I really appreciate your suggestions...I am ready to go ahead with this information to develop some custom admin Interface to provide such functionality...
Thanks again Abhishek Srivastav Tata Consultancy Services Cell:- +91-9883389968 Mailto: [email protected] Website: http://www.tcs.com ____________________________________________ Experience certainty. IT Services Business Solutions Outsourcing ____________________________________________ From: Geert Josten <[email protected]> To: General MarkLogic Developer Discussion <[email protected]> Date: 09/08/2011 08:20 PM Subject: Re: [MarkLogic Dev General] Read only access to Admin interface..... Sent by: [email protected] Just be careful with how you use this. Not something to make publicly available. And it could easily break on next MarkLogic Server update.. Kind regards, Geert Van: Geert Josten Verzonden: donderdag 8 september 2011 16:43 Aan: General MarkLogic Developer Discussion Onderwerp: RE: [MarkLogic Dev General] Read only access to Admin interface..... Hi Abhishek, Yes, that is possible. You will have to do that yourself though. You might be interested in the following though. The basics seem to work at least. You might need to do a thorough check though whether it sufficiently blocks updates, it now only looks at the request method.. Insert the following in a file called default.xqy (anywhere you like, as long as it is callable through some HTTP App Server): xquery version "1.0-ml"; declare namespace h="http://www.w3.org/1999/xhtml";; declare option xdmp:mapping "false"; declare variable $base-uri := resolve-uri('.', xdmp:get-request-path()); declare variable $admin-uri := 'http://localhost:8001'; declare variable $admin-user := 'admin'; declare variable $admin-pass := 'admin'; declare variable $uri := xdmp:get-request-field("uri", '/'); declare variable $xsl := <xsl:stylesheet xmlns:xsl=" http://www.w3.org/1999/XSL/Transform"; version="2.0" xmlns:h=" http://www.w3.org/1999/xhtml";> <xsl:template match="@*|node()"> <xsl:copy> <xsl:apply-templates select="@*|node()"/> </xsl:copy> </xsl:template> <xsl:template match="@href | @src | @action"> <xsl:attribute name="{{name()}}" select="concat('{$base-uri}?uri=', encode-for-uri(.))"/> </xsl:template> <xsl:template match="@style"> <xsl:attribute name="{{name()}}"> <xsl:analyze-string select="." regex="url\([^\)]+\)"> <xsl:matching-substring> <xsl:value-of select="concat('url({$base-uri}?uri=', encode-for-uri(substring(., 5, string-length(.) - 5)), ')')"/> </xsl:matching-substring> <xsl:non-matching-substring> <xsl:value-of select="."/> </xsl:non-matching-substring> </xsl:analyze-string> </xsl:attribute> </xsl:template> </xsl:stylesheet>; declare function local:fix-links($contents) as item()* { xdmp:xslt-eval($xsl, $contents) }; let $uri := if (xdmp:get-request-method() = 'GET') then $uri else (: force 404 on POST by proxying a non-existing page :) "non-exist" return let $response := xdmp:http-get( resolve-uri($uri, $admin-uri), <options xmlns="xdmp:http"> <authentication method="digest"> <username>{$admin-user}</username> <password>{$admin-pass}</password> </authentication> </options> ) let $set-type := xdmp:set-response-content-type($response[1]//*:headers/*:content-type) let $response := $response[2] return if ($response/binary()) then $response else let $unquote := try { xdmp:unquote( $response ) } catch ($e) { $response } return if ($unquote/*) then local:fix-links($unquote) else $response Kind regards, Geert Van: [email protected] [ mailto:[email protected]] Namens Abhishek53 S Verzonden: donderdag 8 september 2011 14:17 Aan: General MarkLogic Developer Discussion Onderwerp: Re: [MarkLogic Dev General] Read only access to Admin interface..... Geert , Thanks for your fast reply....I would like to create custom admin interface that will provide subset of Admin monitoring functionality.... Abhishek Srivastav Tata Consultancy Services Cell:- +91-9883389968 Mailto: [email protected] Website: http://www.tcs.com ____________________________________________ Experience certainty. IT Services Business Solutions Outsourcing ____________________________________________ From: Geert Josten <[email protected]> To: General MarkLogic Developer Discussion <[email protected]> Date: 09/08/2011 05:37 PM Subject: Re: [MarkLogic Dev General] Read only access to Admin interface..... Sent by: [email protected] Hi Abhishek, Most pages in the Admin interface are shielded with the sec:check-admin function, which only tolerates current users that have admin role. And users with admin role have always unlimited access to anything. If you only need a small part of the Admin interface functionality, you are best of writing your own using the sec and admin API functions. Bit of a long shot, but you could also try to fit a proxy in between that passes through GET?s, but blocks POST?s. Not as nice, but perhaps quickest. Not sure it blocks all updates though, there could be updating GET?s in the Admin interface.. Kind regards, Geert Van: [email protected] [ mailto:[email protected]] Namens Abhishek53 S Verzonden: donderdag 8 september 2011 13:57 Aan: General MarkLogic Developer Discussion Onderwerp: [MarkLogic Dev General] Read only access to Admin interface..... Hi Folks I am trying to have read only access to admin console (8001) of ML server...User with this role can logged in to Admin interface to monitor the activity but can not modify any other configurations... The following execute privileges are provided to the custom read-only-admin role admin-module-read admin-ui xdmp:license-accepted xdmp:license-key-valid xdmp:pre-release-expires xdmp:read-host-config-file Redirecting to security and configuration upgrade page If the user is logged in with custom read-only-admin credentials....Going through the administrator guide it seems to be impossible as it is mentioned that only user with "admin" role can do that... Is it not possible to provide read only access to the Admin interface....If not so my next step is to built a custom interface and logged in with the user which have no admin-module-write privilege.. Sorry for the big mail....Any suggestion will be appreciated. Thanks & Regards Abhishek Srivastav Tata Consultancy Services Cell:- +91-9883389968 Mailto: [email protected] Website: http://www.tcs.com ____________________________________________ Experience certainty. IT Services Business Solutions Outsourcing ____________________________________________ =====-----=====-----===== Notice: The information contained in this e-mail message and/or attachments to it may contain confidential or privileged information. If you are not the intended recipient, any dissemination, use, review, distribution, printing or copying of the information contained in this e-mail message and/or attachments to it are strictly prohibited. If you have received this communication in error, please notify us by reply e-mail or telephone and immediately and permanently delete the message and any attachments. Thank you _______________________________________________ General mailing list [email protected] http://developer.marklogic.com/mailman/listinfo/general _______________________________________________ General mailing list [email protected] http://developer.marklogic.com/mailman/listinfo/general
_______________________________________________ General mailing list [email protected] http://developer.marklogic.com/mailman/listinfo/general
