The admin app moved to the admin. subdomain instead of the admin/ path

Dockerfile

@@ -22,7 +22,7 @@ RUN mvn -Pstandalone clean install
 
 # ==============================
 
-FROM atomgraph/letsencrypt-tomcat:10.1.34
+FROM atomgraph/letsencrypt-tomcat:10.1.46
 
 LABEL maintainer="[email protected]"
 
@@ -72,14 +72,12 @@ ENV OWNER_CERT_ALIAS=root-owner
 ENV OWNER_KEYSTORE=/var/linkeddatahub/ssl/owner/keystore.p12
 ENV OWNER_CERT=/var/linkeddatahub/ssl/owner/cert.pem
 ENV OWNER_PUBLIC_KEY=/var/linkeddatahub/ssl/owner/public.pem
-ENV OWNER_PRIVATE_KEY=/var/linkeddatahub/ssl/owner/private.key
 
 ENV SECRETARY_COMMON_NAME=LinkedDataHub
 ENV SECRETARY_CERT_ALIAS=root-secretary
 ENV SECRETARY_KEYSTORE=/var/linkeddatahub/ssl/secretary/keystore.p12
 ENV SECRETARY_CERT=/var/linkeddatahub/ssl/secretary/cert.pem
 ENV SECRETARY_PUBLIC_KEY=/var/linkeddatahub/ssl/secretary/public.pem
-ENV SECRETARY_PRIVATE_KEY=/var/linkeddatahub/ssl/secretary/private.key
 
 ENV CLIENT_KEYSTORE_MOUNT=/var/linkeddatahub/ssl/secretary/keystore.p12
 ENV CLIENT_KEYSTORE="$CATALINA_HOME/webapps/ROOT/WEB-INF/keystore.p12"
@@ -147,12 +145,22 @@ COPY platform/import-letsencrypt-stg-roots.sh import-letsencrypt-stg-roots.sh
 
 COPY platform/select-root-services.rq select-root-services.rq
 
-# copy the metadata of the built-in secretary agent
+COPY platform/select-agent-metadata.rq select-agent-metadata.rq
+
+# copy the metadata of built-in agents
 
 COPY platform/root-secretary.trig.template root-secretary.trig.template
 
 COPY platform/root-owner.trig.template root-owner.trig.template
 
+COPY platform/root-secretary-authorization.trig.template root-secretary-authorization.trig.template
+
+COPY platform/root-owner-authorization.trig.template root-owner-authorization.trig.template
+
+# copy the metadata of the namespace ontology
+
+COPY platform/namespace-ontology.trig.template namespace-ontology.trig.template
+
 # copy default datasets
 
 COPY platform/datasets/admin.trig /var/linkeddatahub/datasets/admin.trig
@@ -197,7 +205,7 @@ RUN useradd --no-log-init -U ldh && \
 RUN ./import-letsencrypt-stg-roots.sh
 
 HEALTHCHECK --start-period=80s --retries=5 \
-    CMD curl -f -I "http://localhost:${HTTP_PORT}/ns" -H "Accept: application/n-triples" || exit 1 # relies on public access to the namespace document
+    CMD curl -f -I "http://localhost:7070/ns" -H "Accept: application/n-triples" || exit 1 # relies on public access to the namespace document
 
 USER ldh
 

bin/add-generic-service.sh

@@ -1,4 +1,5 @@
 #!/usr/bin/env bash
+set -eo pipefail
 
 print_usage()
 {

bin/add-result-set-chart.sh

@@ -1,4 +1,5 @@
 #!/usr/bin/env bash
+set -eo pipefail
 
 print_usage()
 {

bin/add-select.sh

@@ -1,4 +1,5 @@
 #!/usr/bin/env bash
+set -eo pipefail
 
 print_usage()
 {

bin/add-view.sh

@@ -1,4 +1,5 @@
 #!/usr/bin/env bash
+set -eo pipefail
 
 print_usage()
 {

bin/admin/acl/add-agent-to-group.sh

@@ -1,4 +1,5 @@
 #!/usr/bin/env bash
+set -eo pipefail
 
 print_usage()
 {
@@ -79,4 +80,4 @@ sparql+="}\n"
 
