| # |
| # Licensed to the Apache Software Foundation (ASF) under one |
| # or more contributor license agreements. See the NOTICE file |
| # distributed with this work for additional information |
| # regarding copyright ownership. The ASF licenses this file |
| # to you under the Apache License, Version 2.0 (the |
| # "License"); you may not use this file except in compliance |
| # with the License. You may obtain a copy of the License at |
| # |
| # http://www.apache.org/licenses/LICENSE-2.0 |
| # |
| # Unless required by applicable law or agreed to in writing, software |
| # distributed under the License is distributed on an "AS IS" BASIS, |
| # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
| # See the License for the specific language governing permissions and |
| # limitations under the License. |
| # |
| |
| # Simple Security Configuration; |
| # - grants access to all Marmotta services to all users |
| # - restricts access to management functions to localhost |
| |
| # a security rule to allow SOLR updates from localhost |
| security.permission.solr_local_update.pattern=/solr/.*/update |
| security.permission.solr_local_update.host=LOCAL |
| security.permission.solr_local_update.methods=GET,POST,PUT |
| security.permission.solr_local_update.priority=5 |
| |
| # a security rule to allow SOLR admin from localhost |
| security.permission.solr_local_admin.pattern=/solr/admin/.* |
| security.permission.solr_local_admin.host=LOCAL |
| security.permission.solr_local_admin.methods=GET,POST,PUT,DELETE |
| security.permission.solr_local_admin.priority=5 |
| |
| # a security rule to restrict all other accesses to SOLR update |
| security.restriction.solr_remote_update.pattern=/solr/.*/update |
| security.restriction.solr_remote_update.methods=GET,POST,PUT |
| security.restriction.solr_remote_update.priority=2 |
| |
| # a security rule to restrict all other accesses to SOLR admin |
| security.restriction.solr_remote_admin.pattern=/solr/admin/.* |
| security.restriction.solr_remote_admin.methods=GET,POST,PUT,DELETE |
| security.restriction.solr_remote_admin.priority=2 |
| |
| # a security rule to allow /system admin from localhost |
| security.permission.system.pattern=/system/.* |
| security.permission.system.host=LOCAL |
| security.permission.system.methods=GET,POST,PUT,DELETE |
| security.permission.system.priority=5 |
| |
| # a security rule to deny /system admin from all other hosts |
| security.restriction.system.pattern=/system/.* |
| security.restriction.system.methods=GET,POST,PUT,DELETE |
| security.restriction.system.priority=2 |
| |
| # a security rule to allow /system admin from localhost |
| security.permission.security.pattern=/security/.* |
| security.permission.security.host=LOCAL |
| security.permission.security.methods=GET,POST,PUT,DELETE |
| security.permission.security.priority=5 |
| |
| # a security rule to allow /system/public access (for images) |
| security.permission.security_public.pattern=/security/public/.* |
| security.permission.security_public.methods=GET |
| security.permission.security_public.priority=3 |
| |
| # a security rule to deny /system admin from all other hosts |
| security.restriction.security.pattern=/security/.* |
| security.restriction.security.methods=GET,POST,PUT,DELETE |
| security.restriction.security.priority=2 |
| |
| # a security rule to allow /config admin from localhost |
| security.permission.config.pattern=/config/.* |
| security.permission.config.host=LOCAL |
| security.permission.config.methods=GET,HEAD,OPTIONS,POST,PUT,DELETE |
| security.permission.config.priority=5 |
| |
| # a security rule to deny /config admin from all other hosts |
| security.restriction.config.pattern=/config/.* |
| security.restriction.config.methods=GET,HEAD,OPTIONS,POST,PUT,DELETE |
| security.restriction.config.priority=2 |
| |
| # a security rule to allow /transaction admin from localhost |
| security.permission.transaction.pattern=/transaction/.* |
| security.permission.transaction.host=LOCAL |
| security.permission.transaction.methods=GET,POST,PUT,DELETE |
| security.permission.transaction.priority=5 |
| |
| # a security rule to deny /transaction admin from all other hosts |
| security.restriction.transaction.pattern=/transaction/.* |
| security.restriction.transaction.methods=GET,POST,PUT,DELETE |
| security.restriction.transaction.priority=2 |
| |
| # a security rule to allow /groovy admin from localhost |
| security.permission.groovy.pattern=/groovy/.* |
| security.permission.groovy.host=LOCAL |
| security.permission.groovy.methods=GET,POST,PUT,DELETE |
| security.permission.groovy.priority=5 |
| |
| # a security rule to deny /groovy admin from all other hosts |
| security.restriction.groovy.pattern=/groovy/.* |
| security.restriction.groovy.methods=GET,POST,PUT,DELETE |
| security.restriction.groovy.priority=2 |
| |
| # a security rule to allow H2 console from localhost |
| security.permission.database.pattern=/database/.* |
| security.permission.database.host=LOCAL |
| security.permission.database.methods=GET,POST,PUT,DELETE |
| security.permission.database.priority=5 |
| |
| # a security rule to deny H2 console from all other hosts |
| security.restriction.database.pattern=/database/.* |
| security.restriction.database.methods=GET,POST,PUT,DELETE |
| security.restriction.database.priority=2 |
| |
| # restrict updating reasoning programs to the "manager" role |
| security.permission.reasoner_update.pattern=/reasoner/.* |
| security.permission.reasoner_update.methods=POST,PUT,DELETE |
| security.permission.reasoner_update.host=LOCAL |
| security.permission.reasoner_update.priority=5 |
| |
| # restrict all other updates |
| security.restriction.reasoner_update.pattern=/reasoner/.* |
| security.restriction.reasoner_update.methods=POST,PUT,DELETE |
| security.restriction.reasoner_update.priority=4 |
| |
| # allow reading the configuration |
| security.permission.reasoner_read.pattern=/reasoner/.* |
| security.permission.reasoner_read.methods=GET |
| security.permission.reasoner_read.priority=4 |
| |
| # a security rule to allow all read access to the system |
| security.permission.default_read.pattern=/.* |
| security.permission.default_read.methods=GET,HEAD,OPTIONS |
| security.permission.default_read.priority=2 |
| |
| # a security rule to deny all write access to the system |
| security.restriction.default_write.pattern=/.* |
| security.restriction.default_write.methods=PUT,POST,DELETE |
| security.restriction.default_write.priority=2 |
| |
| # a security rule to allow full access to the system from local |
| security.permission.default_local.pattern=/.* |
| security.permission.default_local.methods=GET,HEAD,OPTIONS,POST,PUT,DELETE |
| security.permission.default_local.host=LOCAL |
| security.permission.default_local.priority=5 |
| |