exposing a sparql endPoint publicly? - webserver

I have a website power by a tomcat server. My application tap on a tripleStore that i would like to make public trough a sparql endpoint at www.mywebsiteaddress/sparql.
What configuration do i need on my webserver to do that ?
I use Jena Fuseki on the background which is running on the Port 3030 and my webserver is on the port 80.
My idea is that, when the webserver get a request on the port 80 about ..../sparql it redirect to fuseki sprql endPoint

This is more of a webservice / access control problem than anything SPARQL related. However, since SPARQL endpoints are supposed to be created as per the SPARQL spec, i think this a valid question, as I'm sure people will encounter it again in the future.
So, to answer your question, "public" usually means that certain headers are set in order to allow a request to hit the endpoint when it is not coming from the same domain. From there, you can specifically allow certain types of interactions with the endpoint. If you wanted to kinda just allow everything, you could set the following headers:
'Access-Control-Allow-Origin: *'
"Access-Control-Allow-Credentials: true"
'Access-Control-Allow-Headers: X-Requested-With'
'Access-Control-Allow-Headers: Content-Type'
'Access-Control-Allow-Methods: POST, GET, OPTIONS, DELETE //http://stackoverflow.com/a/7605119/578667
'Access-Control-Max-Age: 86400'
Depending on how you built the endpoint, it'll either have some settings somewhere where you can adjust the headers, or, you'll have find the headers settings for the application framework itself if you're using one. But, in general, the above headers would make it "public"

Related

Override single API endpoint locally

Is it possible to override a single API end-point locally?
i.e:
https://jsonplaceholder.typicode.com/todos/1
To this one:
http://localhost:3000/todos/1
But without touching others end-point like:
https://jsonplaceholder.typicode.com/movie/1
I'm trying to find a tool to do this, I also tried to use the hosts file but it work only domain by domain, not for a single API endpoint.
You can use the Map Remote function in Charles. I believe similar feature exists in other HTTP proxy tool such as Fiddler too.
First, configure Map Remote and mapping https://jsonplaceholder.typicode.com to http://localhost:3000, limit the path to /todos/*, so that it won't impact /movie/1:
Then, as Charles is trying to intercept HTTPS site, you need to enable "SSL Proxying" and add jsonplaceholder.typicode.com (Otherwise, browser will ignore the interceptor or just throw a certificate warning):
It's done. In browser, access to https://jsonplaceholder.typicode.com/todos/1 or https://jsonplaceholder.typicode.com/todos/2 will be redirected to http://localhost:/todos/1 or http://localhost:3000/todos/2 internally, while access to https://jsonplaceholder.typicode.com/movie/1 is not touched.

Grails redirect to URL in an interceptor -- API Gateway Architecture

Context:
I'm designing an API gateway for some microservices. The idea is:
I intercept all the incoming requests in a global interceptor, analyze them for accessibility based on some permissions and finally use a simple redirect to call the actual URL. For example, I'm doing the following at one place:
if(permAction && authorizationService.hasPermission(user, micro, permAction)) {
if(microName != "umm"){
log.info("Successfully Authorized. Forwarding request to: ${micro?.ipAddress}${req}")
redirect(url: "${micro?.ipAddress}${req}", params: params)
return false
}
log.info("Successfully Authorized. Forwarding request to: ${req}")
return true
}
For simple GET requests, it works fine.
Questions
I'm having some problems with this approach.
When I hit the API from the front end, through my gateway, it gives a 302 and finally gives a 200 whether the original API exists or not in the original microservice. It gives a 404 if directly hit. What's happening?
There is an error in the console saying preflight cors disabled. What is that? It wasn't there without redirection.
I want all the GET, PUT and POST requests to redirect to various microservices.As far as I searched, redirect in grails only support a GET request.
Is there any other (better) approach to achieve the same? Maybe RESTClient on the server side or something similar.
Some of these questions have been partially answered but not in this context. Any insights about the problems in the context would be great.
Complete interceptor file is given here. This repository contains the whole project for the Grails API gateway.
Update : 4:30 pm
Resolved question 2 by allowing OPTIONSin the Allowed-Methods on the server side.
Update: 11:12 pm
For number 4, I implemented a rest client at the gateway backend. It works fine as far as functionality is concerned. However, with rest client at the backend, client requests gateway, which in turn requests the microservice, gets the response and gives it back to the client. This sort of two-way involvement of gateway is costly. This also resolves question number 3 by the way.
Is there any other better solution for a gateway in some other language or technology which can provide robustness out of the box?