 # PATCH SPARQL to the named graph
 
-echo -e "$sparql" | curl -X PATCH --data-binary @- -s -k -E "$cert_pem_file":"$cert_password" "$target" -H "Content-Type: application/sparql-update"
+echo -e "$sparql" | curl -f -X PATCH --data-binary @- -s -k -E "$cert_pem_file":"$cert_password" "$target" -H "Content-Type: application/sparql-update"

bin/admin/acl/create-authorization.sh

@@ -1,4 +1,5 @@
 #!/usr/bin/env bash
+set -eo pipefail
 
 print_usage()
 {

bin/admin/acl/create-group.sh

@@ -1,4 +1,5 @@
 #!/usr/bin/env bash
+set -eo pipefail
 
 print_usage()
 {

bin/admin/acl/make-public.sh

@@ -58,7 +58,13 @@ if [ -z "$base" ] ; then
     exit 1
 fi
 
-target="${base}admin/acl/authorizations/public/"
+admin_uri() {
+    local uri="$1"
+    echo "$uri" | sed 's|://|://admin.|'
+}
+
+admin_base=$(admin_uri "$base")
+target="${admin_base}acl/authorizations/public/"
 
 if [ -n "$proxy" ]; then
     # rewrite target hostname to proxy hostname
@@ -73,7 +79,7 @@ curl -X PATCH \
     -H "Content-Type: application/sparql-update" \
     "$target" \
      --data-binary @- <<EOF
-BASE <${base}admin/>
+BASE <${admin_base}>
 
 PREFIX  acl: <http://www.w3.org/ns/auth/acl#>
 PREFIX  def: <https://w3id.org/atomgraph/linkeddatahub/default#>
@@ -84,10 +90,10 @@ PREFIX  foaf: <http://xmlns.com/foaf/0.1/>
 INSERT
 {
   <acl/authorizations/public/#this> acl:accessToClass def:Root, dh:Container, dh:Item, nfo:FileDataObject ;
-      acl:accessTo <../sparql> .
+      acl:accessTo <${base}sparql> .
 
   <acl/authorizations/public/#sparql-post> a acl:Authorization ;
-      acl:accessTo <../sparql> ;
+      acl:accessTo <${base}sparql> ;
       acl:mode acl:Append ;
       acl:agentClass foaf:Agent, acl:AuthenticatedAgent . # hacky way to allow queries over POST
 }

bin/admin/add-ontology-import.sh

@@ -1,4 +1,5 @@
 #!/usr/bin/env bash
+set -eo pipefail
 
 print_usage()
 {
@@ -80,4 +81,4 @@ sparql+="}\n"
 
 # PATCH SPARQL to the named graph
 
-echo -e "$sparql" | curl -X PATCH --data-binary @- -v -k -E "$cert_pem_file":"$cert_password" "$target" -H "Content-Type: application/sparql-update"
+echo -e "$sparql" | curl -f -X PATCH --data-binary @- -v -k -E "$cert_pem_file":"$cert_password" "$target" -H "Content-Type: application/sparql-update"

