Google Git
Sign in
apache / jena-site / refs/heads/asf-site / . / content / documentation / sparql-apis / http-auth.html
blob: 5e67b0c776c8793d03cb6b1ec2bbad35696b5847 [file] [log] [blame]
<!DOCTYPE html>
<html lang="en">
<head>
<title>Apache Jena - HTTP Authentication</title>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<link href="/css/bootstrap.min.css" rel="stylesheet" media="screen">
<link href="/css/bootstrap-icons.css" rel="stylesheet" media="screen"><link rel="stylesheet" type="text/css" href="https://jena.apache.org/sass/jena.1b17c39a117e22b46db4c66f6395dc27c134a60377d87d2d5745b8600eb69722.css" integrity="sha256-GxfDmhF&#43;IrRttMZvY5XcJ8E0pgN32H0tV0W4YA62lyI=">
<link rel="shortcut icon" href="/images/favicon.ico" />
</head>
<body>
<nav class="navbar navbar-expand-lg bg-body-tertiary" role="navigation">
<div class="container">
<div class="navbar-header">
<button class="navbar-toggler" type="button" data-bs-toggle="collapse" data-bs-target="#navbarNav" aria-controls="navbarNav" aria-expanded="false" aria-label="Toggle navigation">
<span class="navbar-toggler-icon"></span>
</button>
<a class="navbar-brand" href="/index.html">
<img class="logo-menu" src="/images/jena-logo/jena-logo-notext-small.png" alt="jena logo">Apache Jena</a>
</div>
<div class="collapse navbar-collapse" id="navbarNav">
<ul class="navbar-nav me-auto mb-2 mb-lg-0">
<li id="homepage" class="nav-item"><a class="nav-link" href="/index.html"><span class="bi-house"></span> Home</a></li>
<li id="download" class="nav-item"><a class="nav-link" href="/download/index.cgi"><span class="bi-download"></span> Download</a></li>
<li class="nav-item dropdown">
<a href="#" class="nav-link dropdown-toggle" role="button" data-bs-toggle="dropdown" aria-expanded="false"><span class="bi-journal"></span> Learn <b class="caret"></b></a>
<ul class="dropdown-menu">
<li class="dropdown-header">Tutorials</li>
<li><a class="dropdown-item" href="/tutorials/index.html">Overview</a></li>
<li><a class="dropdown-item" href="/documentation/fuseki2/index.html">Fuseki Triplestore</a></li>
<li><a class="dropdown-item" href="/documentation/notes/index.html">How-To's</a></li>
<li><a class="dropdown-item" href="/documentation/query/manipulating_sparql_using_arq.html">Manipulating SPARQL using ARQ</a></li>
<li><a class="dropdown-item" href="/tutorials/rdf_api.html">RDF core API tutorial</a></li>
<li><a class="dropdown-item" href="/tutorials/sparql.html">SPARQL tutorial</a></li>
<li><a class="dropdown-item" href="/tutorials/using_jena_with_eclipse.html">Using Jena with Eclipse</a></li>
<li class="dropdown-divider"></li>
<li class="dropdown-header">References</li>
<li><a class="dropdown-item" href="/documentation/index.html">Overview</a></li>
<li><a class="dropdown-item" href="/documentation/query/index.html">ARQ (SPARQL)</a></li>
<li><a class="dropdown-item" href="/documentation/io/">RDF I/O</a></li>
<li><a class="dropdown-item" href="/documentation/assembler/index.html">Assembler</a></li>
<li><a class="dropdown-item" href="/documentation/tools/index.html">Command-line tools</a></li>
<li><a class="dropdown-item" href="/documentation/rdfs/">Data with RDFS Inferencing</a></li>
<li><a class="dropdown-item" href="/documentation/geosparql/index.html">GeoSPARQL</a></li>
<li><a class="dropdown-item" href="/documentation/inference/index.html">Inference API</a></li>
<li><a class="dropdown-item" href="/documentation/ontology/">Ontology API</a></li>
