Named graph security: 'Invalid resource name'

conradL · April 4, 2019, 2:11am

Using version 5.3.4 in production.

I've enabled security.named.graphs=true for a database ng-test, and am trying to assign some user permissions, but when the named graph IRI has a hash symbol in it I get the following:

stardog-admin --server https://myHost user grant -u stardog-admin -a read -o named-graph:ng-test\\http://purl.org/net/grafli#tbox -- grafli-r-conradL

Invalid resource name

The command works fine when the graph IRI does not contain a hash.

I'm pretty sure this used to work in version 4.x

jess · April 4, 2019, 11:14am

You should escape it or add quotes so the shell doesn't interpret it as a comment.

Jess

conradL · April 4, 2019, 11:56am

nope; neither escaping, nor single nor double quotes work. I would expect the shell would only interpret a space followed by hash as a comment anyhow.

conradL · April 5, 2019, 12:42am

I've tried using the HTTP API directly, same result:

curl \
    -H "Content-Type: application/json" \
    -X "PUT" \
    --user stardog-admin:**** \
    --data '{"action":"READ","resource_type":"named-graph","resource":["grafli-gqa-test\\http://purl.org/net/grafli#tbox"]}' \ 
    https://myHost:5820/admin/permissions/role/grafliGqaTestWriter

{ "message" : "invalid resource: 'grafli-gqa-test\http://purl.org/net/grafli#tbox'."}

conradL · April 5, 2019, 1:58am

And also using the Java API, same result:

import com.typesafe.config.ConfigFactory
import com.typesafe.config.ConfigValueFactory
  
import com.complexible.common.rdf.model.Values
import com.complexible.stardog.security.NamedGraphPermissions
  
import au.edu.qimr.stardog.ConnectionFactory

val adminConfig = ConfigFactory
    .load(getClass.getClassLoader)
    .getConfig("stardog.adminConnection")
    .withValue("hostname", ConfigValueFactory.fromAnyRef("****"))
    .withValue("username", ConfigValueFactory.fromAnyRef("stardog-admin"))
val conn = ConnectionFactory.getAdminConnection(adminConfig)
val perms = NamedGraphPermissions
    .on(conn.get.getPermissionManager, "grafli-gqa-test")
    .read(Values.iri("http://purl.org/net/grafli#tbox"))
    .grantRole("grafliGqaTestWriter")

run it:

com.complexible.stardog.protocols.http.client.BaseHttpClient$HttpClientException: invalid resource: 'http://purl.org/net/grafli#tbox'.
	at com.complexible.stardog.protocols.http.client.BaseHttpClient.checkResponseCode(BaseHttpClient.java:537)
	at com.complexible.stardog.protocols.http.client.BaseHttpClient.execute(BaseHttpClient.java:363)
	at com.complexible.stardog.protocols.http.client.BaseHttpClient.executeHttpPut(BaseHttpClient.java:635)
	at com.complexible.stardog.protocols.http.client.HttpAdminClientImpl.addRolePerm(HttpAdminClientImpl.java:160)
	at com.complexible.stardog.security.NamedGraphPermissions.modifyPermissions(NamedGraphPermissions.java:125)
	at com.complexible.stardog.security.NamedGraphPermissions.grantRole(NamedGraphPermissions.java:83)
	at Main$$anon$1.<init>(setNgPerms.scala:18)
	at Main$.main(setNgPerms.scala:1)
	at Main.main(setNgPerms.scala)

reading the stack trace, this is in the response from the client after it's executed the command, so it's server-side issue.

system · April 19, 2019, 1:59am

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Setting up Named Graph Secuirty Support	3	268	July 2, 2019
Default named graph permissions Support	1	443	November 9, 2019
User does not have permissions to update the named graph DEFAULT Support	4	171	September 14, 2023
Disallowing writes to default graph Support	5	306	March 15, 2022
Specifying named graph in API request Support	2	327	October 17, 2022

Named graph security: 'Invalid resource name'

Related Topics