Virtuoso Open-Source Wiki
Virtuoso Open-Source, OpenLink Data Spaces, and OpenLink Ajax Toolkit
Advanced Search
Help?
Location: / Dashboard / Main / VOSIndex / VirtSPARQLEndpointProtection / VirtSPARQLSSL

Managing a WebID-based SPARQL Endpoint

Introduction

The following guide describes the basic steps for setting up an SSL protected and WebID based SPARQL Endpoint (SPARQL-WebID). The guide also covers the use of Virtuoso PL functions and the Virtuoso Conductor for SPARQL endpoint creation and configuration. It also covers the use of cURL for exercising the newly generated SPARQL-WebID endpoint.

Note: SPARQL-SSL is alias of SPARQL-WebID

Create a WebID-based SPARQL Endpoint

  1. Setup the CA issuer and https listener
  2. Create the SPARQL-WebID endpoint:
    1. By installing the policy_manager_dav.vad package, which will create the SPARQL-WebID endpoint, or:
    2. Manually: Define the /sparql-webid endpoint on an HTTPS based listener (HTTPS service endpoint), for example using Virtuoso PL:

      DB.DBA.VHOST_DEFINE ( lhost=>'127.0.0.1:443', vhost=>'localhost', lpath=>'/sparql-webid', ppath=>'/!sparql/', is_dav=>1, auth_fn=>'DB.DBA.FOAF_SSL_AUTH', vsp_user=>'dba', ses_vars=>0, auth_opts=>vector ('https_cert', 'db:https_key_localhost', 'https_key', 'db:https_key_localhost', 'https_verify', 3, 'https_cv_depth', 10), opts=>vector ('noinherit', 1), is_default_host=>0 );

  3. Setup the SPARQL-WebID endpoint and define ACLs using the Virtuoso Conductor
  4. Export your private key and its associated WebID based X.509 certificate from your Firefox browser or System's Key Manager into PEM (PKCS12) file
    1. If using Firefox use the menu path: Advanced->View Certificates, then click Backup for your certificate with name "mykey".
    2. The file "mykey.p12" will be created. To disable password protection so that you can use this file in non-interactive mode (e.g. with cURL and other HTTP clients) execute:

      openssl pkcs12 -in mykey.p12 -out mykey.pem -nodes

  5. Test the SPARQL-WebID endpoint with cURL (listening on default HTTPS 443 port):
    • Note: In this example we use the "-k / --insecure" option with cURL since we are going to be using self-signed X.509 certificates signed by self-signed root CA.
  6. Import your key it via Conductor UI:
    1. Go to Conductor -> System Admin->User Accounts



    2. Click "Edit" for your user



    3. Change "User type" to: SQL/ODBC and WebDAV



    4. Enter your ODS user WebID:

      http://cname:port/dataspace/person/username#this





    5. Click "Save"
    6. Click again "Edit" for your user
    7. In "PKCS12 file:" click the Browse" button and select your key.
    8. Enter a local Key Name, for e.g., "cli_key"
    9. Enter key password



    10. Click "Import Key"
    11. As result the key will be stored with name for ex. cli_key



    12. Click "Save"
  7. Test the SPARQL-WebID endpoint with http_client (listening on default HTTPS 443 port).

Demo Examples

Disable Default SPARQL Endpoint

Using iSQL

  1. To disable /sparql, execute:

    DB.DBA.VHOST_REMOVE (lpath=>'/sparql');

  2. To add the endpoint again via PL, execute:

    DB.DBA.VHOST_DEFINE (lpath=>'/sparql/', ppath => '/!sparql/', is_dav => 1, vsp_user => 'dba', opts => vector('noinherit', 1));

Using Conductor UI

  1. Go to http://cname:port/conductor .
  2. Enter user dba credentials.
  3. Go to "Web Application Server" -> "Virtual Domains & Directories".



  4. Find the logical path "/sparql".



  5. Click "Edit" from the "Action" column.



  6. Change "VSP User" to "nobody".



  7. Click "Save Changes".
  8. As result the SPARQL Endpoint should be shown as disabled:



Related

Powered By Virtuoso