<li><a class="dropdown-item" href="/documentation/permissions/index.html">Permissions</a></li>
<li><a class="dropdown-item" href="/documentation/extras/querybuilder/index.html">Query Builder</a></li>
<li><a class="dropdown-item" href="/documentation/rdf/index.html">RDF API</a></li>
<li><a class="dropdown-item" href="/documentation/rdfconnection/">RDF Connection - SPARQL API</a></li>
<li><a class="dropdown-item" href="/documentation/rdfstar/index.html">RDF-star</a></li>
<li><a class="dropdown-item" href="/documentation/shacl/index.html">SHACL</a></li>
<li><a class="dropdown-item" href="/documentation/shex/index.html">ShEx</a></li>
<li><a class="dropdown-item" href="/documentation/tdb/index.html">TDB</a></li>
<li><a class="dropdown-item" href="/documentation/tdb2/index.html">TDB2</a></li>
<li><a class="dropdown-item" href="/documentation/query/text-query.html">Text Search</a></li>
</ul>
</li>
<li class="nav-item dropdown">
<a href="#" class="nav-link dropdown-toggle" role="button" data-bs-toggle="dropdown" aria-expanded="false"><span class="bi-journal-code"></span> Javadoc <b class="caret"></b></a>
<ul class="dropdown-menu">
<li><a class="dropdown-item" href="/documentation/javadoc.html">All Javadoc</a></li>
<li><a class="dropdown-item" href="/documentation/javadoc/arq/">ARQ</a></li>
<li><a class="dropdown-item" href="/documentation/javadoc/fuseki2/">Fuseki</a></li>
<li><a class="dropdown-item" href="/documentation/javadoc/geosparql/">GeoSPARQL</a></li>
<li><a class="dropdown-item" href="/documentation/javadoc/jena/">Jena Core</a></li>
<li><a class="dropdown-item" href="/documentation/javadoc/permissions/">Permissions</a></li>
<li><a class="dropdown-item" href="/documentation/javadoc/extras/querybuilder/">Query Builder</a></li>
<li><a class="dropdown-item" href="/documentation/javadoc/shacl/">SHACL</a></li>
<li><a class="dropdown-item" href="/documentation/javadoc/tdb/">TDB</a></li>
<li><a class="dropdown-item" href="/documentation/javadoc/text/">Text Search</a></li>
</ul>
</li>
</ul>
<form class="d-flex" role="search" action="/search" method="GET">
<div class="input-group">
<input class="form-control border-end-0 border m-0" type="search" name="q" id="search-query" placeholder="Search...." aria-label="Search" style="width: 10rem;">
<button class="btn btn-outline-secondary border-start-0 border" type="submit">
<i class="bi-search"></i>
</button>
</div>
</form>
<ul class="navbar-nav">
<li id="ask" class="nav-item"><a class="nav-link" href="/help_and_support/index.html" title="Ask"><span class="bi-patch-question"></span><span class="text-body d-none d-xxl-inline"> Ask</span></a></li>
<li class="nav-item dropdown">
<a href="#" title="Get involved" class="nav-link dropdown-toggle" role="button" data-bs-toggle="dropdown" aria-expanded="false"><span class="bi-megaphone"></span><span class="text-body d-none d-xxl-inline"> Get involved </span><b class="caret"></b></a>
<ul class="dropdown-menu">
<li><a class="dropdown-item" href="/getting_involved/index.html">Contribute</a></li>
<li><a class="dropdown-item" href="/help_and_support/bugs_and_suggestions.html">Report a bug</a></li>
<li class="dropdown-divider"></li>
<li class="dropdown-header">Project</li>
<li><a class="dropdown-item" href="/about_jena/about.html">About Jena</a></li>
<li><a class="dropdown-item" href="/about_jena/architecture.html">Architecture</a></li>
<li><a class="dropdown-item" href="/about_jena/citing.html">Citing</a></li>
<li><a class="dropdown-item" href="/about_jena/team.html">Project team</a></li>
