| <!DOCTYPE html> |
| <html lang="en"> |
| <head> |
| |
| |
| <title>Apache Jena - Data Access Control for Fuseki</title> |
| <meta http-equiv="Content-Type" content="text/html; charset=UTF-8"> |
| <meta name="viewport" content="width=device-width, initial-scale=1.0"> |
| |
| <link href="/css/bootstrap.min.css" rel="stylesheet" media="screen"> |
| <link href="/css/bootstrap-extension.css" rel="stylesheet" type="text/css"> |
| <link href="/css/jena.css" rel="stylesheet" type="text/css"> |
| <link rel="shortcut icon" href="/images/favicon.ico" /> |
| |
| <script src="https://code.jquery.com/jquery-2.2.4.min.js" |
| integrity="sha256-BbhdlvQf/xTY9gja0Dq3HiwQF8LaCRTXxZKRutelT44=" |
| crossorigin="anonymous"></script> |
| <script src="/js/jena-navigation.js" type="text/javascript"></script> |
| <script src="/js/bootstrap.min.js" type="text/javascript"></script> |
| |
| <script src="/js/improve.js" type="text/javascript"></script> |
| |
| |
| </head> |
| |
| <body> |
| |
| <nav class="navbar navbar-default" role="navigation"> |
| <div class="container"> |
| <div class="navbar-header"> |
| <button type="button" class="navbar-toggle" data-toggle="collapse" data-target=".navbar-ex1-collapse"> |
| <span class="icon-bar"></span> |
| <span class="icon-bar"></span> |
| <span class="icon-bar"></span> |
| </button> |
| <a class="navbar-brand" href="/index.html"> |
| <img class="logo-menu" src="/images/jena-logo/jena-logo-notext-small.png" alt="jena logo">Apache Jena</a> |
| </div> |
| |
| <div class="collapse navbar-collapse navbar-ex1-collapse"> |
| <ul class="nav navbar-nav"> |
| <li id="homepage"><a href="/index.html"><span class="glyphicon glyphicon-home"></span> Home</a></li> |
| <li id="download"><a href="/download/index.cgi"><span class="glyphicon glyphicon-download-alt"></span> Download</a></li> |
| <li class="dropdown"> |
| <a href="#" class="dropdown-toggle" data-toggle="dropdown"><span class="glyphicon glyphicon-book"></span> Learn <b class="caret"></b></a> |
| <ul class="dropdown-menu"> |
| <li class="dropdown-header">Tutorials</li> |
| <li><a href="/tutorials/index.html">Overview</a></li> |
| <li><a href="/documentation/fuseki2/index.html">Fuseki Triplestore</a></li> |
| <li><a href="/documentation/notes/index.html">How-To's</a></li> |
| <li><a href="/documentation/query/manipulating_sparql_using_arq.html">Manipulating SPARQL using ARQ</a></li> |
| <li><a href="/tutorials/rdf_api.html">RDF core API tutorial</a></li> |
| <li><a href="/tutorials/sparql.html">SPARQL tutorial</a></li> |
| <li><a href="/tutorials/using_jena_with_eclipse.html">Using Jena with Eclipse</a></li> |
| <li class="divider"></li> |
| <li class="dropdown-header">References</li> |
| <li><a href="/documentation/index.html">Overview</a></li> |
| <li><a href="/documentation/query/index.html">ARQ (SPARQL)</a></li> |
| <li><a href="/documentation/assembler/index.html">Assembler</a></li> |
| <li><a href="/documentation/tools/index.html">Command-line tools</a></li> |
| <li><a href="/documentation/rdfs/">Data with RDFS Inferencing</a></li> |
| <li><a href="/documentation/geosparql/index.html">GeoSPARQL</a></li> |
| <li><a href="/documentation/inference/index.html">Inference API</a></li> |
| <li><a href="/documentation/javadoc.html">Javadoc</a></li> |
| <li><a href="/documentation/ontology/">Ontology API</a></li> |
| <li><a href="/documentation/permissions/index.html">Permissions</a></li> |
| <li><a href="/documentation/extras/querybuilder/index.html">Query Builder</a></li> |
| <li><a href="/documentation/rdf/index.html">RDF API</a></li> |
| <li><a href="/documentation/rdfconnection/">RDF Connection - SPARQL API</a></li> |
