GH-5032 add support for overriding SECURE_MODE and WHITELIST JSON-LD setting

Author: hmottestad

core/rio/api/pom.xml

@@ -80,6 +80,18 @@
 				</exclusion>
 			</exclusions>
 		</dependency>
+		<dependency>
+			<groupId>com.fasterxml.jackson.core</groupId>
+			<artifactId>jackson-annotations</artifactId>
+		</dependency>
+		<dependency>
+			<groupId>com.fasterxml.jackson.core</groupId>
+			<artifactId>jackson-core</artifactId>
+		</dependency>
+		<dependency>
+			<groupId>com.fasterxml.jackson.core</groupId>
+			<artifactId>jackson-databind</artifactId>
+		</dependency>
 		<dependency>
 			<groupId>commons-io</groupId>
 			<artifactId>commons-io</artifactId>

core/rio/api/src/main/java/org/eclipse/rdf4j/rio/helpers/JSONLDSettings.java

@@ -10,7 +10,6 @@
  *******************************************************************************/
 package org.eclipse.rdf4j.rio.helpers;
 
-import java.util.List;
 import java.util.Set;
 
 import org.eclipse.rdf4j.rio.RioSetting;
@@ -38,7 +37,7 @@ public class JSONLDSettings {
 	 * @see <a href="http://json-ld.org/spec/latest/json-ld-api/#data-structures">JSONLD Data Structures</a>
 	 *
 	 */
-	public static final RioSetting<Boolean> COMPACT_ARRAYS = new BooleanRioSetting(
+	public static final BooleanRioSetting COMPACT_ARRAYS = new BooleanRioSetting(
 			"org.eclipse.rdf4j.rio.jsonld.compact_arrays", "Compact arrays", Boolean.TRUE);
 
 	/**
@@ -69,7 +68,7 @@ public class JSONLDSettings {
 	 * The JSON-LD processor will throw an exception if a warning is encountered during processing.
 	 *
 	 */
-	public static final RioSetting<Boolean> EXCEPTION_ON_WARNING = new ClassRioSetting<>(
+	public static final BooleanRioSetting EXCEPTION_ON_WARNING = new BooleanRioSetting(
 			"org.eclipse.rdf4j.rio.jsonld.exception_on_warning",
 			"Throw an exception when logging a warning.",
 			Boolean.FALSE);
@@ -86,7 +85,7 @@ public class JSONLDSettings {
 	 * @see <a href="http://json-ld.org/spec/latest/json-ld-api/#data-structures">JSONLD Data Structures</a>
 	 *
 	 */
-	public static final RioSetting<Boolean> OPTIMIZE = new BooleanRioSetting("org.eclipse.rdf4j.rio.jsonld.optimize",
+	public static final BooleanRioSetting OPTIMIZE = new BooleanRioSetting("org.eclipse.rdf4j.rio.jsonld.optimize",
 			"Optimize output", Boolean.FALSE);
 
 	/**
@@ -102,7 +101,7 @@ public class JSONLDSettings {
 	 * @see <a href="http://json-ld.org/spec/latest/json-ld-api/#data-structures">JSONLD Data Structures</a>
 	 *
 	 */
-	public static final RioSetting<Boolean> PRODUCE_GENERALIZED_RDF = new BooleanRioSetting(
+	public static final BooleanRioSetting PRODUCE_GENERALIZED_RDF = new BooleanRioSetting(
 			"org.eclipse.rdf4j.rio.jsonld.produce_generalized_rdf", "Produce generalized RDF", Boolean.FALSE);
 
 	/**
@@ -117,7 +116,7 @@ public class JSONLDSettings {
 	 * @see <a href="http://json-ld.org/spec/latest/json-ld-api/#data-structures">JSONLD Data Structures</a>
 	 *
 	 */
-	public static final RioSetting<Boolean> USE_NATIVE_TYPES = new BooleanRioSetting(
+	public static final BooleanRioSetting USE_NATIVE_TYPES = new BooleanRioSetting(
 			"org.eclipse.rdf4j.rio.jsonld.use_native_types", "Use Native JSON Types", Boolean.FALSE);
 
