Old Release

This documentation covers an old version of Fedora. Looking for another version? See all documentation.

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 3 Next »

This page is being updated

The examples on this page are incompatible with Fedora 5, as they do not follow the SOLID WebAC specification. This page is being updated to bring it into alignment with the current specification

These scenarios assume that Fedora has been configured to use fcrepo.auth.webac.userAgent.baseUri=http://example.org/agent/ and fcrepo.auth.webac.groupAgent.baseUri=http://example.org/group/

  1. I want to allow a user with username "smith123" to have read, write access to resource http://localhost:8080/rest/webacl_box1.

    Create this file to use as the ACL:

    acl.ttl
    @prefix acl: <http://www.w3.org/ns/auth/acl#> .
<#authz> a acl:Authorization ;
   acl:agent <http://example.org/agent/smith123> ;
   acl:mode acl:Read, acl:Write ;
   acl:accessTo <http://localhost:8080/rest/webacl_box1> .

    Run the following commands:

    curl -XPUT http://localhost:8080/rest/webac1_box1
curl -XPUT http://localhost:8080/rest/webacl_box1/fcr:acl -H 'Content-Type: text/turtle' --data-binary @acl.ttl

  2. I want to let the group "Editors" have read, write access on all the items in the collection "http://localhost:8080/rest/box/bag/collection"

    Create this file to use as the ACL:

    acl.ttl
    @prefix acl: <http://www.w3.org/ns/auth/acl#> .
<> a acl:Authorization ;
   acl:agent <http://localhost:8080/rest/groups/Editors> ;
   acl:mode acl:Read, acl:Write ;
   acl:accessTo <http://localhost:8080/rest/box/bag/collection> .

    Create this file to define the Editors group:

    group.ttl
    @prefix vcard: <http://www.w3.org/2006/vcard/ns#> .
<> a vcard:Group ;
    vcard:hasMember <http://example.org/agent/jones456>

    Run the following commands:

    curl -XPUT http://localhost:8080/rest/box/bag/collection
curl -XPUT http://localhost:8080/rest/groups/Editors -H 'Content-Type: text/turtle' --data-binary @group.ttl
curl -XPUT http://localhost:8080/rest/box/bag/collection/fcr:acl -H 'Content-Type: text/turtle' --data-binary @acl.ttl

  3.  I would like the collection http://localhost:8080/rest/dark/archive to be viewable only by the group "Restricted", but I would like to allow anyone to view the resource http://localhost:8080/rest/dark/archive/sunshine.

    Create these file to use as the ACLs and the group listing:

    acl_restricted.ttl
    @prefix acl: <http://www.w3.org/ns/auth/acl#> .
<> a acl:Authorization ;
   acl:agent <http://localhost:8080/rest/groups/Restricted> ;
   acl:mode acl:Read ;
   acl:accessTo <http://localhost:8080/rest/dark/archive> .
    acl_open.ttl
    @prefix acl: <http://www.w3.org/ns/auth/acl#> .
@prefix foaf: <http://xmlns.com/foaf/0.1/> .
<> a acl:Authorization ;
   acl:agent foaf:Agent ;
   acl:mode acl:Read ;
   acl:accessTo <http://localhost:8080/rest/dark/archive/sunshine> .
    group.ttl
    @prefix vcard: <http://www.w3.org/2006/vcard/ns#> .
<> a vcard:Group ;
    vcard:hasMember <http://example.org/agent/jones456>

    Run the following commands:

    curl -XPUT http://localhost:8080/rest/dark/archive
curl -XPUT http://localhost:8080/rest/dark/archive/sunshine
curl -XPUT http://localhost:8080/rest/groups/Restricted -H 'Content-Type: text/turtle' --data-binary @group.ttl
curl -XPUT http://localhost:8080/rest/dark/archive -H 'Content-Type: text/turtle' --data-binary @acl_restricted.ttl
curl -XPUT http://localhost:8080/rest/dark/archive/sunshine -H 'Content-Type: text/turtle' --data-binary @acl_open.ttl

  4. The collection http://localhost:8080/rest/public_collection should be readable by anyone but only editable by users in the group Editors.

