Page History

...

Expand

title	For example, one might perform a HEAD request to discover the ACL location

$ curl -I http://localhost:8080/fcrepo/rest/myContainer

Date: Thu, 23 Aug 2018 14:46:46 GMT
Expires: Thu, 01 Jan 1970 00:00:00 GMT
ETag: W/"919bed096330d23b2e85c01d487758aa6bbf2dcb"
Last-Modified: Thu, 16 Aug 2018 18:49:54 GMT
Link: <http://www.w3.org/ns/ldp#Resource>;rel="type"
Link: <http://www.w3.org/ns/ldp#Container>;rel="type"
Link: <http://www.w3.org/ns/ldp#BasicContainer>;rel="type"
Link: <http://localhost:8080/fcrepo/rest/myContainer/fcr:acl>; rel="acl"
Preference-Applied: return=representation
Vary: Prefer

...

...

The user userA can Read document foo

Code Block

language	text

@prefix acl: <http://www.w3.org/ns/auth/acl#>

<#auth1> a acl:Authorization ;
    acl:accessTo </fcrepo/rest/foo> ;
    acl:mode acl:Read;
    acl:agent "userA" .

Users in NewsEditor group can Write to any resource of type ex:News

Code Block

language	text

@prefix acl: <http://www.w3.org/ns/auth/acl#> .
@prefix ex: <http://example.org/ns#> .

<#auth2> a acl:Authorization ;
    acl:accessToClass ex:News ;
    acl:mode acl:Read, acl:Write;
    acl:agentClass <<fcrepo/rest/agents/NewsEditors> .

Code Block

language	text
title	/agents/NewsEditors

@prefix foaf: <http://xmlns.com/foaf/0.1/> .

<#auth3><> a foaf:Group;
    foaf:member "editor1", "editor2".

The user userB can Read document foo (This involves setting a system property for the servlet container, e.g. -Dfcrepo.auth.webac.userAgent.baseUri=http://example.org/agents/)

Code Block

language	text

@prefix acl: <http://www.w3.org/ns/auth/acl#>

<><#auth3> a acl:Authorization ;
    acl:accessTo </fcrepo/rest/foo> ;
    acl:mode acl:Read;
    acl:agent <http://example.org/agents/userB> .

...

Page tree

Versions Compared

Old Version 3

New Version 4

Key