Michael, OK, and that user appararently needs some XDBC-related privileges which are not present in the app-user role;
I created a new role "guest-user" that reuses the app-user role and has an added xdbc:invoke privilege. Maybe 'xdbc-guest' would have been a better name. Now the new user 'guest' with the role 'guest-user' can indeed run trivial queries that return documents to the anonymous visitor. thanks, Jeroen 2009/9/1 Michael Blakeley <[email protected]>: > Jeron, > > Why not create a user called "visitor", and make sure all your XCC code > defaults to that login? That's essentially what the application-level > authentication option for HTTP does, after all. > > -- Mike > > On 2009-09-01 03:27, Jeroen Pulles wrote: >> >> Hi, >> >> I am starting out with Mark Logic Server and want to develop a Java >> servlet based web application that accesses Mark Logic via XCC/XDBC. >> The application will work with various roles from admin, editor, and >> author to anonymous visitor. >> >> As I understand it, on an HTTP-based app-server this would require >> setting the authentication to application-level. >> >> I have some trouble understanding the security model on a XDBC >> app-server with the XCC connector, however. In contrast to HTTP >> servers, the Mark Logic admin page does not have a setting for a >> server-wide authentication model. Section 5.2 from the "Understanding >> and Using Security" doc specifies that the XDBC connector *always* >> uses (digest-basic) authentication. >> >> How can I have anonymous users on my servlet query Mark Logic server via >> XCC? >> >> When not specifying a user/password I get an "No default user/password >> configured" error message. When using a bogus nobody/nobody >> user/password combo, I get "Authorization failed for user 'nobody'.". >> >> regards, >> Jeroen Pulles >> >> -- >> The actual code that was used: >> >> Context initCtx = new InitialContext(); >> Context envCtx = (Context)initCtx.lookup("java:comp/env"); >> ContentSource cs = >> (ContentSource)envCtx.lookup("marklogic/ContentSource"); >> Session xdq_session; >> HttpSession session = request.getSession(false); >> if (session == null || session.getAttribute("username") == null) { >> xdq_session = cs.newSession(); >> // cs.newSession("nobody", "nobody"); >> } else { >> xdq_session = cs.newSession( >> (String)session.getAttribute("username"), >> (String)session.getAttribute("password")); >> } >> RequestOptions options = new RequestOptions(); >> Request xdq_request = session.newModuleInvoke("/hello.xqy", options); >> >> >> <Resource name="marklogic/ContentSource" auth="Container" >> description="Mark Logic database XDBC connection" >> type="com.marklogic.xcc.ContentSource" >> factory="com.marklogic.xcc.jndi.ContentSourceBeanFactory" >> host="192.168.1.186" port="8021" /> >> >> java.lang.IllegalStateException: No default user/password configured >> >> com.marklogic.xcc.impl.ContentSourceImpl.newSession(ContentSourceImpl.java:87) >> >> com.xopus.nuthatch.servlets.NuthatchServlet.newXccSession(NuthatchServlet.java:41) >> com.xopus.nuthatch.servlets.HelloWorld.doGet(HelloWorld.java:29) >> javax.servlet.http.HttpServlet.service(HttpServlet.java:627) >> javax.servlet.http.HttpServlet.service(HttpServlet.java:729) >> >> Anonymous acces to the equivalent http://localhost:8009/hello.xqy on a >> HTTP app-server works fine when the app-server uses application-level >> authentication. >> _______________________________________________ >> General mailing list >> [email protected] >> http://xqzone.com/mailman/listinfo/general > > _______________________________________________ > General mailing list > [email protected] > http://xqzone.com/mailman/listinfo/general > _______________________________________________ General mailing list [email protected] http://xqzone.com/mailman/listinfo/general