<li><a class="dropdown-item" href="/about_jena/contributions.html">Related projects</a></li>
<li><a class="dropdown-item" href="/about_jena/roadmap.html">Roadmap</a></li>
<li><a class="dropdown-item" href="/about_jena/security-advisories.html">Security Advisories</a></li>
<li class="dropdown-divider"></li>
<li class="dropdown-header">ASF</li>
<li><a class="dropdown-item" href="https://www.apache.org/">Apache Software Foundation</a></li>
<li><a class="dropdown-item" href="https://www.apache.org/foundation/sponsorship.html">Become a Sponsor</a></li>
<li><a class="dropdown-item" href="https://www.apache.org/licenses/LICENSE-2.0">License</a></li>
<li><a class="dropdown-item" href="https://www.apache.org/security/">Security</a></li>
<li><a class="dropdown-item" href="https://www.apache.org/foundation/thanks.html">Thanks</a></li>
</ul>
</li>
<li class="nav-item" id="edit"><a class="nav-link" href="https://github.com/apache/jena-site/edit/main/source/documentation/sparql-apis/http-auth.md" title="Edit this page on GitHub"><span class="bi-pencil-square"></span><span class="text-body d-none d-xxl-inline"> Edit this page</span></a></li>
</ul>
</div>
</div>
</nav>
<div class="container">
<div class="row">
<div class="col-md-12">
<div id="breadcrumbs">
<ol class="breadcrumb mt-4 p-2 bg-body-tertiary">
<li class="breadcrumb-item"><a href='/documentation'>DOCUMENTATION</a></li>
<li class="breadcrumb-item"><a href='/documentation/sparql-apis'>SPARQL APIS</a></li>
<li class="breadcrumb-item active">HTTP AUTH</li>
</ol>
</div>
<h1 class="title">HTTP Authentication</h1>
<main class="d-flex flex-xl-row flex-column">
<aside class="text-muted align-self-start mb-3 p-0 d-xl-none d-block">
<h2 class="h6 sticky-top m-0 p-2 bg-body-tertiary">On this page</h2>
<nav id="TableOfContents">
<ul>
<li><a href="#auth">Authentication</a>
<ul>
<li><a href="#jdk-httpclientauthenticator">JDK HttpClient.authenticator</a></li>
<li><a href="#challenge-registration">Challenge registration</a></li>
<li><a href="#ttservicett"><tt>SERVICE</tt></a></li>
</ul>
</li>
<li><a href="#authentication-examples">Authentication Examples</a></li>
<li><a href="#bearer-authentication">Bearer Authentication</a></li>
</ul>
</nav>
</aside>
<article class="flex-column me-lg-4">
<p><i><a href="../archive/versions/http-auth-old.html">Old documentation</a> (Jena 3.1.1 to Jena 4.2.0)</i></p>
<p>Jena 4.3.0 and later uses the JDK <code>java.net.http</code> package. Jena adds API support
for challenge-based authentication and also provide HTTP digest authentication.</p>
<h2 id="auth">Authentication</h2>
<p>There are 5 variations:</p>
<ol>
<li>Basic authentication</li>
<li>Challenge-Basic authentication</li>
<li>Challenge-Digest authentication</li>
<li>URL user (that is, <code>user@host.net</code> in the URL)</li>
<li>URL user and password in the URL (that is, <code>user:password@host.net</code> in the URL)</li>
</ol>
<p>Basic authentication occurs where the app provides the user and password
information to the JDK <code>HttpClient</code> and that information is always used when
sending HTTP requests with that <code>HttpClient</code>. It does not require an initial
request-challenge-resend to initiate. This is provided natively by the <code>java.net.http</code>
JDK code. See <code>HttpClient.newBuilder().authenticate(...)</code>.</p>
<p>Challenge based authentication, for &ldquo;basic&rdquo; or &ldquo;digest&rdquo;, are provided by Jena.