 	/**
@@ -131,7 +130,7 @@ public class JSONLDSettings {
 	 * @see <a href="http://json-ld.org/spec/latest/json-ld-api/#data-structures">JSONLD Data Structures</a>
 	 *
 	 */
-	public static final RioSetting<Boolean> USE_RDF_TYPE = new BooleanRioSetting(
+	public static final BooleanRioSetting USE_RDF_TYPE = new BooleanRioSetting(
 			"org.eclipse.rdf4j.rio.jsonld.use_rdf_type", "Use RDF Type", Boolean.FALSE);
 
 	/**
@@ -153,17 +152,19 @@ public class JSONLDSettings {
 	 * Can be overridden by setting system property {@code org.eclipse.rdf4j.rio.jsonld.hierarchical_view}.
 	 *
 	 */
-	public static final RioSetting<Boolean> HIERARCHICAL_VIEW = new BooleanRioSetting(
+	public static final BooleanRioSetting HIERARCHICAL_VIEW = new BooleanRioSetting(
 			"org.eclipse.rdf4j.rio.jsonld.hierarchical_view", "Hierarchical representation of the JSON", Boolean.FALSE);
 
 	/**
-	 * Whitelist of remote/local resources that the JSON-LD parser can retrieve. Set of URIs as strings.
+	 * Whitelist of remote/local resources that the JSON-LD parser can retrieve. Set of URIs as strings. This can be
+	 * overridden by setting a system property with the key {@code org.eclipse.rdf4j.rio.jsonld_whitelist} and a JSON
+	 * array of the desired values.
 	 * <p>
 	 * Default:
 	 * {@code Set.of("http://www.w3.org/ns/anno.jsonld", "http://www.w3.org/ns/activitystreams.jsonld", "http://www.w3.org/ns/ldp.jsonld", "http://www.w3.org/ns/oa.jsonld", "http://www.w3.org/ns/hydra/context.jsonld", "http://schema.org/", "https://w3id.org/security/v1", "https://w3c.github.io/json-ld-rc/context.jsonld", "https://www.w3.org/2018/credentials/v1", "https://health-lifesci.schema.org/", "https://auto.schema.org/", "https://bib.schema.org/", "http://xmlns.com/foaf/spec/index.jsonld", "https://pending.schema.org/", "https://schema.org/", "https://schema.org/docs/jsonldcontext.jsonld", "https://schema.org/version/latest/schemaorg-current-https.jsonld", "https://schema.org/version/latest/schemaorg-all-http.jsonld", "https://schema.org/version/latest/schemaorg-all-https.jsonld", "https://schema.org/version/latest/schemaorg-current-http.jsonld", "https://schema.org/version/latest/schemaorg-all.jsonld", "https://schema.org/version/latest/schemaorg-current.jsonld", "https://project-open-data.cio.gov/v1.1/schema/catalog.jsonld", "https://geojson.org/geojson-ld/geojson-context.jsonld", "https://www.w3.org/2019/wot/td/v1");
 	 *
 	 */
-	public static final RioSetting<Set<String>> WHITELIST = new RioSettingImpl<>(
+	public static final SetRioSetting<String> WHITELIST = new SetRioSetting<>(
 			"org.eclipse.rdf4j.rio.jsonld_whitelist",
 			"Whitelist of remote/local resources that the JSON-LD parser can retrieve. Set of URIs as strings.",
 			Set.of(
@@ -195,11 +196,13 @@ public class JSONLDSettings {
 			));
 
