Graphdb.js Node.js - 使用 GraphDB 进行节点服务器身份验证
Graphdb.js Node.js - Node Server Authentication with GraphDB
我知道 GraphDB 本身提供了几种身份验证方式。假设我锁定了对 GraphDB 服务器的访问权限,只允许具有凭据的用户访问它。假设我使用用户名和密码创建了一个授权用户。
我正在使用 Node.js,尤其是 graphdb.js 来建立不安全的连接。但是如何在节点服务器和 graphdb 服务器的通信之间添加身份验证?文档说:
If the library is going to be used against a secured server, then all
API calls must be authenticated by sending an http authorization
header with a token which is obtained after a call to
rest/login/user_name with a password provided as a specific header. In
case the server requires that requests should be authenticated, then
in the ServerClientConfig and RepositoryClientConfig must be
configured the username and password which to be used for the
authentication. If those are provided, then the client assumes that
authentication is mandatory and the login with the provided
credentials is performed automatically before the first API call.
After a successful login, user details which are received and the auth
token are stored in the AuthenticationService. From that moment on,
with every API call is sent also an authorization header with the
token as value. If the token expires, then the first API call will be
rejected with an http error with status 401. The client handles this
automatically by re-login the user with the same credentials, updates
the stored token and retries the API call. This behavior is the
default and can be changed if the ServerClientConfig or
RepositoryClientConfig are configured with keepAlive=false.
那么需要遵循哪些带有示例代码的编码步骤。我还没有在某处看到这样做的例子。有人可以帮忙吗?
启用安全性后,您必须通过传递 JWT 令牌来授权请求。
要接收 JWT 令牌,您可以以用户管理员身份发送请求。为简单起见,所有示例都使用 curl,但想法是一样的。
POST 'http://localhost:7200/rest/login/admin' -H 'X-GraphDB-Password: root' --compressed
返回的 header 包括 JWT 令牌:
-H 'Authorization: GDB eyJ1c2VybmFtZSI6ImFkbWluIiwiYXV0aGVudGljYXRlZEF0IjoxNTQwODA1MTQ2MTE2fQ==.K0mo2dSa/Gw+AR995qTrsA1zJGwlfOVEaIokZnhINh0='
您可以在接下来的请求中使用令牌:
curl 'http://localhost:7200/rest/monitor/query/count' -H 'Authorization: GDB eyJ1c2VybmFtZSI6ImFkbWluIiwiYXV0aGVudGljYXRlZEF0IjoxNTQwODA1MTQ2MTE2fQ==.K0mo2dSa/Gw+AR995qTrsA1zJGwlfOVEaIokZnhINh0=' -H 'X-GraphDB-Repository: news' --compressed
除了@Konstantin Petrov 所说的,我还要提到使用 graphdbjs 进行本机身份验证是一项仍在进行中的功能。大家可以关注PR 后面还会补充例子。在此之前,可以通过发出登录请求并使用随响应返回的授权令牌来解决此问题,以创建配置了授权 header 和令牌的 RDFRepositoryClient 实例。下面给出了一个例子。
const {RepositoryClientConfig, RDFRepositoryClient} = require('graphdb').repository;
const {RDFMimeType} = require('graphdb').http;
const {SparqlJsonResultParser} = require('graphdb').parser;
const {GetQueryPayload, QueryType} = require('graphdb').query;
const axios = require('axios');
axios.post('http://localhost:7200/rest/login/admin', null, {
headers: {
'X-GraphDB-Password': 'root'
}
}).then(function(token) {
const readTimeout = 30000;
const writeTimeout = 30000;
const repositoryClientConfig = new RepositoryClientConfig(['http://localhost:7200/repositories/testrepo'], {
'authorization': token.headers.authorization
}, '', readTimeout, writeTimeout);
const repositoryClient = new RDFRepositoryClient(repositoryClientConfig);
repositoryClient.registerParser(new SparqlJsonResultParser());
const payload = new GetQueryPayload()
.setQuery('select * where {?s ?p ?o}')
.setQueryType(QueryType.SELECT)
.setResponseType(RDFMimeType.SPARQL_RESULTS_JSON)
.setLimit(100);
return repositoryClient.query(payload);
})
.then(function(stream) {
// here is the query response stream
})