The challenge happens on the first contact with the remote endpoint and the
server returns a 401 response with an HTTP header saying which style of
authentication is required. There is a registry of users name and password for
endpoints which is consulted and the appropriate
<a href="https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Authorization"><code>Authorization:</code></a>
header is generated then the request resent. If no registration matches, the 401
is passed back to the application as an exception.</p>
<p>Because it is a challenge response to a request, the request must be sent twice,
first to trigger the challenge and then again with the HTTP authentication
information. To make this automatic, the first request must not be a streaming
request (the stream is not repeatable). All HTTP request generated by Jena are
repeatable.</p>
<p>The URL can contain a <code>userinfo</code> part, either the <code>users@host</code> form, or the
<code>user:password@host</code> form. If just the user is given, the authentication
environment is consulted for registered users-password information. If user and
password is given, the details as given are used. This latter form is not
recommended and should only be used if necessary because the password is
in-clear in the SPARQL query.</p>
<p>Jena also has <a href="#bearer-authentication">support for bearer authentication</a>.</p>
<h3 id="jdk-httpclientauthenticator">JDK HttpClient.authenticator</h3>
<div class="highlight"><pre tabindex="0" style="background-color:#f8f8f8;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-java" data-lang="java"><span style="display:flex;"><span> <span style="color:#080;font-style:italic">// Basic or Digest - determined when the challenge happens.
</span></span></span><span style="display:flex;"><span><span style="color:#080;font-style:italic"></span> AuthEnv<span style="color:#666">.</span><span style="color:#b44">get</span><span style="color:#666">().</span><span style="color:#b44">registerUsernamePassword</span><span style="color:#666">(</span>URI<span style="color:#666">.</span><span style="color:#b44">create</span><span style="color:#666">(</span>dataURL<span style="color:#666">),</span> <span style="color:#b44">&#34;user&#34;</span><span style="color:#666">,</span> <span style="color:#b44">&#34;password&#34;</span><span style="color:#666">);</span>
</span></span><span style="display:flex;"><span> <span style="color:#a2f;font-weight:bold">try</span> <span style="color:#666">(</span> QueryExecution qExec <span style="color:#666">=</span> QueryExecutionHTTP<span style="color:#666">.</span><span style="color:#b44">service</span><span style="color:#666">(</span>dataURL<span style="color:#666">)</span>
</span></span><span style="display:flex;"><span> <span style="color:#666">.</span><span style="color:#b44">endpoint</span><span style="color:#666">(</span>dataURL<span style="color:#666">)</span>
</span></span><span style="display:flex;"><span> <span style="color:#666">.</span><span style="color:#b44">queryString</span><span style="color:#666">(</span><span style="color:#b44">&#34;ASK{}&#34;</span><span style="color:#666">)</span>
</span></span><span style="display:flex;"><span> <span style="color:#666">.</span><span style="color:#b44">build</span><span style="color:#666">())</span> <span style="color:#666">{</span>
</span></span><span style="display:flex;"><span> qExec<span style="color:#666">.</span><span style="color:#b44">execAsk</span><span style="color:#666">();</span>
</span></span><span style="display:flex;"><span> <span style="color:#666">}</span>
</span></span></code></pre></div><p>alternatively, the java platform provides basic authentication.
This is not challenge based - any request sent using a <code>HttpClient</code> configured
with an authenticator will include the authentication details.
(Caution - including sending username/password to the wrong site!).
Digest authentication must use <code>AuthEnv.get().registerUsernamePassword</code>.</p>
<div class="highlight"><pre tabindex="0" style="background-color:#f8f8f8;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-java" data-lang="java"><span style="display:flex;"><span> Authenticator authenticator <span style="color:#666">=</span> AuthLib<span style="color:#666">.</span><span style="color:#b44">authenticator</span><span style="color:#666">(</span><span style="color:#b44">&#34;user&#34;</span><span style="color:#666">,</span> <span style="color:#b44">&#34;password&#34;</span><span style="color:#666">);</span>