| <li><a href="/documentation/io/">RDF I/O</a></li> |
| <li><a href="/documentation/rdfstar/index.html">RDF-star</a></li> |
| <li><a href="/documentation/shacl/index.html">SHACL</a></li> |
| <li><a href="/documentation/shex/index.html">ShEx</a></li> |
| <li><a href="/documentation/jdbc/index.html">SPARQL over JDBC</a></li> |
| <li><a href="/documentation/tdb/index.html">TDB</a></li> |
| <li><a href="/documentation/tdb2/index.html">TDB2</a></li> |
| <li><a href="/documentation/query/text-query.html">Text Search</a></li> |
| </ul> |
| </li> |
| |
| <li class="drop down"> |
| <a href="#" class="dropdown-toggle" data-toggle="dropdown"><span class="glyphicon glyphicon-book"></span> Javadoc <b class="caret"></b></a> |
| <ul class="dropdown-menu"> |
| <li><a href="/documentation/javadoc.html">All Javadoc</a></li> |
| <li><a href="/documentation/javadoc/arq/">ARQ</a></li> |
| <li><a href="/documentation/javadoc_elephas.html">Elephas</a></li> |
| <li><a href="/documentation/javadoc/fuseki2/">Fuseki</a></li> |
| <li><a href="/documentation/javadoc/geosparql/">GeoSPARQL</a></li> |
| <li><a href="/documentation/javadoc/jdbc/">JDBC</a></li> |
| <li><a href="/documentation/javadoc/jena/">Jena Core</a></li> |
| <li><a href="/documentation/javadoc/permissions/">Permissions</a></li> |
| <li><a href="/documentation/javadoc/extras/querybuilder/">Query Builder</a></li> |
| <li><a href="/documentation/javadoc/shacl/">SHACL</a></li> |
| <li><a href="/documentation/javadoc/tdb/">TDB</a></li> |
| <li><a href="/documentation/javadoc/text/">Text Search</a></li> |
| </ul> |
| </li> |
| |
| <li id="ask"><a href="/help_and_support/index.html"><span class="glyphicon glyphicon-question-sign"></span> Ask</a></li> |
| |
| <li class="dropdown"> |
| <a href="#" class="dropdown-toggle" data-toggle="dropdown"><span class="glyphicon glyphicon-bullhorn"></span> Get involved <b class="caret"></b></a> |
| <ul class="dropdown-menu"> |
| <li><a href="/getting_involved/index.html">Contribute</a></li> |
| <li><a href="/help_and_support/bugs_and_suggestions.html">Report a bug</a></li> |
| <li class="divider"></li> |
| <li class="dropdown-header">Project</li> |
| <li><a href="/about_jena/about.html">About Jena</a></li> |
| <li><a href="/about_jena/architecture.html">Architecture</a></li> |
| <li><a href="/about_jena/citing.html">Citing</a></li> |
| <li><a href="/about_jena/team.html">Project team</a></li> |
| <li><a href="/about_jena/contributions.html">Related projects</a></li> |
| <li><a href="/about_jena/roadmap.html">Roadmap</a></li> |
| <li class="divider"></li> |
| <li class="dropdown-header">ASF</li> |
| <li><a href="http://www.apache.org/">Apache Software Foundation</a></li> |
| <li><a href="http://www.apache.org/foundation/sponsorship.html">Become a Sponsor</a></li> |
| <li><a href="http://www.apache.org/licenses/LICENSE-2.0">License</a></li> |
| <li><a href="http://www.apache.org/security/">Security</a></li> |
| <li><a href="http://www.apache.org/foundation/thanks.html">Thanks</a></li> |
| </ul> |
| </li> |
| |
| |
| |
| |
| <li id="edit"><a href="https://github.com/apache/jena-site/edit/main/source/documentation/fuseki2/fuseki-data-access-control.md" title="Edit this page on GitHub"><span class="glyphicon glyphicon-pencil"></span> Edit this page</a></li> |
| </ul> |
| </div> |
| </div> |
| </nav> |
| |
| |
| <div class="container"> |
| <div class="row"> |
| <div class="col-md-12"> |
| <div id="breadcrumbs"> |
| |
|
|
|
|
|
|
|
|
|
|
|
|
| <ol class="breadcrumb">
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| <li><a href='/documentation'>DOCUMENTATION</a></li>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| <li><a href='/documentation/fuseki2'>FUSEKI2</a></li>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| <li class="active">FUSEKI DATA ACCESS CONTROL</li>
