Merge pull request #45 from yngwi/master

Version 0.3.0

Author: yngwi

Dockerfile

@@ -1,6 +1,4 @@
-ARG JAVA_VERSION=11
-
-FROM adoptopenjdk/maven-openjdk${JAVA_VERSION}
+FROM openjdk:11.0.12
 LABEL maintainer=“[email protected]”
 
 ARG APPLICATION_PORT=8080
@@ -35,11 +33,15 @@ ENV PROFILE=${PROFILE}
 ENV REDIS_PORT=${REDIS_PORT}
 ENV REDIS_URL=${REDIS_URL}
 
-RUN curl -fsSL https://deb.nodesource.com/setup_15.x | bash -
+RUN curl -fsSL https://deb.nodesource.com/setup_17.x | bash -
 RUN apt-get install -y nodejs
 RUN npm install -g yarn
 
+RUN cd /opt && curl -sSl http://mirror.vorboss.net/apache/maven/maven-3/3.8.3/binaries/apache-maven-3.8.3-bin.tar.gz | tar -xz
+ENV PATH "$PATH:/opt/apache-maven-3.8.3/bin"
+
 EXPOSE ${APPLICATION_PORT}
 COPY ./ ./
 RUN mvn package -Dmaven.test.skip=true
+
 ENTRYPOINT ["java","-jar","./target/nampi-backend.jar"]

Dockerfile.fuseki

@@ -1,6 +1,97 @@
-ARG FUSEKI_VERSION=latest
+#   Licensed to the Apache Software Foundation (ASF) under one or more
+#   contributor license agreements.  See the NOTICE file distributed with
+#   this work for additional information regarding copyright ownership.
+#   The ASF licenses this file to You under the Apache License, Version 2.0
+#   (the "License"); you may not use this file except in compliance with
+#   the License.  You may obtain a copy of the License at
+#
+#       http://www.apache.org/licenses/LICENSE-2.0
+#
+#   Unless required by applicable law or agreed to in writing, software
+#   distributed under the License is distributed on an "AS IS" BASIS,
+#   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+#   See the License for the specific language governing permissions and
+#   limitations under the License.
 