bin/admin/model/add-class.sh

@@ -1,4 +1,5 @@
 #!/usr/bin/env bash
+set -eo pipefail
 
 print_usage()
 {

bin/admin/model/add-construct.sh

@@ -1,4 +1,5 @@
 #!/usr/bin/env bash
+set -eo pipefail
 
 print_usage()
 {

bin/admin/model/add-property-constraint.sh

@@ -1,4 +1,5 @@
 #!/usr/bin/env bash
+set -eo pipefail
 
 print_usage()
 {

bin/admin/model/add-restriction.sh

@@ -1,4 +1,5 @@
 #!/usr/bin/env bash
+set -eo pipefail
 
 print_usage()
 {

bin/admin/model/add-select.sh

@@ -1,4 +1,5 @@
 #!/usr/bin/env bash
+set -eo pipefail
 
 print_usage()
 {

bin/admin/model/create-ontology.sh

@@ -1,4 +1,5 @@
 #!/usr/bin/env bash
+set -eo pipefail
 
 print_usage()
 {

bin/content/add-object-block.sh

@@ -1,4 +1,5 @@
 #!/usr/bin/env bash
+set -eo pipefail
 
 print_usage()
 {

bin/content/add-xhtml-block.sh

@@ -1,4 +1,5 @@
 #!/usr/bin/env bash
+set -eo pipefail
 
 print_usage()
 {

bin/create-container.sh

@@ -1,4 +1,5 @@
 #!/usr/bin/env bash
+set -eo pipefail
 
 print_usage()
 {

bin/create-item.sh

@@ -1,4 +1,5 @@
 #!/usr/bin/env bash
+set -eo pipefail
 
 print_usage()
 {

bin/get.sh

@@ -84,7 +84,7 @@ fi
 # GET RDF document
 
 if [ -n "$head" ] ; then
-    curl -v -k -E "$cert_pem_file":"$cert_password" -H "Accept: ${accept}" "$target" --head
+    curl -f -v -k -E "$cert_pem_file":"$cert_password" -H "Accept: ${accept}" "$target" --head
 else
-    curl -v -k -E "$cert_pem_file":"$cert_password" -H "Accept: ${accept}" "$target"
+    curl -f -v -k -E "$cert_pem_file":"$cert_password" -H "Accept: ${accept}" "$target"
 fi

bin/imports/create-csv-import.sh

@@ -1,4 +1,5 @@
 #!/usr/bin/env bash
+set -eo pipefail
 
 print_usage()
 {

bin/imports/create-file.sh

@@ -1,4 +1,5 @@
 #!/usr/bin/env bash
+set -eo pipefail
 
 print_usage()
 {
@@ -176,7 +177,7 @@ if [ -n "$proxy" ]; then
 fi
 
 # POST RDF/POST multipart form and capture the effective URL
-effective_url=$(echo -e "$rdf_post" | curl -w '%{url_effective}' -v -s -k -X PUT -H "Accept: text/turtle" -E "$cert_pem_file":"$cert_password" -o /dev/null --config - "$target")
+effective_url=$(echo -e "$rdf_post" | curl -w '%{url_effective}' -f -v -s -k -X PUT -H "Accept: text/turtle" -E "$cert_pem_file":"$cert_password" -o /dev/null --config - "$target")
 
 # If using proxy, rewrite the effective URL back to original hostname
 if [ -n "$proxy" ]; then

bin/imports/create-query.sh

@@ -1,4 +1,5 @@
 #!/usr/bin/env bash
+set -eo pipefail
 
 print_usage()
 {

bin/imports/create-rdf-import.sh

@@ -1,4 +1,5 @@
 #!/usr/bin/env bash
+set -eo pipefail
 
 print_usage()
 {

bin/patch.sh

@@ -70,4 +70,4 @@ fi
 
 # resolve SPARQL update from stdin against base URL and PATCH it to the server
 # uparse currently does not support --base: https://github.com/apache/jena/issues/3296
-cat - | curl -v -k -E "$cert_pem_file":"$cert_password" --data-binary @- -H "Content-Type: application/sparql-update" -X PATCH -o /dev/null "$final_url"
+cat - | curl -f -v -k -E "$cert_pem_file":"$cert_password" --data-binary @- -H "Content-Type: application/sparql-update" -X PATCH -o /dev/null "$final_url"

bin/post.sh

@@ -80,7 +80,7 @@ else
 fi
 
 # resolve RDF document from stdin against base URL and POST to the server and print request URL
-effective_url=$(cat - | turtle --base="$url" | curl -w '%{url_effective}' -v -k -E "$cert_pem_file":"$cert_password" -d @- -H "Content-Type: ${content_type}" -H "Accept: text/turtle" -o /dev/null "$final_url")
+effective_url=$(cat - | turtle --base="$url" | curl -w '%{url_effective}' -f -v -k -E "$cert_pem_file":"$cert_password" -d @- -H "Content-Type: ${content_type}" -H "Accept: text/turtle" -o /dev/null "$final_url") || exit $?
 
