If I understand your architecture correctly, you have 2 'parts' of an app in one context. Is this a JavaScript browser app ? You want your 'ajax' part to 'piggy back' on the credentials the user entered to login ? ( stored in the browser as cookies ) The reference to avoiding passing credentials and having to use the same port seems to indicate that. If so, then it will be impossible to securely protect/restrict access to the REST API from all parts of the app, by implication of sharing credentials. So your 2 goals cannot be simultaneously achieved.
So focusing on how to simply expose your app in addition to REST -- very easy. Create a new REST application for your combined app. Then edit the generated rewriter.xml (It will be in the Modules DB, the path to it in the App configuration in the <url-rewriter> element in groups.xml, or the corresponding "Rewriter URI" in the HTTP App config page on 8001. It will look something like this: <!-- Copyright 2011-2017 MarkLogic Corporation. All Rights Reserved. --> <rewriter xmlns="http://marklogic.com/xdmp/rewriter";> <!-- XDBC --> <match-path any-of="/eval /invoke /spawn /insert"> <dispatch xdbc="true">$0</dispatch> </match-path> <!-- XDBC --> ---------->>> ADD HERE <!-- REST Client API endpoints --> <match-path matches="^/?$|^/content/([^/]+)/?$"> .... Insert your own rules before he REST Client API rules. A minimal example might be <match-path prefix="/myapp/myapi"> <dispatch>/myapp/myapi.xqy</dispatch> </match-path> That would dispatch any URL like /myapp/myapi/myfunction?query=abc to invoke the module /myapp/myapi.xqy You can somewhat constrain 'external' use of the REST API by adding a custom Header or query param to your internal calls then matching those and dispatching to an error page if they don’t exist. A minimal example. Insert just before the <!-- REST Client API endpoints --> <match-header name="X-INTERNAL"> Then at the end a </match-header> That will only allow REST calls which include the "X-INTERNAL" HTTP header. How to do that will depend on what libraries your using. Details on the XML rewriter : https://docs.marklogic.com/guide/app-dev/XMLrewriter From: [email protected] [mailto:[email protected]] On Behalf Of Rajesh Kumar Sent: Wednesday, April 19, 2017 6:59 AM To: [email protected] Subject: [MarkLogic Dev General] custom Rest rewriter Thanks David, I can maintain two different ports as app and rest servers. But every time I want to call REST API i have to pass credentials for the request from app server , which I want to avoid by having both in same port. I want to access endpoints ( app API or REST API) whenever header has token info except login page. I tried this using roxy hybrid and rest type, but didn't succeed. Can you help me by sharing any rewriter which I can use to achieve this functionality. Thanks & Regards, Rajesh
_______________________________________________ General mailing list [email protected] Manage your subscription at: http://developer.marklogic.com/mailman/listinfo/general