</span></span><span style="display:flex;"><span> HttpClient httpClient <span style="color:#666">=</span> HttpClient<span style="color:#666">.</span><span style="color:#b44">newBuilder</span><span style="color:#666">()</span>
</span></span><span style="display:flex;"><span> <span style="color:#666">.</span><span style="color:#b44">authenticator</span><span style="color:#666">(</span>authenticator<span style="color:#666">)</span>
</span></span><span style="display:flex;"><span> <span style="color:#666">.</span><span style="color:#b44">build</span><span style="color:#666">();</span>
</span></span></code></pre></div><div class="highlight"><pre tabindex="0" style="background-color:#f8f8f8;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-java" data-lang="java"><span style="display:flex;"><span> <span style="color:#080;font-style:italic">// Use with RDFConnection
</span></span></span><span style="display:flex;"><span><span style="color:#080;font-style:italic"></span> <span style="color:#a2f;font-weight:bold">try</span> <span style="color:#666">(</span> RDFConnection conn <span style="color:#666">=</span> RDFConnectionRemote<span style="color:#666">.</span><span style="color:#b44">service</span><span style="color:#666">(</span>dataURL<span style="color:#666">)</span>
</span></span><span style="display:flex;"><span> <span style="color:#666">.</span><span style="color:#b44">httpClient</span><span style="color:#666">(</span>httpClient<span style="color:#666">)</span>
</span></span><span style="display:flex;"><span> <span style="color:#666">.</span><span style="color:#b44">build</span><span style="color:#666">())</span> <span style="color:#666">{</span>
</span></span><span style="display:flex;"><span> conn<span style="color:#666">.</span><span style="color:#b44">queryAsk</span><span style="color:#666">(</span><span style="color:#b44">&#34;ASK{}&#34;</span><span style="color:#666">);</span>
</span></span><span style="display:flex;"><span> <span style="color:#666">}</span>
</span></span></code></pre></div><div class="highlight"><pre tabindex="0" style="background-color:#f8f8f8;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-java" data-lang="java"><span style="display:flex;"><span> <span style="color:#a2f;font-weight:bold">try</span> <span style="color:#666">(</span> QueryExecution qExec <span style="color:#666">=</span> QueryExecutionHTTP<span style="color:#666">.</span><span style="color:#b44">service</span><span style="color:#666">(</span>dataURL<span style="color:#666">)</span>
</span></span><span style="display:flex;"><span> <span style="color:#666">.</span><span style="color:#b44">httpClient</span><span style="color:#666">(</span>httpClient<span style="color:#666">)</span>
</span></span><span style="display:flex;"><span> <span style="color:#666">.</span><span style="color:#b44">endpoint</span><span style="color:#666">(</span>dataURL<span style="color:#666">)</span>
</span></span><span style="display:flex;"><span> <span style="color:#666">.</span><span style="color:#b44">queryString</span><span style="color:#666">(</span><span style="color:#b44">&#34;ASK{}&#34;</span><span style="color:#666">)</span>
</span></span><span style="display:flex;"><span> <span style="color:#666">.</span><span style="color:#b44">build</span><span style="color:#666">())</span> <span style="color:#666">{</span>
</span></span><span style="display:flex;"><span> qExec<span style="color:#666">.</span><span style="color:#b44">execAsk</span><span style="color:#666">();</span>
</span></span><span style="display:flex;"><span> <span style="color:#666">}</span>
</span></span></code></pre></div><h3 id="challenge-registration">Challenge registration</h3>
<p><code>AuthEnv</code> maintains a registry of credentials and also a registry of which service URLs
the credentials should be used. It supports registration of endpoint prefixes so that one
registration will apply to all URLs starting with a common root.</p>
<p>The main function is <code>AuthEnv.get().registerUsernamePassword</code>.</p>
<div class="highlight"><pre tabindex="0" style="background-color:#f8f8f8;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-java" data-lang="java"><span style="display:flex;"><span> <span style="color:#080;font-style:italic">// Application setup code