|
|
|
|
|
|
|
|
|
| </ol>
|
|
|
|
|
|
|
| |
| |
| </div> |
| <h1 class="title">Data Access Control for Fuseki</h1> |
| |
| <p>Fuseki can provide access control at the level on the server, on datasets, |
| on endpoints and also on specific graphs within a dataset. It also |
| provides native https to protect data in-flight.</p> |
| <p><a href="/documentation/fuseki2/fuseki-main.html">Fuseki Main</a> |
| provides some common patterns of authentication and also |
| <a href="#graph-acl">Graph level Data Access Control</a> to provide control over the visibility of |
| graphs within a dataset, including the union graph of a dataset and |
| the default graph. Currently, Graph level access control only applies to |
| read-only datasets.</p> |
| <p>Fuseki Full (Fuseki with the UI) can be used when <a href="/documentation/fuseki2/fuseki-webapp.html#fuseki-web-application">run in a web application |
| server such as |
| Tomcat</a> to |
| provide authentication of the user. See “<a href="fuseki-security">Fuseki Security</a>” |
| for configuring security over the whole of the Fuseki UI.</p> |
| <p>This page applies to Fuseki Main.</p> |
| <h2 id="contents">Contents</h2> |
| <ul> |
| <li><a href="#https">HTTPS</a></li> |
| <li><a href="#authentication">Authentication</a> |
| <ul> |
| <li><a href="#using-curl">Using curl</a></li> |
| <li><a href="#using-wget">Using wget</a></li> |
| </ul> |
| </li> |
| <li><a href="#acl">Access control lists</a> |
| <ul> |
| <li><a href="#alloweduser">Format of ja:allowedUsers</a></li> |
| <li><a href="#server-acl">Server Level ACLs</a></li> |
| <li><a href="#dataset-acl">Dataset Level ACLs</a></li> |
| <li><a href="#endpoint-acl">Endpoint Level ACLs</a></li> |
| </ul> |
| </li> |
| <li><a href="#graph-acl">Graph Access Control Lists</a> |
| <ul> |
| <li><a href="#graph-security-registry">Graph Security Registry</a></li> |
| </ul> |
| </li> |
| <li><a href="#jetty-configuration">Configuring Jetty directly</a></li> |
| </ul> |
| <h2 id="https">HTTPS</h2> |
| <p>HTTPS support is configured from the fuseki server command line.</p> |
| <table> |
| <thead> |
| <tr> |
| <th>Server Argument</th> |
| <th></th> |
| <th></th> |
| </tr> |
| </thead> |
| <tbody> |
| <tr> |
| <td><tt>–https=<i>SETUP</i></tt></td> |
| <td>Name of file for certificate details.</td> |
| <td></td> |
| </tr> |
| <tr> |
| <td><tt>–httpsPort=<i>PORT</i></tt></td> |
| <td>The port for https</td> |
| <td>Default: 3043</td> |
| </tr> |
| </tbody> |
| </table> |
| <p>The <code>--https</code> argument names a file in JSON which includes the name of |
| the certificate file and password for the certificate.</p> |
| <h3 id="https-details">HTTPS certificate details file</h3> |
| <p>The file is a simple JSON file:</p> |
| <pre> |
| { "cert": <i>KEYSTORE</i> , "passwd": <i>SECRET</i> } |
| </pre> |
| <p>This file must be protected by file access settings so that it can only |
| be read by the userid running the server. One way is to put the |
| keystore certificate and the certificate details file in the same |
| directory, then make the directory secure.</p> |
| <h3 id="self-signed-certificates">Self-signed certificates</h3> |
| <p>A self-signed certificate provides an encrypted link to the server and |
| stops some attacks. What it does not do is guarantee the identity of the |
| host name of the Fuseki server to the client system. A signed certificate provides that through the chain of trust. A self-signed certificate does protect data in HTTP responses.</p> |
| <p>A self-signed certificate can be generated with:</p> |
