Enable stateless HTTP Basic Authentication

[enridaga]

With the implementation of the shiro session based authorization Basil supports users and roles so that only the API creator can modify or delete an entry.
However, the current implementation is based on sessions, that are unhandy to be managed from the curl command line. When the Shiro Subject is not authenticated, we should forcely check whether the request also contains an HTTP Basic Header and authenticate the Subject forcely, without opening a session this time.

[barrynl]

I was wondering whether Basil supports a SPARQL endpoint with HTTP Basic Authentication, but I guess this issue is not about the SPARQL endpoint?

[costasvassilakis]

@barrynl , a quick-and-dirty solution to supporting queries to SPARQL endpoint with HTTP Basic Authentication is to modify basil/src/main/java/uk/ac/open/kmi/basil/invoke/DirectExecutor.java so that public InvocationResult execute(Query q, String endpoint) reads as follows:

            CredentialsProvider credsProvider = new BasicCredentialsProvider();
            Credentials credentials = new UsernamePasswordCredentials("USERNAME", "PASSWORD");
            credsProvider.setCredentials(AuthScope.ANY, credentials);
            HttpClient httpclient = HttpClients.custom()
                .setDefaultCredentialsProvider(credsProvider)
                .build();
            QueryExecution qe = QueryExecutionFactory.sparqlService(endpoint, q, httpclient);

Make sure that you substitute USERNAME and PASSWORD with appropriate values, and of course a rebuild is needed.

The solution is clearly suboptimal since it assumes that all endpoints queried by the same installation share the same username and password. The best way to implement it would cater for providing the authentication method within the query specification (even different queries to the same endpoint might need different credentials) and then the execute method would examine whether authentication is needed and accordingly set the http client needed.

[enridaga]

I know this is a very late reaction. The above comments, very relevant in general, are not related to this issue specifically as here we refer to the way basil handles authentication for managing api creation etc... This specific issue has been fixed.

[enridaga]

Created #69 to track the issue discussed by @barrynl and @costasvassilakis