</span></span></span><span style="display:flex;"><span><span style="color:#080;font-style:italic"></span> AuthEnv<span style="color:#666">.</span><span style="color:#b44">get</span><span style="color:#666">().</span><span style="color:#b44">registerUsernamePassword</span><span style="color:#666">(</span><span style="color:#b44">&#34;username&#34;</span><span style="color:#666">,</span> <span style="color:#b44">&#34;password&#34;</span><span style="color:#666">);</span>
</span></span></code></pre></div><div class="highlight"><pre tabindex="0" style="background-color:#f8f8f8;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-java" data-lang="java"><span style="display:flex;"><span> <span style="color:#666">...</span>
</span></span><span style="display:flex;"><span> <span style="color:#a2f;font-weight:bold">try</span> <span style="color:#666">(</span> QueryExecution qExec <span style="color:#666">=</span> QueryExecutionHTTP<span style="color:#666">.</span><span style="color:#b44">service</span><span style="color:#666">(</span>dataURL<span style="color:#666">)</span>
</span></span><span style="display:flex;"><span> <span style="color:#666">.</span><span style="color:#b44">endpoint</span><span style="color:#666">(</span>dataURL<span style="color:#666">)</span>
</span></span><span style="display:flex;"><span> <span style="color:#666">.</span><span style="color:#b44">queryString</span><span style="color:#666">(</span><span style="color:#b44">&#34;ASK{}&#34;</span><span style="color:#666">)</span>
</span></span><span style="display:flex;"><span> <span style="color:#666">.</span><span style="color:#b44">build</span><span style="color:#666">())</span> <span style="color:#666">{</span>
</span></span><span style="display:flex;"><span> qExec<span style="color:#666">.</span><span style="color:#b44">execAsk</span><span style="color:#666">();</span>
</span></span><span style="display:flex;"><span> <span style="color:#666">}</span>
</span></span></code></pre></div><p>When an HTTP 401 response with an <code>WWW-Authenticate</code> header is received, the Jena http handling code
will will look for a suitable authentication registration (exact or longest prefix), and retry the
request. If it succeeds, a modifier is installed so all subsequent request to the same endpoint will
have the authentication header added and there is no challenge round-trip.</p>
<h3 id="ttservicett"><tt>SERVICE</tt></h3>
<p>The same mechanism is used for the URL in a SPARQL <code>SERVICE</code> clause. If there is a 401 challenge,
the registry is consulted and authentication applied.</p>
<p>In addition, if the SERVICE URL has a username as the <code>userinfo</code> (that is, <code>https://users@some.host/...</code>),
that user name is used to look in the authentication registry.</p>
<p>If the <code>userinfo</code> is of the form &ldquo;username:password&rdquo; then the information as given in the URL is
used.</p>
<div class="highlight"><pre tabindex="0" style="background-color:#f8f8f8;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-java" data-lang="java"><span style="display:flex;"><span> AuthEnv<span style="color:#666">.</span><span style="color:#b44">get</span><span style="color:#666">().</span><span style="color:#b44">registerUsernamePassword</span><span style="color:#666">(</span>URI<span style="color:#666">.</span><span style="color:#b44">create</span><span style="color:#666">(</span><span style="color:#b44">&#34;http://host/sparql&#34;</span><span style="color:#666">),</span> <span style="color:#b44">&#34;u&#34;</span><span style="color:#666">,</span> <span style="color:#b44">&#34;p&#34;</span><span style="color:#666">);</span>
</span></span><span style="display:flex;"><span> <span style="color:#080;font-style:italic">// Registration applies to SERVICE.
</span></span></span><span style="display:flex;"><span><span style="color:#080;font-style:italic"></span> Query query <span style="color:#666">=</span> QueryFactory<span style="color:#666">.</span><span style="color:#b44">create</span><span style="color:#666">(</span><span style="color:#b44">&#34;SELECT * { SERVICE &lt;http://host/sparql&gt; { ?s ?p ?o } }&#34;</span><span style="color:#666">);</span>
