Hi David, Thinking in an entirely different direction: what you need is your FO parser to be able to resolve the uri's to the images into the binary stream. Is it possible to configure a custom source or uri resolver that knows how to access ML, or does some preparative work for you, storing them locally and providing the FO parser with a uri to the temp file? That allows full authentication (you just need to provide the custom resolver with the necessary information), and keeps things relatively simple..
Kind regards, Geert > -----Original Message----- > From: [email protected] > [mailto:[email protected]] On Behalf Of > Lee, David > Sent: zondag 18 april 2010 15:07 > To: General Mark Logic Developer Discussion > Subject: RE: [MarkLogic Dev General] RE: Passing > authentication informationin aURL > > Thanks Geert, > I experimented with passing the user/password through the URL > and have only partial success. > In the past (other servers) I've found that user/password in > the URL typically only works for FTP not HTTP, but I gave ML > a try. Mixed results. > > Pure Java requests fail with a 401 (unaruthorized) Robust > program (wget) fails with a 401 then does retry with the U/P > and succeeds. > > Another solution for the PDF Problem I thought of is to > extract the images locally to a temp directory before calling > the tomcat service. > This might actually be more efficient as well as it wouldn't > require multiple authenticated callbacks into ML from the FOP > processor. > Another idea would be to encode all the images as a single > multi-part POST, but I think thats getting complicated ... > > > > > -----Original Message----- > From: [email protected] > [mailto:[email protected]] On Behalf Of > Geert Josten > Sent: Saturday, April 17, 2010 9:24 AM > To: General Mark Logic Developer Discussion > Subject: RE: [MarkLogic Dev General] RE: Passing > authentication informationin aURL > > Hi David, > > > As I write this though I had an idea. Since the only issue is > > requests coming from the same server, maybe I could make an > App server > > bound to > > 127.0.0.1 instead of 0.0.0.0 ... this would then limit > access to the > > server itself. > > Alternatively I could also take advantage of the firewall > to make sure > > that whatever port was open wasnt open to external uses. > This way I > > could setup a app server just for image fetches and secure > it without > > authentication. > > Since you can reasonably trust the FO processor to not misuse > security information, you might be able to use url scheme's > like http://user:p...@localhost:nnnn/getimage.xqy. It is > legal, though most browsers tend to block such requests, > pretending not to understand them, for the sake of security. > Basic auth over HTTP isn't very secure, but this is even > less. Sticking to localhost though, there is no reason to > fear sniffing of the credentials. > > I am not sure binding the app server to a specific ip works > as you think. If I'm not mistaken it doesn't work as a > filter, but as a bind. > There should be some messages about that on the ML > mailinglist. You might also be able to apply ip-filtering > from within a rewrite script.. > > Kind regards, > Geert > > > > drs. G.P.H. (Geert) Josten > Consultant > > > Daidalos BV > Hoekeindsehof 1-4 > 2665 JZ Bleiswijk > > T +31 (0)10 850 1200 > F +31 (0)10 850 1199 > > mailto:[email protected] > http://www.daidalos.nl/ > > KvK 27164984 > > P Please consider the environment before printing this mail. > De informatie - verzonden in of met dit e-mailbericht - is > afkomstig van Daidalos BV en is uitsluitend bestemd voor de > geadresseerde. Indien u dit bericht onbedoeld hebt ontvangen, > verzoeken wij u het te verwijderen. Aan dit bericht kunnen > geen rechten worden ontleend. > > _______________________________________________ > General mailing list > [email protected] > http://xqzone.com/mailman/listinfo/general > _______________________________________________ > General mailing list > [email protected] > http://xqzone.com/mailman/listinfo/general > _______________________________________________ General mailing list [email protected] http://xqzone.com/mailman/listinfo/general
