Exempt proxy requests from local ACL checks in AuthorizationFilter

Document-centric ACL (acl:accessTo <document>) is semantically wrong for
the proxy, which is a global transport function. Requiring acl:Write on a
local document to forward a DELETE to a remote target would be a security
anti-pattern — the target endpoint enforces its own access control, and
SSRF protection via URLValidator is the appropriate security layer.

Extends the existing mapped-URI bypass to cover all methods and all URIs
when ?uri= is present. Adds a regression test that verifies an agent with
acl:Append only on /sparql (not on the root URL) can POST via proxy.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

Author: namedgraph

http-tests/proxy/POST-proxied-query-no-writers.sh

@@ -0,0 +1,41 @@
+#!/usr/bin/env bash
+set -euo pipefail
+
+initialize_dataset "$END_USER_BASE_URL" "$TMP_END_USER_DATASET" "$END_USER_ENDPOINT_URL"
+initialize_dataset "$ADMIN_BASE_URL" "$TMP_ADMIN_DATASET" "$ADMIN_ENDPOINT_URL"
+purge_cache "$END_USER_VARNISH_SERVICE"
+purge_cache "$ADMIN_VARNISH_SERVICE"
+purge_cache "$FRONTEND_VARNISH_SERVICE"
+
+# grant the agent acl:Append on the SPARQL endpoint only (not on the root URL)
+
+create-authorization.sh \
+  -f "$OWNER_CERT_FILE" \
+  -p "$OWNER_CERT_PWD" \
+  -b "$ADMIN_BASE_URL" \
+  --label "Append authorization for SPARQL endpoint" \
+  --agent "$AGENT_URI" \
+  --to "${END_USER_BASE_URL}sparql" \
+  --append
+
+purge_cache "$END_USER_VARNISH_SERVICE"
+purge_cache "$ADMIN_VARNISH_SERVICE"
+purge_cache "$FRONTEND_VARNISH_SERVICE"
+
+# execute SPARQL query using LDH as a proxy
+# agent has acl:Append on /sparql but NOT on the root URL —
+# currently returns 403 because AuthorizationFilter checks ACL on the root proxy URL
+
+http_code=$(curl -k -s -o /dev/null -w "%{http_code}" \
+  -X POST \
+  -E "$AGENT_CERT_FILE":"$AGENT_CERT_PWD" \
+  -H 'Content-Type: application/sparql-query' \
+  -H 'Accept: application/sparql-results+xml' \
+  --url-query "uri=${END_USER_BASE_URL}sparql" \
+  --data 'SELECT (COUNT(*) AS ?count) WHERE { ?s ?p ?o }' \
+  "$END_USER_BASE_URL")
+
+if [ "$http_code" -ne 200 ]; then
+    echo "Expected HTTP 200, got: $http_code"
+    exit 1
+fi

src/main/java/com/atomgraph/linkeddatahub/server/filter/request/AuthorizationFilter.java

@@ -106,11 +106,16 @@ public void filter(ContainerRequestContext request) throws IOException
         if (request == null) throw new IllegalArgumentException("ContainerRequestContext cannot be null");
         if (log.isDebugEnabled()) log.debug("Authorizing request URI: {}", request.getUriInfo().getRequestUri());
 
-        // allow proxied URIs that are mapped to local files
-        if (request.getMethod().equals(HttpMethod.GET) && request.getUriInfo().getQueryParameters().containsKey(AC.uri.getLocalName()))
+        // allow proxied URIs - ACL is enforced by the target endpoint
+        // SSRF protection is handled separately in ProxiedGraph via URLValidator
+        // LDH's document-centric ACL (acl:accessTo <document>) is not meaningful for the proxy,
+        // which is a global transport function, not a document. Requiring acl:Write on a local
+        // document just to forward a DELETE to a remote target would be a security anti-pattern.
+        if (request.getUriInfo().getQueryParameters().containsKey(AC.uri.getLocalName()))
         {
             String proxiedURI = request.getUriInfo().getQueryParameters().getFirst(AC.uri.getLocalName());
-            if (getSystem().getDataManager().isMapped(proxiedURI)) return;
+            if (getSystem().getDataManager().isMapped(proxiedURI)) return; // mapped local file
+            return; // external URI — skip ACL, target enforces its own access control
         }
 
         Resource accessMode = ACCESS_MODES.get(request.getMethod());