</span></span><span style="display:flex;"><span> <span style="color:#a2f;font-weight:bold">try</span> <span style="color:#666">(</span> QueryExecution qExec <span style="color:#666">=</span> QueryExecution<span style="color:#666">.</span><span style="color:#b44">create</span><span style="color:#666">().</span><span style="color:#b44">query</span><span style="color:#666">(</span>query<span style="color:#666">).</span><span style="color:#b44">dataset</span><span style="color:#666">(...).</span><span style="color:#b44">build</span><span style="color:#666">()</span> <span style="color:#666">)</span> <span style="color:#666">{</span>
</span></span><span style="display:flex;"><span> System<span style="color:#666">.</span><span style="color:#b44">out</span><span style="color:#666">.</span><span style="color:#b44">println</span><span style="color:#666">(</span><span style="color:#b44">&#34;Call using SERVICE...&#34;</span><span style="color:#666">);</span>
</span></span><span style="display:flex;"><span> ResultSet rs <span style="color:#666">=</span> qExec<span style="color:#666">.</span><span style="color:#b44">execSelect</span><span style="color:#666">();</span>
</span></span><span style="display:flex;"><span> ResultSetFormatter<span style="color:#666">.</span><span style="color:#b44">out</span><span style="color:#666">(</span>rs<span style="color:#666">);</span>
</span></span><span style="display:flex;"><span> <span style="color:#666">}</span>
</span></span></code></pre></div><h2 id="authentication-examples">Authentication Examples</h2>
<p><a href="https://github.com/apache/jena/tree/main/jena-examples/src/main/java/arq/examples/auth">jena-examples:arq/examples/auth/</a>.</p>
<h2 id="bearer-authentication">Bearer Authentication</h2>
<p>Bearer authentication requires that the application to obtain a token to present
to the server.</p>
<ul>
<li><a href="https://tools.ietf.org/html/rfc6750">RFC 6750</a></li>
<li><a href="https://tools.ietf.org/html/rfc6751">RFC 6751</a></li>
<li><a href="https://tools.ietf.org/html/rfc7519">JSON Web Tokens (JWT)</a></li>
<li><a href="https://tools.ietf.org/html/rfc8725">JSON Web Token Best Current Practices</a></li>
</ul>
<p>How this token is obtained depends on the deployment environment.</p>
<p>The application can either register the token to be used:</p>
<pre tabindex="0"><code> AuthEnv.get().addBearerToken(targetURL, jwtString);
</code></pre><p>or can provide a token provider for 401 challeneges stating bearer authentication.</p>
<pre tabindex="0"><code> AuthEnv.get().setBearerTokenProvider(
(uri, challenge)-&gt;{ ... ; return jwtString; });
</code></pre>
</article>
<aside class="text-muted align-self-start mb-3 mb-xl-5 p-0 d-none d-xl-flex flex-column sticky-top">
<h2 class="h6 sticky-top m-0 p-2 bg-body-tertiary">On this page</h2>
<nav id="TableOfContents">
<ul>
<li><a href="#auth">Authentication</a>
<ul>
<li><a href="#jdk-httpclientauthenticator">JDK HttpClient.authenticator</a></li>
<li><a href="#challenge-registration">Challenge registration</a></li>
<li><a href="#ttservicett"><tt>SERVICE</tt></a></li>
</ul>
</li>
<li><a href="#authentication-examples">Authentication Examples</a></li>
<li><a href="#bearer-authentication">Bearer Authentication</a></li>
</ul>
</nav>
</aside>
</main>
</div>
</div>
</div>
<footer class="bd-footer py-4 py-md-5 mt-4 mt-lg-5 bg-body-tertiary">
<div class="container" style="font-size:80%" >
<p>
Copyright &copy; 2011&ndash;2024 The Apache Software Foundation, Licensed under the
<a href="https://www.apache.org/licenses/LICENSE-2.0">Apache License, Version 2.0</a>.
</p>
<p>
Apache Jena, Jena, the Apache Jena project logo, Apache and the Apache feather logos are trademarks of
The Apache Software Foundation.
<br/>
<a href="https://privacy.apache.org/policies/privacy-policy-public.html"
>Apache Software Foundation Privacy Policy</a>.
</p>
</div>
</footer>
<script src="/js/popper.min.js.js" type="text/javascript"></script>
<script src="/js/bootstrap.min.js" type="text/javascript"></script>
<script src="/js/improve.js" type="text/javascript"></script>
<script type="text/javascript">
(function() {
'use strict'
const links = document.querySelectorAll(`a[href="${window.location.pathname}"]`)
if (links !== undefined && links !== null) {
for (const link of links) {
link.classList.add('active')
let parentElement = link.parentElement
let count = 0
const levelsLimit = 4
while (['UL', 'LI'].includes(parentElement.tagName) && count <= levelsLimit) {
if (parentElement.tagName === 'LI') {
parentElement.querySelector('a:first-child').classList.add('active')
}
parentElement = parentElement.parentElement
count++
}
}
}
})()
</script>
</body>
</html>