diff --git a/jena-fuseki/README.md b/jena-fuseki/README.md index 579d5b3..39a90bb 100644 --- a/jena-fuseki/README.md +++ b/jena-fuseki/README.md @@ -53,10 +53,10 @@ use `docker logs` with the name of your container. Note that the password is only generated on the first run, e.g. when the volume `/fuseki` is an empty directory. -You can override the admin-password using the form -`-e ADMIN_PASSWORD=pw123`: +You can override the admin-password and/or admin-username using the form +`-e ADMIN_USERNAME=jena_user -e ADMIN_PASSWORD=pw123`: - docker run -p 3030:3030 -e ADMIN_PASSWORD=pw123 stain/jena-fuseki + docker run -p 3030:3030 -e ADMIN_USERNAME=jena_user -e ADMIN_PASSWORD=pw123 stain/jena-fuseki To specify Java settings such as the amount of memory to allocate for the heap (default: 1200 MiB), set the `JVM_ARGS` environment with `-e`: diff --git a/jena-fuseki/docker-entrypoint.sh b/jena-fuseki/docker-entrypoint.sh index 4134561..9d12cd9 100644 --- a/jena-fuseki/docker-entrypoint.sh +++ b/jena-fuseki/docker-entrypoint.sh @@ -22,11 +22,18 @@ if [ ! -f "$FUSEKI_BASE/shiro.ini" ] ; then echo "Initializing Apache Jena Fuseki" echo "" cp "$FUSEKI_HOME/shiro.ini" "$FUSEKI_BASE/shiro.ini" + if echo -n "$ADMIN_USERNAME" | grep -qE '=' ; then + echo "invalid ADMIN_USERNAME '$ADMIN_USERNAME', it can not contain =" + unset ADMIN_USERNAME + fi + if [ -z "$ADMIN_USERNAME" ]; then + export ADMIN_USERNAME=admin + fi if [ -z "$ADMIN_PASSWORD" ] ; then ADMIN_PASSWORD=$(pwgen -s 15) echo "Randomly generated admin password:" echo "" - echo "admin=$ADMIN_PASSWORD" + echo "${ADMIN_USERNAME}=${ADMIN_PASSWORD}" fi echo "" echo "###################################" @@ -39,10 +46,12 @@ fi # $ADMIN_PASSWORD only modifies if ${ADMIN_PASSWORD} # is in shiro.ini if [ -n "$ADMIN_PASSWORD" ] ; then - export ADMIN_PASSWORD - envsubst '${ADMIN_PASSWORD}' < "$FUSEKI_BASE/shiro.ini" > "$FUSEKI_BASE/shiro.ini.$$" && \ - mv "$FUSEKI_BASE/shiro.ini.$$" "$FUSEKI_BASE/shiro.ini" - export ADMIN_PASSWORD + export ADMIN_USERNAME + export ADMIN_PASSWORD + envsubst '${ADMIN_USERNAME} ${ADMIN_PASSWORD}' < "$FUSEKI_BASE/shiro.ini" > "$FUSEKI_BASE/shiro.ini.$$" && \ + mv "$FUSEKI_BASE/shiro.ini.$$" "$FUSEKI_BASE/shiro.ini" + export ADMIN_USERNAME + export ADMIN_PASSWORD fi # fork @@ -67,12 +76,13 @@ do dataset=$(echo $env_var | egrep -o "=.*$" | sed 's/^=//g') echo "Creating dataset $dataset" curl -s 'http://localhost:3030/$/datasets'\ - -u admin:${ADMIN_PASSWORD}\ + -u ${ADMIN_USERNAME}:${ADMIN_PASSWORD}\ -H 'Content-Type: application/x-www-form-urlencoded; charset=UTF-8'\ --data "dbName=${dataset}&dbType=${TDB_VERSION}" done echo "Fuseki is available :-)" -unset ADMIN_PASSWORD # Don't keep it in memory +unset ADMIN_USERNAME # Don't keep it in memory +unset ADMIN_PASSWORD # rejoin our exec wait diff --git a/jena-fuseki/shiro.ini b/jena-fuseki/shiro.ini index 0b9abab..00d7fbe 100644 --- a/jena-fuseki/shiro.ini +++ b/jena-fuseki/shiro.ini @@ -27,7 +27,7 @@ iniRealm.credentialsMatcher = $plainMatcher # Implicitly adds "iniRealm = org.apache.shiro.realm.text.IniRealm" # The admin password will be replaced by value of ADMIN_PASSWORD # variable by docker-entrypoint.sh on FIRST start up. -admin=${ADMIN_PASSWORD} +${ADMIN_USERNAME}=${ADMIN_PASSWORD} [roles] @@ -37,13 +37,13 @@ admin=${ADMIN_PASSWORD} /$/ping = anon ## and the rest are restricted -/$/** = authcBasic,user[admin] +/$/** = authcBasic,user[${ADMIN_USERNAME}] ## Sparql update is restricted -/*/update/** = authcBasic,user[admin] +/*/update/** = authcBasic,user[${ADMIN_USERNAME}] ## GSP update is restricted -/*/data/** = authcBasic,user[admin] +/*/data/** = authcBasic,user[${ADMIN_USERNAME}] ## If you want simple, basic authentication user/password