Aller au contenu principal


This package allows you to handle rights through the WebACL standard.


  • View and modify rights of any resources
  • Automatically add rights when LDP resources, LDP containers or ActivityPub collections are created
  • Create ACL groups, manage members of these groups




$ npm install @semapps/webacl --save


const { WebAclService } = require('@semapps/webacl');
module.exports = {
mixins: [WebAclService],
settings: {
baseUrl: 'http://localhost:3000/'

This service must be used with an instance of Fuseki which can handle WebAcl. We recommend to use the image semapps/jena-fuseki-webacl (see page on Docker Hub)

You will also need to add the WebAcl middleware to the broker settings.

// moleculer.config.js
const { WebAclMiddleware } = require('@semapps/webacl');
module.exports = {
middlewares: [

The WebAclMiddleware:

  • Protects the actions of the LDP service
  • Automatically updates ACL when LDP resources, LDP containers or ActivityPub collections are added or removed.


If you wish to properly cache the WebAcl and improve performances, we recommend that you add a Cacher middleware before the WebACL middleware.

// moleculer.config.js
const { WebAclMiddleware, CacherMiddleware } = require('@semapps/webacl');
module.exports = {
middlewares: [

See the Moleculer caching documentation to know what options can be passed.


baseUrlStringrequiredBase URL of the LDP server

General notes#

  • The SemApps middleware will always connect to the SPARQL endpoint with a Basic Authorization header containing the admin user and its password.
  • If the middleware is doing a query on behalf of a SemApps user, it will send the WebID URI of this user in the HTTP header X-SemappsUser.
  • If no user is logged-in and the middleware is making a request as a public (anonymous) user, then the X-SemappsUser header will be sent with the value anon.
  • If to the contrary, the middleware is modifying the ACLs, it will send no header, or a header with the X-SemappsUser set to system.