-FROM stain/jena-fuseki:${FUSEKI_VERSION}
 
-RUN apt-get update; \
-  apt-get install -y --no-install-recommends procps
+FROM openjdk:11-jre-slim-buster
+MAINTAINER Stian Soiland-Reyes <[email protected]>
+
+ENV LANG C.UTF-8
+RUN set -eux; \
+    apt-get update; \
+    apt-get install -y --no-install-recommends \
+       bash curl ca-certificates findutils coreutils gettext pwgen procps tini \
+    ; \
+    rm -rf /var/lib/apt/lists/*
+
+
+# Update below according to https://jena.apache.org/download/ 
+# and checksum for apache-jena-fuseki-4.x.x.tar.gz.sha512
+ENV FUSEKI_SHA512 359f8f99c8fa5968c1bdddcc39214db86da822804e3dd5fa182b86daff2d121a85b2102cffec853d9a80ceca7dea8ef65ef875919d653984af9bd297bc740167
+ENV FUSEKI_VERSION 4.2.0
+# No need for https due to sha512 checksums below
+ENV ASF_MIRROR http://www.apache.org/dyn/mirrors/mirrors.cgi?action=download&filename=
+ENV ASF_ARCHIVE http://archive.apache.org/dist/
+
+LABEL org.opencontainers.image.url https://github.com/stain/jena-docker/tree/master/jena-fuseki
+LABEL org.opencontainers.image.source https://github.com/stain/jena-docker/
+LABEL org.opencontainers.image.documentation https://jena.apache.org/documentation/fuseki2/
+LABEL org.opencontainers.image.title "Apache Jena Fuseki"
+LABEL org.opencontainers.image.description "Fuseki is a SPARQL 1.1 server with a web interface, backed by the Apache Jena TDB RDF triple store."
+LABEL org.opencontainers.image.version ${FUSEKI_VERSION}
+LABEL org.opencontainers.image.licenses "(Apache-2.0 AND (GPL-2.0 WITH Classpath-exception-2.0) AND GPL-3.0)"
+LABEL org.opencontainers.image.authors "Apache Jena Fuseki by https://jena.apache.org/; this image by https://orcid.org/0000-0001-9842-9718"
+
+# Config and data
+ENV FUSEKI_BASE /fuseki
+
+
+# Installation folder
+ENV FUSEKI_HOME /jena-fuseki
+
+WORKDIR /tmp
+# published sha512 checksum
+RUN echo "$FUSEKI_SHA512  fuseki.tar.gz" > fuseki.tar.gz.sha512
+# Download/check/unpack/move in one go (to reduce image size)
+RUN     (curl --location --silent --show-error --fail --retry-connrefused --retry 3 --output fuseki.tar.gz ${ASF_MIRROR}jena/binaries/apache-jena-fuseki-$FUSEKI_VERSION.tar.gz || \
+         curl --fail --silent --show-error --retry-connrefused --retry 3 --output fuseki.tar.gz $ASF_ARCHIVE/jena/binaries/apache-jena-fuseki-$FUSEKI_VERSION.tar.gz) && \
+        sha512sum -c fuseki.tar.gz.sha512 && \
+        tar zxf fuseki.tar.gz && \
+        mv apache-jena-fuseki* $FUSEKI_HOME && \
+        rm fuseki.tar.gz* && \
+        cd $FUSEKI_HOME && rm -rf fuseki.war && chmod 755 fuseki-server
+
+# Test the install by testing it's ping resource. 20s sleep because Docker Hub.
+RUN  $FUSEKI_HOME/fuseki-server & \
+     sleep 20 && \
+     curl -sS --fail 'http://localhost:3030/$/ping' 
+
+# No need to kill Fuseki as our shell will exit after curl
+
+# As "localhost" is often inaccessible within Docker container,
+# we'll enable basic-auth with a random admin password
+# (which we'll generate on start-up)
+COPY shiro.ini $FUSEKI_HOME/shiro.ini
+COPY fuseki-entrypoint.sh /docker-entrypoint.sh
+RUN chmod 755 /docker-entrypoint.sh
+
+
+COPY load.sh $FUSEKI_HOME/
+COPY tdbloader $FUSEKI_HOME/
+COPY tdbloader2 $FUSEKI_HOME/
+RUN chmod 755 $FUSEKI_HOME/load.sh $FUSEKI_HOME/tdbloader $FUSEKI_HOME/tdbloader2
+#VOLUME /staging
+
+
+# Where we start our server from
+WORKDIR $FUSEKI_HOME
+
+# Make sure we start with empty /fuseki
+RUN rm -rf $FUSEKI_BASE
+VOLUME $FUSEKI_BASE
+
+EXPOSE 3030
+ENTRYPOINT ["/usr/bin/tini", "--", "/docker-entrypoint.sh"]
+CMD ["/jena-fuseki/fuseki-server"]
+

