VAL Customization
Introduction
VAL can be customized in various ways, by manipulating the triples in a set of pre-defined private graphs. Typically these details will be hidden behind user interface elements, but it is good to know them anyway.
Customizing the Standard VAL Authentication Page
VAL allows some customization of the authenticate.vsp page (also see the the VAL VSP Authentication Tutorial).
Customizing the Logos
Logos displayed on the authentication page can easily be customized per application realm. By default, VAL shows details about the identity provider on the left, and the Virtuoso logo as the image on the right.
To set the left and right logos for the default realm, one can simply insert corresponding triples into the VAL config graph:
SPARQL
PREFIX oplcfg: <http://www.openlinksw.com/ontology/configuration#>
PREFIX oplacl: <http://www.openlinksw.com/ontology/acl#>
INSERT
INTO <urn:virtuoso:val:config>
{
oplacl:DefaultRealm oplcfg:hasLeftLogo <http://path/to/a-logo.png> ;
oplcfg:hasRightLogo <http://path/to/another-logo.png> .
};
Similarly, the href targets of these logos (which default as shown here) can be set via:
SPARQL
PREFIX oplcfg: <http://www.openlinksw.com/ontology/configuration#>
PREFIX oplacl: <http://www.openlinksw.com/ontology/acl#>
INSERT
INTO <urn:virtuoso:val:config>
{
oplacl:DefaultRealm oplcfg:hasLeftAnchor <http://www.openlinksw.com/> ;
oplcfg:hasRightAnchor <http://virtuoso.openlinksw.com/> .
};
Customizing the Access Request Dialog
There are two modes to how the Access Request Dialog is to be presented:
- the user needs to press a button to show it (the default)
- the dialog is shown automatically when an authenticated person is has been denied access to a resource
This setting is tied to the application realm, which means that it does not apply to any other realm.
To show the dialog automatically in the default realm, one sets the following property:
SPARQL
PREFIX oplcfg: <http://www.openlinksw.com/ontology/configuration#>
INSERT
INTO <urn:virtuoso:val:config>
{
<urn:virtuoso:val:realms:default> oplcfg:hasRequestAccessDialogMode oplcfg:SimpleRequestAccessDialog
};
To restore the default, one simply deletes the configuration:
SPARQL
PREFIX oplcfg: <http://www.openlinksw.com/ontology/configuration#>
DELETE
FROM <urn:virtuoso:val:config>
{
<urn:virtuoso:val:realms:default> oplcfg:hasRequestAccessDialogMode oplcfg:SimpleRequestAccessDialog
};
Customizing the ACL Graphs
The VAL ACL system uses a set of named graphs to store rules, groups, and restrictions.
By default, VAL uses one graph for each combination of application realm and ACL resource type.
It uses the default hostname (HOST in the example below) of the Virtuoso instance.
http://HOST/acl/graph/rules/http%3A%2F%2Fwww.openlinksw.com%2Fontology%2Facl%23DefaultRealm
On firsts usage of the API to create a rule, group, or restriction this graph will be created and made private. It will then be stored in the VAL configuration using the oplacl:hasRuleDocument property:
{ oplacl:DefaultRealm oplacl:hasRuleDocument <http://HOST/acl/graph/rules/http%3A%2F%2Fwww.openlinksw.com%2Fontology%2Facl%23DefaultRealm> }
It is possible to customize these graphs (ideally before the API creates them) which might be desireable for manual ACL resource creation via SPARQL Insert. Since VAL will honor the setting above one can simply add the required triples into the VAL config graph.
Example: Given that one wants to change the rule, group, and restriction graphs for the default application realm, the following will do:SPARQL
PREFIX oplacl: <http://www.openlinksw.com/ontology/acl#>
PREFIX oplres: <http://www.openlinksw.com/ontology/restrictions#>
WITH <urn:virtuoso:val:config>
INSERT
{
oplacl:DefaultRealm oplacl:hasRuleDocument <urn:acl:rules> ;
oplacl:hasGroupDocument <urn:acl:groups> ;
oplres:hasRestrictionDocument <urn:acl:restrictions> .
};
VAL will honor these settings, and store and read all rules, groups, and restrictions from the configured graphs.
Warnings:
- Be aware that VAL does not automatically migrate rules, groups, and restrictions between graphs.
This means that changing the graph identifiers will disable existing rules, groups, and restrictions.
- It is highly recommended that these graphs be made and kept private:
DB.DBA.RDF_GRAPH_GROUP_INS ( 'http://www.openlinksw.com/schemas/virtrdf#PrivateGraphs', 'urn:acl:rules' ); DB.DBA.RDF_GRAPH_GROUP_INS ( 'http://www.openlinksw.com/schemas/virtrdf#PrivateGraphs', 'urn:acl:groups' ); DB.DBA.RDF_GRAPH_GROUP_INS ( 'http://www.openlinksw.com/schemas/virtrdf#PrivateGraphs', 'urn:acl:restrictions' );
Customizing the Page Footers
VAL's own /sparql integration allows to set a custom page footer.
This can be used to for example show social sharing controls via Javascript commands.
Each endpoint has its own configuration.
The following example shows how the main /sparql endpoint of http://my.openlinksw.com can be enhanced with social sharing controls:
SPARQL
PREFIX oplcfg: <http://www.openlinksw.com/ontology/configuration#>
WITH <urn:virtuoso:val:config>
INSERT
{
<http://my.openlinksw.com/sparql> oplcfg:hasFooter [
a oplcfg:HtmlSnippet ;
oplcfg:hasHtmlBody """<script type="text/javascript" src="http://s7.addthis.com/js/300/addthis_widget.js">
</script>
<script type="text/javascript">
addthis.layers({
'theme' : 'transparent',
'share' : {
'position' : 'right',
'services' : 'google,linkedin,twitter,facebook,more'
}
});
</script>
"""
]
}