How can I set up a authentication in fuseki server for specific user to access with python?

Question

As I know, there is Apache Shiro for Fuseki webapp.
But I'm trying to set up a authentication in fuseki server for specific user to access with python.

I have been added auth setting in my database config file
C:\apache-jena-fuseki-4.3.2\run\configuration\databaseName.ttl.
And I also add a password file in the same folder.

Then I have been used SPARQLWrapper in python to access database in fuseki.
But it doesn't work. It says "HTTPError: HTTP Error 403: Forbidden"
I would like to understand what I did wrong and how to do in this issue.
Can anyone please help me with this?

Any help would be greatly appreciated

databaseName.ttl:

:service_tdb_all  rdf:type            fuseki:Service ;
        rdfs:label                    "TDB databaseName" ;
        fuseki:dataset                :tdb_dataset_readwrite ;
        fuseki:name                   "databaseName" ;
        fuseki:serviceQuery           "query" , "" , "sparql" ;
        fuseki:serviceReadGraphStore  "get" ;
        fuseki:serviceReadWriteGraphStore "data" ;
        fuseki:serviceUpdate          "" , "update" ;
        fuseki:serviceUpload          "upload" ;
        fuseki:passwd  "password_file" ;
        fuseki:auth    "basic" ;
        fuseki:allowedUsers "user1"

password_file:

user1: password

code in python

sparql = SPARQLWrapper(self.query_endpoint_url)
sparql.setQuery(query)
sparql.setHTTPAuth(BASIC)
sparql.setCredentials('user1', 'password')
sparql.setReturnFormat(JSON)
results = sparql.query().convert()

------Updated in 2022/10/13------
Here is my config file.
And I also remove the auth setup in databaseName.ttl
To start the fuseki by fuseki-server.bat
Testing the access by the command above with incorrent password.
Access works even if the passoword is incorrect.
curl -I -user user1:password12 http://localhost:3030

Testing the access to my endpoint,
curl -I --user user1:password http://localhost:3030/databaseName/sparql
it says HTTP/1.1 405 Method Not Allowed

config.ttl

## Fuseki Server configuration file.

@prefix :        <#> .
@prefix fuseki:  <http://jena.apache.org/fuseki#> .
@prefix rdf:     <http://www.w3.org/1999/02/22-rdf-syntax-ns#> .
@prefix rdfs:    <http://www.w3.org/2000/01/rdf-schema#> .
@prefix ja:      <http://jena.hpl.hp.com/2005/11/Assembler#> .
@prefix tdb:    <http://jena.hpl.hp.com/2008/tdb#> .

[] rdf:type fuseki:Server ;
        fuseki:passwd  "password_file" ;
        fuseki:auth    "basic" ;
        fuseki:allowedUsers "user1". 

databaseName.ttl

@prefix fuseki: <http://jena.apache.org/fuseki#> .
@prefix ja:     <http://jena.hpl.hp.com/2005/11/Assembler#> .
@prefix rdf:    <http://www.w3.org/1999/02/22-rdf-syntax-ns#> .
@prefix rdfs:   <http://www.w3.org/2000/01/rdf-schema#> .
@prefix tdb:    <http://jena.hpl.hp.com/2008/tdb#> .

<http://jena.apache.org/2016/tdb#GraphTDB>
        rdfs:subClassOf  ja:Model .

ja:ModelRDFS  rdfs:subClassOf  ja:Model .

ja:RDFDatasetSink  rdfs:subClassOf  ja:RDFDataset .

tdb:DatasetTDB  rdfs:subClassOf  ja:RDFDataset .

<http://jena.apache.org/2016/tdb#GraphTDB2>
        rdfs:subClassOf  ja:Model .

<http://jena.apache.org/text#TextDataset>
        rdfs:subClassOf  ja:RDFDataset .

ja:RDFDatasetZero  rdfs:subClassOf  ja:RDFDataset .

:service_tdb_all  rdf:type            fuseki:Service ;
        rdfs:label                    "TDB databaseName" ;
        fuseki:dataset                :tdb_dataset_readwrite ;
        fuseki:name                   "databaseName" ;
        fuseki:serviceQuery           "query" , "" , "sparql" ;
        fuseki:serviceReadGraphStore  "get" ;
        fuseki:serviceReadWriteGraphStore
                "data" ;
        fuseki:serviceUpdate          "" , "update" ;
        fuseki:serviceUpload          "upload" .

ja:ViewGraph  rdfs:subClassOf  ja:Model .

ja:GraphRDFS  rdfs:subClassOf  ja:Model .