README.md

@@ -39,7 +39,7 @@ A number of command line parameters are available to configure the application.
 | Parameter                 | Mandatory | Default Value                               | Example                                           | Description                                                                                                                                  |
 | ------------------------- | --------- | ------------------------------------------- | ------------------------------------------------- | -------------------------------------------------------------------------------------------------------------------------------------------- |
 | APPLICATION_PORT          |           | 8080                                        |                                                   | The port the application will run on                                                                                                         |
-| CORE_OWL_URL              |           | https://purl.org/nampi/owl/core             |                                                   | The location of the NAMPI-Core ontology                                                                                                      |
+| CORE_OWL_URL              |           | http://purl.org/nampi/owl/core             |                                                   | The location of the NAMPI-Core ontology                                                                                                      |
 | DATA_BASE_URL             |           | The URL used in the current Servlet Request | https://example.com/nampi/data                    | The URL to use when creating internal links or new database individuals. When omitted, the current servlet request is used                   |
 | DATA_URL                  | \*        |                                             | http://localhost:3030/data                        | The URL to the data dataset where the original data will be stored                                                                           |
 | DEFAULT_LIMIT             |           | 20                                          |                                                   | The default result number to return when requesting from a collection endpoint like '/persons                                                |
@@ -74,7 +74,7 @@ The application can be run as a standalone Docker container connected to pre-exi
 Example:
 
 ```
-docker build --build-arg DATA_BASE_URL=https://example.com/nampi/data --build-arg KEYCLOAK_FRONTEND_URL=http://localhost:8080/auth --build-arg KEYCLOAK_REALM=nampi --build-arg KEYCLOAK_RESOURCE=nampi-client --build-arg KEYCLOAK_URL=http://example.com/keycloak/auth --build-arg LOGGING_LEVEL=TRACE --build-arg OTHER_OWL_URLS=https://purl.org/nampi/owl/monastic-life --build-arg REDIS_PORT=6379 --build-arg REDIS_URL=http://example.com/redis --build-arg INF_CACHE_URL=http://example.com/fuseki/inf-cache --build-arg DATA_URL=http://example.com/fuseki/data .
+docker build --build-arg DATA_BASE_URL=https://example.com/nampi/data --build-arg KEYCLOAK_FRONTEND_URL=http://localhost:8080/auth --build-arg KEYCLOAK_REALM=nampi --build-arg KEYCLOAK_RESOURCE=nampi-client --build-arg KEYCLOAK_URL=http://example.com/keycloak/auth --build-arg LOGGING_LEVEL=TRACE --build-arg OTHER_OWL_URLS=http://purl.org/nampi/owl/monastic-life --build-arg REDIS_PORT=6379 --build-arg REDIS_URL=http://example.com/redis --build-arg INF_CACHE_URL=http://example.com/fuseki/inf-cache --build-arg DATA_URL=http://example.com/fuseki/data .
 ```
 