 # If using proxy, rewrite the effective URL back to original hostname
 if [ -n "$proxy" ]; then

bin/put.sh

@@ -80,7 +80,7 @@ else
 fi
 
 # resolve RDF document from stdin against base URL and PUT to the server and print request URL
-effective_url=$(cat - | turtle --base="$url" | curl -w '%{url_effective}' -v -k -E "$cert_pem_file":"$cert_password" -d @- -X PUT -H "Content-Type: ${content_type}" -H "Accept: text/turtle" -o /dev/null "$final_url")
+effective_url=$(cat - | turtle --base="$url" | curl -w '%{url_effective}' -f -v -k -E "$cert_pem_file":"$cert_password" -d @- -X PUT -H "Content-Type: ${content_type}" -H "Accept: text/turtle" -o /dev/null "$final_url") || exit $?
 
 # If using proxy, rewrite the effective URL back to original hostname
 if [ -n "$proxy" ]; then

bin/webid-keygen-pem.sh

@@ -4,7 +4,7 @@
 
 if [ "$#" -ne 6 ]; then
   echo "Usage:   $0" '$alias $cert_file $keystore_password $key_password $webid_uri $validity' >&2
-  echo "Example: $0 martynas martynas.localhost.p12 Martynas Martynas https://localhost:4443/admin/acl/agents/ce84eb31-cc1e-41f4-9e29-dacd417b9818/#this 365" >&2
+  echo "Example: $0 martynas martynas.localhost.p12 Martynas Martynas https://admin.localhost:4443/acl/agents/ce84eb31-cc1e-41f4-9e29-dacd417b9818/#this 365" >&2
   exit 1
 fi
 

bin/webid-keygen.sh

@@ -4,7 +4,7 @@
 
 if [ "$#" -ne 6 ]; then
   echo "Usage:   $0" '$alias $cert_file $keystore_password $key_password $webid_uri $validity' >&2
-  echo "Example: $0 martynas martynas.localhost.p12 Password Password https://localhost:4443/admin/acl/agents/ce84eb31-cc1e-41f4-9e29-dacd417b9818/#this 3650" >&2
+  echo "Example: $0 martynas martynas.localhost.p12 Password Password https://admin.localhost:4443/acl/agents/ce84eb31-cc1e-41f4-9e29-dacd417b9818/#this 3650" >&2
   exit 1
 fi
 

config/system.trig

@@ -1,4 +1,5 @@
 @prefix lapp:	<https://w3id.org/atomgraph/linkeddatahub/apps#> .
+@prefix ldh:	<https://w3id.org/atomgraph/linkeddatahub#> .
 @prefix a:	<https://w3id.org/atomgraph/core#> .
 @prefix ac:	<https://w3id.org/atomgraph/client#> .
 @prefix rdf:	<http://www.w3.org/1999/02/22-rdf-syntax-ns#> .
@@ -16,7 +17,8 @@
 
 <urn:linkeddatahub:apps/admin> a lapp:Application, lapp:AdminApplication ;
     dct:title "LinkedDataHub admin" ;
-    ldt:base <admin/> ;
+    # ldt:base <https://admin.localhost:4443/> ;
+    ldh:origin <https://admin.localhost:4443> ;
     ldt:ontology <https://w3id.org/atomgraph/linkeddatahub/admin#> ;
     ldt:service <urn:linkeddatahub:services/admin> ;
     ac:stylesheet <static/com/atomgraph/linkeddatahub/xsl/bootstrap/2.3.2/admin/layout.xsl> ;
@@ -35,8 +37,9 @@
 
 <urn:linkeddatahub:apps/end-user> a lapp:Application, lapp:EndUserApplication ;
     dct:title "LinkedDataHub" ;
-    ldt:base <> ;
-    ldt:ontology <ns#> ;
+    # ldt:base <https://localhost:4443/> ;
+    ldh:origin <https://localhost:4443> ;
+    ldt:ontology <https://localhost:4443/ns#> ;
     ldt:service <urn:linkeddatahub:services/end-user> ;
     lapp:adminApplication <urn:linkeddatahub:apps/admin> ;
     lapp:frontendProxy <http://varnish-frontend:6060/> ;