<http://jena.apache.org/2016/tdb#DatasetTDB>
        rdfs:subClassOf  ja:RDFDataset .

tdb:GraphTDB  rdfs:subClassOf  ja:Model .

ja:DatasetTxnMem  rdfs:subClassOf  ja:RDFDataset .

<http://jena.apache.org/2016/tdb#DatasetTDB2>
        rdfs:subClassOf  ja:RDFDataset .

ja:RDFDatasetOne  rdfs:subClassOf  ja:RDFDataset .

ja:MemoryDataset  rdfs:subClassOf  ja:RDFDataset .

:tdb_dataset_readwrite
        rdf:type      tdb:DatasetTDB ;
        tdb:location  "C:\\apache-jena-fuseki-4.3.2\\run/databases/databaseName" .

ja:DatasetRDFS  rdfs:subClassOf  ja:RDFDataset .

Answer 1

The packing of Fuseki you appear to be using supports security via Apache Shiro, not via configuration in the config.ttl.

https://jena.apache.org/documentation/fuseki2/fuseki-security.html

This form, Fuseki/webapp, has a "run/" area where you can put configuration files.

There is a different packaging - Fuseki/main which supports security in the way you are trying to use it.

This form does not currently (2022) does not have a UI and it does not layout the configuration as two separate files.

https://jena.apache.org/documentation/fuseki2/fuseki-main.html https://jena.apache.org/documentation/fuseki2/fuseki-data-access-control.html

The following configuration file for Fuseki main works: (and is tidied up):

PREFIX :        <#>
PREFIX fuseki:  <http://jena.apache.org/fuseki#>
PREFIX rdf:     <http://www.w3.org/1999/02/22-rdf-syntax-ns#>
PREFIX rdfs:    <http://www.w3.org/2000/01/rdf-schema#>
PREFIX ja:      <http://jena.hpl.hp.com/2005/11/Assembler#>
PREFIX tdb:    <http://jena.hpl.hp.com/2008/tdb#>

[] rdf:type fuseki:Server ;
        fuseki:passwd  "password_file" ;
        fuseki:auth    "basic" ;
        fuseki:allowedUsers "user1". 

:service_tdb_all  rdf:type            fuseki:Service ;
    rdfs:label                    "TDB databaseName" ;
    fuseki:dataset                :tdb_dataset_readwrite ;
    fuseki:name                   "databaseName" ;
    fuseki:endpoint [ fuseki:operation fuseki:query ; ] ;
    fuseki:endpoint [ fuseki:operation fuseki:update ; ] ;
    fuseki:endpoint [ fuseki:operation fuseki:gsp-rw ; ] ;

    fuseki:endpoint [ fuseki:operation fuseki:query ; fuseki:name "sparql" ];
    fuseki:endpoint [ fuseki:operation fuseki:query ; fuseki:name "query" ];
    fuseki:endpoint [ fuseki:operation fuseki:update ; fuseki:name "update" ];
    fuseki:endpoint [ fuseki:operation fuseki:gsp-r ; fuseki:name "get" ] ;
    fuseki:endpoint [ fuseki:operation fuseki:gsp-rw ; fuseki:name "data" ] ;
    fuseki:endpoint [ fuseki:operation fuseki:upload ; fuseki:name "upload" ] ;
    .
    
:tdb_dataset_readwrite
        rdf:type      tdb:DatasetTDB ;
        tdb:location  "DB" .

Authentication (the password file and auth type) is for the server, not the fuseki:Service.

... rdf:type fuseki:Server ;
        fuseki:passwd  "password_file" ;
        fuseki:auth    "auth" ;
        ...

https://jena.apache.org/documentation/fuseki2/fuseki-data-access-control.html

What is confusing is that for Fuseki/webapp, the root resources "http://localhost:3030/" is the UI and the UI access is controlled by shiro.ini, defaulting to allowing all local access. If you remove the -I (i.e. HTTP HEAD) from curl commands you wil see that you get HTML from http://localhost:3030/.

This is different in Fuseki/main.

The 405 is because a HEAD request to the SPARQL endpoint is not supported http://localhost:3030/databaseName/sparql is bad. A HEAD request on a SPARQL endpoint would require interpreting the query string.