Versions Compared

Old Version 14

changes.mady.by.user Barbara Materna

Saved on

compared with

New Version 15

changes.mady.by.user Barbara Materna

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

  1. Anonymous---unauthenticated users are implicitly assigned this role so they can be given explicit access. This role is never visibly asserted by a user, it is only for describing access controls: For example, "The Published graph is readable by the Anonymous role".
  2. Authenticated ---any user who logs in is authenticated and implicitly belongs to this role; the opposite of anonymous. This role is never explicitly asserted by a user, it is _ only for describing access controls.

...

  • Named Graphs, including workspaces.
    • Read lets people download and run queries against the graph.
    • Add, Remove lets you modify it with /graph Usually reserved for admins.
  • Resource Instances (ignores explicit Read access; that comes from it's home named graph.)
    • Add, Remove let you modify it with /update, this is usually granted temporarily to a specific user as part of the workflow process.
    • ignores Read grants, read access reverts to its home graph.
  • Property Groups - sets of properties on a resource instance identified by statements in the data model ontology, see the data model configuration manual, particularly datamodel.hideProperty.predicate, datamodel.hideProperty.object.
    • Read lets the Dissemination and Harvest service report on these properties.
    • All other access types are ignored.
  • Workflow Transitions
    • Read gives access to take (push) the transition.
    • All other access types are ignored.

...

Access control is implemented by statements of the form:

Code Block
Subject:

...

 resource, Predicate: access-type, Object:

...

 accessor

The resource is the URI of the instance, named graph, or workflow transition of interest. The access-type names one of the four types of access described above: read, add, remove, admin. Finally, the accessor is the URI of the Principal to be granted the access, either a Role or an Agent (user).

...

The repository adds a custom function to Sesame's query engine: repo:upperCaseStr. It returns the toUpperCase() version of of the string value of an RDF value. Use it to sort values ignoring whether (a) the case of characters differs, (b) they are datatyped-literals or untyped literals (or other terms).

...

The repository must be simple (ideally "foolproof", although that only breeds more destructive fools) to install and manage, since it is intended to be deployed at dozens or hundreds of sites, managed by administrators with varying experience levels. All the while, it must still maintain adequate security and data integrity.

See Cycle 1 Repository Documentation for more information on installing the repository and setting up its configuration.

The bootstrap process:

  1. Install the webapp by dropping the WAR file into place, and adding configuration:
    1. Add one system property to the Web server's JVM to indicate the configuration properties.
    2. Create configuration properties file with at least the minimum required properties.
  2. Create authentication DB and add the initial Administrator user.
  3. Start the servlet container---the repository webapp automatically initializes the following named graphs if they are found to be empty:
    1. The internal Repository ontology (read-only)
    2. Internal Repository administrative metadata (e.g. Roles, Named Graphs, WF Transitions, etc.)
    3. SPARQL Query macros.
  4. Create an RDF metadata wrapper for the initial adminstrator administrator user - this is done automatically by the post-install procedure, finish-install.sh. See Admin Guide for Data Repositorythe Administrator Guide.
  5. Load the eagle-i data model ontology.   Although this is not necessary for any of the Repository's internal functions, the eagle-i apps will expect it to be there.
  6. Browse to the Admin UI and log in as the Administrator user. You can create user logins and assign roles; modulo any customizations of workflow, workspaces and such. With that, the repository is open for business.

...

About HTML dissemination:
When the negotiated format is text/html, and unless either of the forceRDF or forceXML args was given, the dissemination process creates an intermediate XML document and transforms it into XHTML with the configured XSLT stylesheet. See description of the eaglei.repository.instance.xslt in the Repository Administrator Guide.

If no XSLT stylesheet is configured, the intermediate XML document is delivered instead, with a media content type of application/xml. Note that this means, to obtain correct XHTML output, you MUST configure an XSLT stylesheet.

The content of the intermediate XML format is described in a W3C XML Schema document that may be downloaded from a running repository at for example,

Code Block
 [https://localhost:8443/repository/schemas/instance.xsd]

We provide an example transformation stylesheet that produces very simple HTML, intended to be the basis of custom stylesheets. It is available for download at .:https://localhost:8443/repository/styles/example.xsl
We manage the transformation within the repository, instead of adding an xml-stylesheet processing instruction to the XML, for compelling reasons:

...

  • __repo_version---string containing Maven version spec of the running repository code. This is always set.
  • __repo_css---configured value of eaglei.repository.instance.css, may can not be set.
  • __repo_logo---configured value of eaglei.repository.logo, may not cannot be set.
  • __repo_title---configured value of eaglei.repository.title, may not cannot be set.

Property Filtering

...

Wiki Markup
*URL:* {{/repository/update}} \[ _/instance-ID  \_]}} (POST only)

Args:
{{uri---}}optional way to explicitly specify the complete URI, instead of assuming that the URI's namespace matches the hostname, context, and servlet path ("/i") of this webserver.
format---the default expected format for insert and delete graphs. If the args specify a content-type header, that overrides this value. Only recognizes triples even if the format supports quads.
action=(update|create|gettoken)---Update to modify an existing instance, create adds a new one. See below for details about gettoken.
token=uri---When action is update or create, this must be supplied. The value is the URI returned by the last gettoken request.
workspace=uri---choose workspace named graph where new instance is created. Only necessary when action=create. Optional, default is the default workspace. DO NOT specify a workspace when action=update.
delete---graph of statements to remove from the instance; subject must be the instance URI. Deletes are done before inserts. Graph may include wildcard URIs in predicate and/or object to match all values in that part of a statement.
insert---graph of statements to add to instance; subject must be the instance URI.
bypassSanity---(boolean, default false, deprecated) NOTE: It is best if you pretend this option does not exist. When true, it skips some of the sanity tests on the resulting instance graph, mostly the ones checking the integrity of Embedded instances. Requires Administrator privilege. This was added to make the data migration from broken old EI data possible, it should rarely if ever be needed.

...