| <pre> |
| keytool -keystore <i>keystore</i> -alias <i>jetty</i> -genkey -keyalg RSA |
| </pre> |
| <p>For information on creating a certificate, see the Jetty documentation |
| for <a href="http://www.eclipse.org/jetty/documentation/current/configuring-ssl.html#generating-key-pairs-and-certificates">generating certificates</a>.</p> |
| <h2 id="authentication">Authentication</h2> |
| <p><a href="https://en.wikipedia.org/wiki/Authentication">Authentication</a>, |
| is establishing the identity of the principal (user or program) accessing the |
| system. Fuseki Main provides users/password setup and HTTP authentication, |
| <a href="https://en.wikipedia.org/wiki/Digest_access_authentication">digest</a> or |
| <a href="https://en.wikipedia.org/wiki/Basic_access_authentication">basic</a>).</p> |
| <p>These should be <a href="#https">used with HTTPS</a>.</p> |
| <table> |
| <thead> |
| <tr> |
| <th>Server Argument</th> |
| <th></th> |
| <th></th> |
| </tr> |
| </thead> |
| <tbody> |
| <tr> |
| <td><tt>–passwd=<i>FILE</i></tt></td> |
| <td>Password file</td> |
| <td></td> |
| </tr> |
| <tr> |
| <td><tt>–auth=</tt></td> |
| <td>“basic” or “digest”</td> |
| <td>Default is “digest”</td> |
| </tr> |
| </tbody> |
| </table> |
| <p>These can also be given in the server configuration file:</p> |
| <pre> |
| <#server> rdf:type fuseki:Server ; |
| fuseki:passwd "<i>password_file</i>" ; |
| fuseki:auth "<i>digest</i>" ; |
| ... |
| </pre> |
| <p>The format of the password file is:</p> |
| <pre><code>username: password |
| </code></pre> |
| <p>and passwords can be stored in hash or obfuscated form.</p> |
| <p>Documentation of the <a href="http://www.eclipse.org/jetty/documentation/current/configuring-security.html#hash-login-service">Eclipse Jetty Password file format</a>.</p> |
| <p>If different authentication is required, the full facilities of |
| <a href="http://www.eclipse.org/jetty/documentation/current/configuring-security.html">Eclipse Jetty configuration</a> |
| are available - see <a href="#jetty-configuration">the section below</a>.</p> |
| <h3 id="using-curl">Using <code>curl</code></h3> |
| <p>See the <a href="https://curl.haxx.se/docs/manpage.html">curl documentation</a> for full |
| details. This section is a brief summary of some relevant options:</p> |
| <table> |
| <thead> |
| <tr> |
| <th>curl argument</th> |
| <th>Value</th> |
| <th>–</th> |
| </tr> |
| </thead> |
| <tbody> |
| <tr> |
| <td><code>-n</code>, <code>--netrc</code></td> |
| <td></td> |
| <td>Take passwords from <code>.netrc</code> (<code>_netrc</code> on windows)</td> |
| </tr> |
| <tr> |
| <td><code>--user=</code></td> |
| <td><code>user:password</code></td> |
| <td>Set the user and password (visible to all on the local machine)</td> |
| </tr> |
| <tr> |
| <td><code>--anyauth</code></td> |
| <td></td> |
| <td>Use server nominated authentication scheme</td> |
| </tr> |
| <tr> |
| <td><code>--basic</code></td> |
| <td></td> |
| <td>Use HTTP basic auth</td> |
| </tr> |
| <tr> |
| <td><code>--digest</code></td> |
| <td></td> |
| <td>Use HTTP digest auth</td> |
| </tr> |
| <tr> |
| <td><code>-k</code>, <code>--insecure</code></td> |
| <td></td> |
| <td>Don’t check HTTPS certificate.<br/> This allows for self-signed or expired certificates, or ones with the wrong host name.</td> |
| </tr> |
| </tbody> |
| </table> |
| <h3 id="using-wget">Using <code>wget</code></h3> |
| <p>See the <a href="https://www.gnu.org/software/wget/manual/wget.html">wget documentation</a> for full |
| details. This section is a brief summary of some relevant options:</p> |
| <table> |
| <thead> |
| <tr> |
| <th>wget argument</th> |
| <th>Value</th> |