 ## Deploying with `docker-compose`
@@ -93,7 +93,7 @@ KEYCLOAK_PASSWORD=[keycloak password]
 KEYCLOAK_PG_PASSWORD=[keycloak pg password]
 KEYCLOAK_REALM=nampi
 KEYCLOAK_RESOURCE=nampi-client
-OTHER_OWL_URLS=https://purl.org/nampi/owl/monastic-life
+OTHER_OWL_URLS=http://purl.org/nampi/owl/monastic-life
 ```
 
 To directly expose the containers (for example to use the Fuseki and Keycloak admin interfaces) to the web, the following docker-compose.override.yml file can be used as a starting point:

docker-compose.yml

@@ -23,8 +23,6 @@ services:
     build:
       context: .
       dockerfile: Dockerfile.fuseki
-      args:
-        FUSEKI_VERSION: 4.0.0
     restart: always
     volumes:
       - fuseki_data:/fuseki
@@ -57,12 +55,11 @@ services:
       dockerfile: Dockerfile
       args:
         APPLICATION_PORT: ${APPLICATION_PORT:-8080}
-        CORE_OWL_URL: https://purl.org/nampi/owl/core
+        CORE_OWL_URL: http://purl.org/nampi/owl/core
         DATA_BASE_URL: ${DATA_BASE_URL}
         DATA_URL: http://fuseki:3030/data
         DEFAULT_LIMIT: ${DEFAULT_LIMIT:-20}
         INF_CACHE_URL: http://fuseki:3030/inf_cache
-        JAVA_VERSION: 11
         KEYCLOAK_RDF_ID_ATTRIBUTE: ${KEYCLOAK_RDF_ID_ATTRIBUTE:-rdf-id}
         KEYCLOAK_REALM: ${KEYCLOAK_REALM}
         KEYCLOAK_RESOURCE: ${KEYCLOAK_RESOURCE}

fuseki-entrypoint.sh

@@ -0,0 +1,75 @@
+#!/bin/bash
+#   Licensed to the Apache Software Foundation (ASF) under one or more
+#   contributor license agreements.  See the NOTICE file distributed with
+#   this work for additional information regarding copyright ownership.
+#   The ASF licenses this file to You under the Apache License, Version 2.0
+#   (the "License"); you may not use this file except in compliance with
+#   the License.  You may obtain a copy of the License at
+#
+#       http://www.apache.org/licenses/LICENSE-2.0
+#
+#   Unless required by applicable law or agreed to in writing, software
+#   distributed under the License is distributed on an "AS IS" BASIS,
+#   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+#   See the License for the specific language governing permissions and
+#   limitations under the License.
+
+set -e
+
+if [ ! -f "$FUSEKI_BASE/shiro.ini" ] ; then
+  # First time
+  echo "###################################"
+  echo "Initializing Apache Jena Fuseki"
+  echo ""
+  cp "$FUSEKI_HOME/shiro.ini" "$FUSEKI_BASE/shiro.ini"
+  if [ -z "$ADMIN_PASSWORD" ] ; then
+    ADMIN_PASSWORD=$(pwgen -s 15)
+    echo "Randomly generated admin password:"
+    echo ""
+    echo "admin=$ADMIN_PASSWORD"
+  fi
+  echo ""
+  echo "###################################"
+fi
+
+if [ -d "/fuseki-extra" ] && [ ! -d "$FUSEKI_BASE/extra" ] ; then
+  ln -s "/fuseki-extra" "$FUSEKI_BASE/extra" 
+fi
+
+# $ADMIN_PASSWORD only modifies if ${ADMIN_PASSWORD}
+# is in shiro.ini
+if [ -n "$ADMIN_PASSWORD" ] ; then
+  export ADMIN_PASSWORD
+  envsubst '${ADMIN_PASSWORD}' < "$FUSEKI_BASE/shiro.ini" > "$FUSEKI_BASE/shiro.ini.$$" && \
+    mv "$FUSEKI_BASE/shiro.ini.$$" "$FUSEKI_BASE/shiro.ini"
+  unset ADMIN_PASSWORD # Don't keep it in memory
+  export ADMIN_PASSWORD
+fi
+
+# fork 
+exec "$@" &
+
+TDB_VERSION=''
+if [ ! -z ${TDB+x} ] && [ "${TDB}" = "2" ] ; then 
+  TDB_VERSION='tdb2'
+else
+  TDB_VERSION='tdb'
+fi
+
+# Wait until server is up
+while [[ $(curl -I http://localhost:3030 2>/dev/null | head -n 1 | cut -d$' ' -f2) != '200' ]]; do
+  sleep 1s
+done
+
+# Convert env to datasets
+printenv | egrep "^FUSEKI_DATASET_" | while read env_var
+do
+    dataset=$(echo $env_var | egrep -o "=.*$" | sed 's/^=//g')
+    curl -s 'http://localhost:3030/$/datasets'\
+         -H "Authorization: Basic $(echo -n admin:${ADMIN_PASSWORD} | base64)" \
+         -H 'Content-Type: application/x-www-form-urlencoded; charset=UTF-8'\
+         --data "dbName=${dataset}&dbType=${TDB_VERSION}"
+done
+
+# rejoin our exec
+wait

load.sh

@@ -0,0 +1,75 @@
+#!/bin/bash
+#   Licensed to the Apache Software Foundation (ASF) under one or more
+#   contributor license agreements.  See the NOTICE file distributed with
