed";
+
+    public LocalhostFilter() { super(message); }
+
+    private static String LOCALHOST_IpV6_a = "[0:0:0:0:0:0:0:1]";
+    private static String LOCALHOST_IpV6_b = "0:0:0:0:0:0:0:1";
+    // This is what appears in the Chrome developer tools client-side.
+    // "[0:0:0:0:0:0:0:1]" by the time it arrives here, It is not clear which
+    // software component is responsible for that.
+    // To be safe we add "[::1]".
+    private static String LOCALHOST_IpV6_c = "[::1]";
+    private static String LOCALHOST_IpV4   = "127.0.0.1";   // Strictly, 127.*.*.*
+
+    private static final Collection<String> localhosts = Set.copyOf(
+        Arrays.asList(LOCALHOST_IpV4, LOCALHOST_IpV6_a, LOCALHOST_IpV6_b, LOCALHOST_IpV6_c));
+
+    @Override
+    protected boolean isAccessAllowed(ServletRequest request, ServletResponse response, Object mappedValue) throws Exception {
+        return localhosts.contains(request.getRemoteAddr());
+    }
+}
+
+

jena-fuseki2/jena-fuseki-main/src/main/java/org/apache/jena/fuseki/main/cmds/FusekiServerCmd.java

@@ -0,0 +1,54 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership.  The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License.  You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.jena.fuseki.main.cmds;
+
+import org.apache.jena.fuseki.run.FusekiModServer;
+import org.apache.jena.fuseki.system.FusekiLogging;
+
+/** Fuseki command that runs a Fuseki server with the admin UI.
+ * <p>
+ * Use {@code --conf=} for multiple datasets and specific service names.
+ * <p>
+ * The command line dataset setup only supports a single dataset.
+ */
+
+public class FusekiServerCmd {
+    // This class wraps FusekiMain so that it can take control of logging setup.
+    // This class does not depend via inheritance on any Jena code
+    // and does not trigger Jena initialization.
+    // FusekiLogging runs before any Jena code can trigger logging setup.
+    //
+    // Inheritance causes initialization in the super class first, before class
+    // initialization code in this class.
+
+    static { FusekiLogging.setLogging(); }
+
+    /**
+     * Build and run, a server based on command line syntax. This operation does not
+     * return. See {@link FusekiMain#build} to build a server using command line
+     * syntax but not start it.
+     */
+    static public void main(String... args) {
+        // Fix up args
+        // --empty
+        // --modules=true
+        FusekiModServer.runAsync(args).join();
+    }
+}
+