| <th>–</th> |
| </tr> |
| </thead> |
| <tbody> |
| <tr> |
| <td><code>--http-user</code></td> |
| <td>user name</td> |
| <td>Set the user.</td> |
| </tr> |
| <tr> |
| <td><code>--http-password</code></td> |
| <td>password</td> |
| <td>Set the password (visible to all on the local machine)</td> |
| </tr> |
| <tr> |
| <td></td> |
| <td></td> |
| <td><code>wget</code> uses users/password from <code>.wgetrc</code> or <code>.netrc</code> by default.</td> |
| </tr> |
| <tr> |
| <td><code>--no-check-certificate</code></td> |
| <td></td> |
| <td>Don’t check HTTPS certificate.<br/> This allows for self-signed or expired, certificates or ones with the wrong host name.</td> |
| </tr> |
| </tbody> |
| </table> |
| <h2 id="acl">Access Control Lists</h2> |
| <p>ACLs can be applied to the server as a whole, to a dataset, to endpoints, and to |
| graphs within a dataset. This section covers server, dataset and endpoint access control |
| lists. Graph-level access control is <a href="#graph-acl">covered below</a>.</p> |
| <p>Access control lists (ACL) as part of the server configuration file.</p> |
| <pre> |
| fuseki --conf <i>configFile.ttl</i> |
| </pre> |
| <p>ACLs are provided by the <code>ja:allowedUsers</code> property</p> |
| <h3 id="alloweduser">Format of <code>ja:allowedUsers</code></h3> |
| <p>The list of users allowed access can be an RDF list or repeated use of |
| the property or a mixture. The different settings are combined into one ACL.</p> |
| <pre><code> fuseki:allowedUsers "user1", "user2", "user3"; |
| fuseki:allowedUsers "user3"; |
| fuseki:allowedUsers ( "user1" "user2" "user3") ; |
| </code></pre> |
| <p>There is a special user name “*” which means “any authenticated user”.</p> |
| <pre><code>fuseki:allowedUsers "*" ; |
| </code></pre> |
| <h3 id="server-acl">Server Level ACLs</h3> |
| <pre> |
| <#server> rdf:type fuseki:Server ; |
| <b>fuseki:allowedUsers "user1", "user2", "user3";</b> |
| ... |
| fuseki:services ( ... ) ; |
| ... |
| . |
| </pre> |
| <p>A useful pattern is:</p> |
| <pre> |
| <#server> rdf:type fuseki:Server ; |
| <b>fuseki:allowedUsers "*";</b> |
| ... |
| fuseki:services ( ... ) ; |
| ... |
| . |
| </pre> |
| <p>which requires all access to to be authenticated and the allowed users are |
| those in the password file.</p> |
| <h3 id="dataset-acl">Dataset Level ACLs</h3> |
| <p>When there is an access control list on the <code>fuseki:Service</code>, it applies |
| to all requests to the endpoints of the dataset.</p> |
| <p>Any server-wide “allowedUsers” configuration also applies and both |
| levels must allow the user access.</p> |
| <pre> |
| <#service_auth> rdf:type fuseki:Service ; |
| rdfs:label "ACL controlled dataset" ; |
| fuseki:name "db-acl" ; |
| |
| <b>fuseki:allowedUsers "user1", "user3";</b> |
| |
| ## Choice of operations. |
| |
| fuseki:endpoint [ |
| fuseki:operation fuseki:query ; |
| fuseki:name "sparql" |
| ]; |
| fuseki:endpoint [ |
| fuseki:operation fuseki:update ; |
| fuseki:name "sparql" |
| ] ; |
| fuseki:endpoint [ |
| fuseki:operation fuseki:gsp-r ; |
| fuseki:name "get" |
| ] ; |
| fuseki:dataset <#base_dataset>; |
| . |
| </pre> |
| <h3 id="endpoint-acl">Endpoint Level ACLs</h3> |
| <p>An access control list can be applied to an individual endpoint. |
| Again, any other “allowedUsers” configuration, service-wide, or |
| server-wide) also applies.</p> |
| <pre><code> fuseki:endpoint [ |
| fuseki:operation fuseki:query ; |
| fuseki:name "query" ; |
| fuseki:allowedUsers "user1", "user2" ; |
| ]; |
| fuseki:endpoint [ |
| fuseki:operation fuseki:update ; |
| fuseki:name "update" ; |
| fuseki:allowedUsers "user1" |
| ] ; |
| </code></pre> |