.catch(function(error) {
console.log('error', error);
});
我知道 GraphDB 本身提供了几种身份验证方式。假设我锁定了对 GraphDB 服务器的访问权限,只允许具有凭据的用户访问它。假设我使用用户名和密码创建了一个授权用户。
我正在使用 Node.js,尤其是 graphdb.js 来建立不安全的连接。但是如何在节点服务器和 graphdb 服务器的通信之间添加身份验证?文档说:
If the library is going to be used against a secured server, then all API calls must be authenticated by sending an http authorization header with a token which is obtained after a call to rest/login/user_name with a password provided as a specific header. In case the server requires that requests should be authenticated, then in the ServerClientConfig and RepositoryClientConfig must be configured the username and password which to be used for the authentication. If those are provided, then the client assumes that authentication is mandatory and the login with the provided credentials is performed automatically before the first API call. After a successful login, user details which are received and the auth token are stored in the AuthenticationService. From that moment on, with every API call is sent also an authorization header with the token as value. If the token expires, then the first API call will be rejected with an http error with status 401. The client handles this automatically by re-login the user with the same credentials, updates the stored token and retries the API call. This behavior is the default and can be changed if the ServerClientConfig or RepositoryClientConfig are configured with keepAlive=false.
那么需要遵循哪些带有示例代码的编码步骤。我还没有在某处看到这样做的例子。有人可以帮忙吗?
启用安全性后,您必须通过传递 JWT 令牌来授权请求。 要接收 JWT 令牌,您可以以用户管理员身份发送请求。为简单起见,所有示例都使用 curl,但想法是一样的。
POST 'http://localhost:7200/rest/login/admin' -H 'X-GraphDB-Password: root' --compressed
返回的 header 包括 JWT 令牌:
-H 'Authorization: GDB eyJ1c2VybmFtZSI6ImFkbWluIiwiYXV0aGVudGljYXRlZEF0IjoxNTQwODA1MTQ2MTE2fQ==.K0mo2dSa/Gw+AR995qTrsA1zJGwlfOVEaIokZnhINh0='
您可以在接下来的请求中使用令牌:
curl 'http://localhost:7200/rest/monitor/query/count' -H 'Authorization: GDB eyJ1c2VybmFtZSI6ImFkbWluIiwiYXV0aGVudGljYXRlZEF0IjoxNTQwODA1MTQ2MTE2fQ==.K0mo2dSa/Gw+AR995qTrsA1zJGwlfOVEaIokZnhINh0=' -H 'X-GraphDB-Repository: news' --compressed
除了@Konstantin Petrov 所说的,我还要提到使用 graphdbjs 进行本机身份验证是一项仍在进行中的功能。大家可以关注PR 后面还会补充例子。在此之前,可以通过发出登录请求并使用随响应返回的授权令牌来解决此问题,以创建配置了授权 header 和令牌的 RDFRepositoryClient 实例。下面给出了一个例子。
const {RepositoryClientConfig, RDFRepositoryClient} = require('graphdb').repository;
const {RDFMimeType} = require('graphdb').http;
const {SparqlJsonResultParser} = require('graphdb').parser;
const {GetQueryPayload, QueryType} = require('graphdb').query;
const axios = require('axios');
axios.post('http://localhost:7200/rest/login/admin', null, {
headers: {
'X-GraphDB-Password': 'root'
}
}).then(function(token) {
const readTimeout = 30000;
const writeTimeout = 30000;
const repositoryClientConfig = new RepositoryClientConfig(['http://localhost:7200/repositories/testrepo'], {
'authorization': token.headers.authorization
}, '', readTimeout, writeTimeout);
const repositoryClient = new RDFRepositoryClient(repositoryClientConfig);
repositoryClient.registerParser(new SparqlJsonResultParser());
const payload = new GetQueryPayload()
.setQuery('select * where {?s ?p ?o}')
.setQueryType(QueryType.SELECT)
.setResponseType(RDFMimeType.SPARQL_RESULTS_JSON)
.setLimit(100);
return repositoryClient.query(payload);
})
.then(function(stream) {
// here is the query response stream
})
.catch(function(error) {
console.log('error', error);
});