    Using the three "files" below to create our Authorization and ACL resources.

    Acl.ttl
    @prefix webac: <http://fedora.info/definitions/v4/webac#> .
<> a webac:Acl .
    Auth1.ttl
    @prefix acl: <http://www.w3.org/ns/auth/acl#> .
@prefix foaf: <http://xmlns.com/foaf/0.1/> .
<> a acl:Authorization ;
   acl:agent foaf:Agent ;
   acl:mode acl:Read ;
   acl:accessTo <http://localhost:8080/rest/public_collection> .
    Auth2.ttl
    @prefix acl: <http://www.w3.org/ns/auth/acl#> .
<> a acl:Authorization ;
   acl:agent <http://example.org/group/Editors> ;
   acl:mode acl:Read, acl:Write ;
   acl:accessTo <http://localhost:8080/rest/public_collection> .

    I would execute the following code:

    > curl -X POST -H "Content-type: text/turtle" --data-binary "@Acl.ttl" "http://localhost:8080/rest"

http://localhost:8080/rest/acl

> curl -X PUT -H "Content-type: text/turtle" --data-binary "@Auth1.ttl" "http://localhost:8080/rest/acl/auth1"

http://localhost:8080/rest/acl/auth1

> curl -X PUT -H "Content-type: text/turtle" --data-binary "@Auth2.ttl" "http://localhost:8080/rest/acl/auth2"

http://localhost:8080/rest/acl/auth2

> echo "PREFIX acl: <http://www.w3.org/ns/auth/acl#>
INSERT DATA {
<> acl:accessControl <http://localhost:8080/rest/acl> .
}" | curl -X PATCH -H "Content-type: application/sparql-update" --upload-file - "http://localhost:8080/rest/public_collection"

  5. Only the ex:publicImage type objects in the container http://localhost:8080/rest/mixedCollection are viewable by anyone, all others are only viewable by the group Admins.

    Using the three "files" below to create our Authorization and ACL resources.

    Acl.ttl
    @prefix webac: <http://fedora.info/definitions/v4/webac#> .
<> a webac:Acl .
    Auth_restricted.ttl
    @prefix acl: <http://www.w3.org/ns/auth/acl#> .
<> a acl:Authorization ;
   acl:agent <http://example.org/group/Admins> ;
   acl:mode acl:Read ;
   acl:accessTo <http://localhost:8080/rest/mixedCollection> .
    Auth_open.ttl
    @prefix acl: <http://www.w3.org/ns/auth/acl#> .
@prefix foaf: <http://xmlns.com/foaf/0.1/> .
<> a acl:Authorization ;
   acl:agent foaf:Agent ;
   acl:mode acl:Read ;
   acl:accessToClass ex:publicImage .

    I would execute the following commands:

    > curl -X POST -H "Content-type: text/turtle" --data-binary "@Acl.ttl" "http://localhost:8080/rest"

http://localhost:8080/rest/acl

> curl -X PUT -H "Content-type: text/turtle" --data-binary "@Auth_restricted.ttl" "http://localhost:8080/rest/acl/auth1"

http://localhost:8080/rest/acl/auth1

> curl -X PUT -H "Content-type: text/turtle" --data-binary "@Auth_open.ttl" "http://localhost:8080/rest/acl/auth2"

http://localhost:8080/rest/acl/auth2

> echo "PREFIX acl: <http://www.w3.org/ns/auth/acl#>
INSERT DATA {
<> acl:accessControl <http://localhost:8080/rest/acl> .
}" | curl -X PATCH -H "Content-type: application/sparql-update" --upload-file - "http://localhost:8080/rest/mixedCollection"


  • No labels

All content on the LYRASIS Wiki is licensed under the CC BY (Attribution) license, unless otherwise noted.