| <p>Only <em>user1</em> can use SPARQL update; both <em>user1</em> and |
| <em>user2</em> can use SPARQL query.</p> |
| <h2 id="graph-acl">Graph Access Control Lists</h2> |
| <p>Graph level access control is defined using a specific dataset |
| implementation for the service.</p> |
| <pre><code><#access_dataset> rdf:type access:AccessControlledDataset ; |
| access:registry ... ; |
| access:dataset ... ; |
| . |
| </code></pre> |
| <p>Graph ACLs are defined in a <a href="#graph-security-registry">Graph Security Registry</a> which lists the users and graph URIs.</p> |
| <pre> |
| <#service_tdb2> rdf:type fuseki:Service ; |
| rdfs:label "Graph-level access controlled dataset" ; |
| fuseki:name "db-graph-acl" ; |
| ## Read-only operations on the dataset URL. |
| fuseki:endpoint [ fuseki:operation fuseki:query ] ; |
| fuseki:endpoint [ fuseki:operation fuseki:gsp_r ] ; |
| fuseki:dataset <b><#access_dataset></b> ; |
| . |
| |
| # Define access on the dataset. |
| <#access_dataset> rdf:type access:AccessControlledDataset ; |
| access:registry <#securityRegistry> ; |
| access:dataset <#tdb_dataset_shared> ; |
| . |
| |
| <#securityRegistry>rdf:type access:SecurityRegistry ; |
| . . . |
| |
| <#tdb_dataset_shared> rdf:type tdb:DatasetTDB ; |
| . . . |
| </pre> |
| <p>All dataset storage types are supported. TDB1 and TDB2 have special implementations for handling graph access control.</p> |
| <h3 id="graph-security-registry">Graph Security Registry</h3> |
| <p>The Graph Security Registry is defined as a number of access entries in |
| either a list format “(user graph1 graph2 …)” or as RDF properties |
| <code>access:user</code> and <code>access:graphs</code>. The property <code>access:graphs</code> has graph URI or a |
| list of URIs as its object.</p> |
| <pre><code><#securityRegistry> rdf:type access:SecurityRegistry ; |
| access:entry ( "user1" <http://host/graphname1> <http://host/graphname2> ) ; |
| access:entry ( "user1" <http://host/graphname3> ) ; |
| |
| access:entry ( "user1" <urn:x-arq:DefaultGraph> ) ; |
| |
| access:entry ( "user2" <http://host/graphname9> ) ; |
| access:entry [ access:user "user3" ; access:graphs ( <http://host/graphname3> <http://host/graphname4> ) ] ; |
| access:entry [ access:user "user3" ; access:graphs <http://host/graphname5> ] ; |
| access:entry [ access:user "userZ" ; access:graphs <http://host/graphnameZ> ] ; |
| . |
| </code></pre> |
| <h2 id="jetty-configuration">Jetty Configuration</h2> |
| <p>For authentication configuration not covered by Fuseki configuration, |
| the deployed server can be run using a Jetty configuration.</p> |
| <p>Server command line: <tt>–jetty=<i>jetty.xml</i></tt>.</p> |
| <p><a href="https://www.eclipse.org/jetty/documentation/current/jetty-xml-config.html">Documentation for <code>jetty.xml</code></a>.</p> |
| |
| |
| </div> |
| </div> |
| |
| </div> |
| |
| <footer class="footer"> |
| <div class="container" style="font-size:80%" > |
| <p> |
| Copyright © 2011–2022 The Apache Software Foundation, Licensed under the |
| <a href="http://www.apache.org/licenses/LICENSE-2.0">Apache License, Version 2.0</a>. |
| </p> |
| <p> |
| Apache Jena, Jena, the Apache Jena project logo, Apache and the Apache feather logos are trademarks of |
| The Apache Software Foundation. |
| <br/> |
| <a href="https://privacy.apache.org/policies/privacy-policy-public.html" |
| >Apache Software Foundation Privacy Policy</a>. |
| </p> |
| </div> |
| </footer> |
| |
| |
| <script type="text/javascript"> |
| var link = $('a[href="' + this.location.pathname + '"]'); |
| if (link != undefined) |
| link.parents('li,ul').addClass('active'); |
| </script> |
| |
| </body> |
| </html> |