+#   this work for additional information regarding copyright ownership.
+#   The ASF licenses this file to You under the Apache License, Version 2.0
+#   (the "License"); you may not use this file except in compliance with
+#   the License.  You may obtain a copy of the License at
+#
+#       http://www.apache.org/licenses/LICENSE-2.0
+#
+#   Unless required by applicable law or agreed to in writing, software
+#   distributed under the License is distributed on an "AS IS" BASIS,
+#   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+#   See the License for the specific language governing permissions and
+#   limitations under the License.
+
+extensions="rdf ttl owl nt nquads"
+PATTERNS=""
+for e in $extensions ; do
+  PATTERNS="$PATTERNS *.$e *.$e.gz"
+done
+
+if [ $# -eq 0 ] ; then
+  echo "$0 [DB] [PATTERN ...]"
+  echo "Load one or more RDF files into Jena Fuseki TDB database DB."
+  echo ""
+  echo "Current directory is assumed to be /staging"
+  echo ""
+  echo 'PATTERNs can be a filename or a shell glob pattern like *ttl'
+  echo ""
+  echo "If no PATTERN are given, the default patterns are searched:"
+  echo "$PATTERNS"
+  echo ""
+  echo "Set the environment variable TDBLOADER_OPTS for any additional"
+  echo "options to pass to tdbloader, e.g. --graph=https://example.org/graph#name
+  exit 0
+fi
+
+cd /staging 2>/dev/null || echo "/staging not found" >&2
+echo "Current directory:" $(pwd)
+
+DB=$1
+shift
+
+if [ $# -eq 0 ] ; then
+  patterns="$PATTERNS"
+else
+  patterns="$@"
+fi
+
+files=""
+for f in $patterns; do
+  if [ -f $f ] ; then
+    files="$files $f"
+  else
+    if [ $# -gt 0 ] ; then
+      # User-specified file/pattern missing
+      echo "WARNING: Not found: $f" >&2
+    fi
+  fi
+done
+
+if [ "$files" == "" ] ; then
+  echo "No files found for: " >&2
+  echo "$patterns" >&2
+  exit 1
+fi
+
+echo "#########"
+echo "Loading to Fuseki TDB database $DB:"
+echo ""
+echo $files
+echo "#########"
+
+exec $FUSEKI_HOME/tdbloader $TDBLOADER_OPTS --loc=$FUSEKI_BASE/databases/$DB $files

pom.xml

@@ -9,7 +9,7 @@
   </parent>
   <groupId>eu.nampi</groupId>
   <artifactId>backend</artifactId>
-  <version>0.2.12</version>
+  <version>0.3.0</version>
   <name>nampi-backend</name>
   <description>The NAMPI backend</description>
 

shiro.ini

@@ -0,0 +1,57 @@
+#   Licensed to the Apache Software Foundation (ASF) under one or more
+#   contributor license agreements.  See the NOTICE file distributed with
+#   this work for additional information regarding copyright ownership.
+#   The ASF licenses this file to You under the Apache License, Version 2.0
+#   (the "License"); you may not use this file except in compliance with
+#   the License.  You may obtain a copy of the License at
+#
+#       http://www.apache.org/licenses/LICENSE-2.0
+#
+#   Unless required by applicable law or agreed to in writing, software
+#   distributed under the License is distributed on an "AS IS" BASIS,
+#   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+#   See the License for the specific language governing permissions and
+#   limitations under the License.
+
+[main]
+# Development
+ssl.enabled = false
+
+plainMatcher=org.apache.shiro.authc.credential.SimpleCredentialsMatcher
+#iniRealm=org.apache.shiro.realm.text.IniRealm
+iniRealm.credentialsMatcher = $plainMatcher
+
+#localhost=org.apache.jena.fuseki.authz.LocalhostFilter
+
+[users]
+# Implicitly adds "iniRealm =  org.apache.shiro.realm.text.IniRealm"
+# The admin password will be replaced by value of ADMIN_PASSWORD
+# variable by docker-entrypoint.sh on FIRST start up.
+admin=${ADMIN_PASSWORD}
+
+[roles]
+
+[urls]
+## Control functions open to anyone
+/$/status = anon
+/$/ping   = anon
+
+## and the rest are restricted
+/$/** = authcBasic,user[admin]
+
+## Sparql update is restricted
+/*/update/** = authcBasic,user[admin]
+
+
+## If you want simple, basic authentication user/password
+## on the operations,
+##    1 - set a password in [users]
+##    2 - change the line above to:
+## /$/** = authcBasic,user[admin]
+## and set a better
+
+## or to allow any access.
+##/$/** = anon
+
+# Everything else
+/**=anon