Indeed quite simple....the atual issue is/was: In my configuration file there exists no security.enabled property at all :)
So...should it be there or is it default true and I now add this property (with value false) Thx again, Michel Dr. ir. H.M. (Michel) Bohms Sr. Research Scientist Structural Reliability T +31 (0)88 866 31 07 M +31 (0)63 038 12 20 E michel.bo...@tno.nl This message may contain information that is not intended for you. If you are not the addressee or if this message was sent to you by mistake, you are requested to inform the sender and delete the message. TNO accepts no liability for the content of this e-mail, for the manner in which you use it and for damage of any kind resulting from the risks inherent to the electronic transmission of messages. -----Original Message----- From: Sergio Fernández [mailto:wik...@apache.org] Sent: dinsdag 20 januari 2015 16:47 To: users@marmotta.apache.org Cc: Taal, J. (Johan) Subject: Re: issue on security Hi Michael, well, you have two options: a) without stopping Marmotta, just execute the following command from the same machine where it's running: curl -X POST -H "Content-Type: application/json" -d '["false"]' http://localhost:8080/marmotta/config/data/security.enabled b) with Marmotta stopped, just add (or edit) the system-config.properties file in the $MAMOTTA_HOME to have one line with: security.enabled = false Both are pretty straightforward.... what's the deal? On 20/01/15 12:48, Bohms, H.M. (Michel) wrote: > Thx for confirmation (indeed issue for both simple and standard...). > > Please advice simplest way to work around when having local access... > > (I did not find the setting in the properties files for disabling the > security) > > Thx Michel > > Dr. ir. H.M. (Michel) Bohms > Sr. Research Scientist > Structural Reliability > T +31 (0)88 866 31 07 > M +31 (0)63 038 12 20 > E michel.bo...@tno.nl > > This message may contain information that is not intended for you. If you are > not the addressee or if this message was sent to you by mistake, you are > requested to inform the sender and delete the message. TNO accepts no > liability for the content of this e-mail, for the manner in which you use it > and for damage of any kind resulting from the risks inherent to the > electronic transmission of messages. > > -----Original Message----- > From: Sergio Fernández [mailto:wik...@apache.org] > Sent: dinsdag 20 januari 2015 12:44 > To: users@marmotta.apache.org > Cc: Taal, J. (Johan) > Subject: Re: issue on security > > Hi Michael, > > On 15/01/15 16:54, Bohms, H.M. (Michel) wrote: >> We have two installations, one on windows and one on linux/Ubuntu. >> >> We have same issue on both: >> >> When we set the security to standard (via console/prfiles etc.) we cannot >> login with admin/pass123. >> >> (we thought that admin would be aut. part of manager role..) >> >> How should we do this (to be able to remotely upload data) >> >> (ie do we need to set manager password somewhere and use THAT? With >> admin user?) > > We definitely have an issue with the login mechanism, see MARMOTTA-534 for > further details, and has nothing to do with the platform where it is > installed. Please, provide details to the issue and then we can try to > address it. > > In the meantime, for temporally bypassing the issue, if your instance is > running on a protected environment (i.e., a machine running behind a firewall > in your intranet) you can disable security by executing the following request > from the same machine where Marmotta is running: > > curl -X POST -H "Content-Type: application/json" -d '["false"]' > http://localhost:8080/marmotta/config/data/security.enabled > > You are able to do that because Marmotta comes with the simple profile > enabled by default, which allows read access from everywhere and write access > only from localhost or other local interfaces. You can find some > documentation about the Security Profiles at: > http://marmotta.apache.org/platform/security-module.html > > Please, take into account that having security disabled allows everybody to > perform write requests (POST/PUT/DELETE/PATCH) without authentication. You > can keep this configuration if it easier for you. > But I have to insist this setup is _not_ recommended for instances with open > access. > > In practice you should always keep security enabled, switching to the > 'standard' security profile for every installation that requires external > access beyond a local demo. But I guess the authentication issue would > remain, even with that profile enabled. Therefore, if your installation fits > with the restrictions described above, you can have whatever profile while > you keep security disabled. Otherwise we have to take a closer look to the > issue and related problems reported to MARMOTTA-534. > > Hope that helps. > > Cheers, > > -- > Sergio Fernández > Partner Technology Manager > Redlink GmbH > m: +43 660 2747 925 > e: sergio.fernan...@redlink.co > w: http://redlink.co > -- Sergio Fernández Partner Technology Manager Redlink GmbH m: +43 660 2747 925 e: sergio.fernan...@redlink.co w: http://redlink.co
