VAL
Virtuoso Authentication Layer
|
Functions | |
DBEV_ACLS_ENABLED_FOR_SCOPE (varchar scope, varchar realm) | |
DBEV_CHECK_CONNECTION_AUTHENTICATION (varchar uname) | |
Virtuoso callback for internal authentication. More... | |
DBEV_CHECK_CONNECTION_AUTHENTICATION_2 (varchar uname, varchar agentIri, varchar realm=null) | |
Virtuoso callback for internal authentication. More... | |
DBEV_CHECK_PERMISSIONS (varchar resource, varchar scope, varchar clientIp=null, varchar agentIri=null, varchar realm=null) | |
Virtuoso callback for internal ACLs. More... | |
DBEV_GET_CONNECTION_RESTRICTION (varchar resource, varchar parameter=null, decimal minValue, varchar minServiceId, decimal maxValue, varchar maxServiceId, varchar agentIri=null, varchar realm=null) | |
Virtuoso Hook proc: Get the min and max values of one restriction. More... | |
DBEV_RES_CREATION_POST (varchar uri, varchar scope, varchar realm=null) | |
DBEV_RESTRICTIONS (any keys, varchar agentIri=null, varchar realm=null) | |
Virtuoso callback for internal restrictions. More... | |
DB.DBA.DBEV_ACLS_ENABLED_FOR_SCOPE | ( | varchar | scope, |
varchar | realm | ||
) |
DB.DBA.DBEV_CHECK_CONNECTION_AUTHENTICATION | ( | varchar | uname | ) |
Virtuoso callback for internal authentication.
DB.DBA.DBEV_CHECK_CONNECTION_AUTHENTICATION_2 | ( | varchar | uname, |
varchar | agentIri, | ||
varchar | realm = null |
||
) |
Virtuoso callback for internal authentication.
Virtuoso for example uses this procedure to check external authentication in the DAV layer. This procedure simply checks if any of the VAL-supported auth information is available. If so, it will return 1
and set uname
to the authenticated SQL user if and only if the authentication information could be mapped to such a user.
Since VAL also supports authentication via 3rd-party accounts that are not connected to any SQL user this procedure can also return 1
but leave uname
to null
.
DB.DBA.DBEV_CHECK_PERMISSIONS | ( | varchar | resource, |
varchar | scope, | ||
varchar | clientIp = null , |
||
varchar | agentIri = null , |
||
varchar | realm = null |
||
) |
Virtuoso callback for internal ACLs.
DB.DBA.DBEV_GET_CONNECTION_RESTRICTION | ( | varchar | resource, |
varchar | parameter = null , |
||
decimal | minValue, | ||
varchar | minServiceId, | ||
decimal | maxValue, | ||
varchar | maxServiceId, | ||
varchar | agentIri = null , |
||
varchar | realm = null |
||
) |
Virtuoso Hook proc: Get the min and max values of one restriction.
Virtuoso allows the creation of procedure DB.DBA.DBEV_GET_CONNECTION_RESTRICTION to allow Virtuoso use of our restrictions engine.
resource | The resource for which a restriction should be checked. | |
parameter | The optional parameter which allows to split one resource into several restrictions. | |
[out] | minValue | Will be set to the min value of the restriction of null if no matching restriction had a min value. |
minServiceId | Will be set to the service ID of the authenticated person which triggered the minimum restriction. If the restriction is based on an IP address then it will be null . | |
[out] | maxValue | Will be set to the max value of the restriction of null if no matching restriction had a max value. |
maxServiceId | Will be set to the service ID of the authenticated person which triggered the maximum restriction. If the restriction is based on an IP address then it will be null . | |
agentIri | The optional IRI of the authenticated agent. If omitted VAL authentcation will be checked. | |
realm | The optional application realm which falls back to VAL.DBA.get_default_realm(). |
1
if restriction values have been found, 0
otherwise.DB.DBA.DBEV_RES_CREATION_POST | ( | varchar | uri, |
varchar | scope, | ||
varchar | realm = null |
||
) |
Post-resource creation hook.
Once new resources have been created (typically DAV resources) via non-sql account authentication we need to create ACL rules to grant the authenticated person access to the newly created resource.
This is done in this hook.
DB.DBA.DBEV_RESTRICTIONS | ( | any | keys, |
varchar | agentIri = null , |
||
varchar | realm = null |
||
) |
Virtuoso callback for internal restrictions.
This callback can be used by Virtuoso to apply restrictions to any internal system. It is for example used by the HTTP engine to restrict the request rate or the max result content size.
keys | A vector which contains a map of restriction names to their type, ie. min or max . The restriction names will be prefixed with urn:virtuoso:restrictions: which is important when declaring the restriction rules. |
agentIri | The optional IRI of the authenticated agent. If omitted VAL authentcation will be checked. |
realm | The optional application realm which falls back to VAL.DBA.get_default_realm(). |
max
or min
), the restriction value, and an optional serviceId of the authenticated person which triggered the restriction. If the latter is null then the restriction is assumed to be on an IP address level.