 	/**
-	 * Secure mode only allows loading remote/local resources (ex. context from url) that are whitelisted.
+	 * Secure mode only allows loading remote/local resources (ex. context from url) that are whitelisted. This can be
+	 * overridden by setting a system property with the key {@code org.eclipse.rdf4j.rio.jsonld_secure_mode} and a
+	 * boolean value.
 	 * <p>
 	 * Default: true
 	 */
-	public static final RioSetting<Boolean> SECURE_MODE = new RioSettingImpl<>(
+	public static final BooleanRioSetting SECURE_MODE = new BooleanRioSetting(
 			"org.eclipse.rdf4j.rio.jsonld_secure_mode",
 			"Secure mode only allows loading remote/local resources (ex. context from url) that are whitelisted.",
 			Boolean.TRUE);
@@ -211,7 +214,7 @@ public class JSONLDSettings {
 	 * <p>
 	 * Default: true
 	 */
-	public static final RioSetting<Boolean> DOCUMENT_LOADER_CACHE = new RioSettingImpl<>(
+	public static final BooleanRioSetting DOCUMENT_LOADER_CACHE = new BooleanRioSetting(
 			"org.eclipse.rdf4j.rio.jsonld_document_loader_cache",
 			"The document loader cache is enabled by default. All loaded documents, such as remote contexts, are cached for 1 hour, or until the cache is full. The cache holds up to 1000 documents. The cache is shared between all JSONLDParsers. The cache can be disabled by setting this value to false.",
 			Boolean.TRUE);

core/rio/api/src/main/java/org/eclipse/rdf4j/rio/helpers/SetRioSetting.java

@@ -0,0 +1,49 @@
+/*******************************************************************************
+ * Copyright (c) 2024 Eclipse RDF4J contributors.
+ *
+ * All rights reserved. This program and the accompanying materials
+ * are made available under the terms of the Eclipse Distribution License v1.0
+ * which accompanies this distribution, and is available at
+ * http://www.eclipse.org/org/documents/edl-v10.php.
+ *
+ * SPDX-License-Identifier: BSD-3-Clause
+ ******************************************************************************/
+
+package org.eclipse.rdf4j.rio.helpers;
+
+import java.util.HashSet;
+import java.util.List;
+import java.util.Set;
+
+import org.eclipse.rdf4j.rio.RioSetting;
+
+import com.fasterxml.jackson.core.JsonProcessingException;
+import com.fasterxml.jackson.core.type.TypeReference;
+import com.fasterxml.jackson.databind.ObjectMapper;
+
+/**
+ * A {@link RioSetting} with a {@link Set} value. The given default for the setting can be overridden by means of a
+ * System property with a name equal to the setting key, and a string value of a JSON array of the desired values.
+ *
+ * @param <T> the type of the elements in the set
+ */
+public final class SetRioSetting<T> extends AbstractRioSetting<Set<T>> {
+
+	private static final long serialVersionUID = 142127221198985291L;
+
+	public SetRioSetting(String key, String description, Set<T> defaultValue) {
+		super(key, description, defaultValue);
+	}
+
+	@Override
+	public Set<T> convert(String stringRepresentation) {
+		ObjectMapper objectMapper = new ObjectMapper();
+		try {
+			return new HashSet<>(objectMapper.readValue(stringRepresentation, new TypeReference<List<T>>() {
+			}));
+		} catch (JsonProcessingException e) {
+			throw new RuntimeException(e);
+		}
+	}
+
+}

docker/Dockerfile

@@ -17,7 +17,7 @@ MAINTAINER Bart Hanssens (bart.hanssens@bosa.fgov.be)
 RUN apt-get clean && apt-get update && apt-get upgrade -y && apt-get clean
 
 ENV JAVA_OPTS="-Xmx2g"
-ENV CATALINA_OPTS="-Dorg.eclipse.rdf4j.appdata.basedir=/var/rdf4j"
+ENV CATALINA_OPTS="-Dorg.eclipse.rdf4j.appdata.basedir=/var/rdf4j -Dorg.eclipse.rdf4j.rio.jsonld_secure_mode=false"
 
 RUN adduser --system tomcat