how to add entries for allowed hosts in the referrer filter node

To prevent cross site request forgery, I want to try with referrer filter, and in the allowed hosts section, I want to add my trustable websites for instance site1.com, site2.com, site3.com etc.
My doubt is like do we need to specify https and all in the allowed host entry as below
https://site1.com or
specifying it as site1.com would do.
Thanks,
Balaji.
Simply the hostname is enough. site1.com will get you through. AEM will take care of both http and https with the hostname alone. By specifying the protocol explicitly , you can add restriction to allow requests from only, let's say, https referer.

subdomain redirect to a specific port using SRV?

Lets say I have the following:
subdomain: xyz.mydomain.com
my server's public DNS: xyz.fastserver.com
when someone goes to xyz.mydomain.com I want them to be redirected to
xyz.mydomain.com:8080
I have full access to all the typical A(host), C(NAME) as well as SRV records etc, tried different configurations but cant get it to work.
Any ideas?
You did not explicitly specify it, but I assume you mean HTTP (i.e. web browsing) and not FTP, SIP, SMTP... and lots of the other protocols on the internet.
In this case what you are trying to do is not possible. DNS A/AAAA/CNAME records are only used to get an IP address, so you can not get a port with these settings. And SRV records are not used within HTTP, so you can not use it to specify the port too.
Link to previous post that goes over the difference between redirect, rewrite, and vhosts.
DNS, however, has no concept of "port" unless you make a special record (SRV) and then a special request to get that record. It is much more transparent to use one of the HTTP methods described above.

Why does Fiddler break my site's redirects?

Why does using Fiddler break my site sometimes on page transitions.
After a server side redirect -- in the http response (as found in Fiddler) I get this:
Object moved
Object moved to here.
The site is an ASP.NET 1.1 / VB.NET 1.1 [sic] site.
Why doesnt Fiddler just go there for me? i dont get it.
I'm fine with this issue when developing but I'm worried that other proxy servers might cause this issue for 'real customers'. Im not even clear exactly what is going on.
That's actually what Response.Redirect does. It sends a 302 - Object moved response to the user-agent. The user-agent then automatically goes to the URL specified in the 302 response. If you need a real server-side redirect without round-tripping to the client, try Server.Transfer.
If you merely constructed the request using the request builder, you're not going to see Fiddler automatically follow the returned redirect.
In contrast, if you are using IE or another browser, it will generally check the redirect header and follow it.
For IE specifically, I believe there's a timing corner case where the browser will fail to follow the redirect in obscure situations. You can often fix this by clicking Tools / Fiddler Options, and enabling both the "Server" and "Client" socket reuse settings.
Thanks user15310, it works with Server.Transfer
Server.Transfer("newpage.aspx", true);
Firstly, transferring to another page using Server.Transfer conserves server resources. Instead of telling the browser to redirect, it simply changes the "focus" on the Web server and transfers the request. This means you don't get quite as many HTTP requests coming through, which therefore eases the pressure on your Web server and makes your applications run faster.
But watch out: because the "transfer" process can work on only those sites running on the server, you can't use Server.Transfer to send the user to an external site. Only Response.Redirect can do that.
Secondly, Server.Transfer maintains the original URL in the browser. This can really help streamline data entry techniques, although it may make for confusion when debugging.
That's not all: The Server.Transfer method also has a second parameter—"preserveForm". If you set this to True, using a statement such as Server.Transfer("WebForm2.aspx", True), the existing query string and any form variables will still be available to the page you are transferring to.
Read more here:
http://www.developer.com/net/asp/article.php/3299641/ServerTransfer-Vs-ResponseRedirect.htm