I am not Luca... yet I hope my answer helps a little.
The javascript interface to OrientDB that the studio is using runs inside
the built-in webserver that comes with OrientDB. The webserver is
configured to run on port 2480. You need to run your code inside same
webserver if you wish the browser not to complain of cross origin.
The assumption is that you run your app in your own server. You mentioned
java, so most likely it is tomcat or jetty. My approach is to create a
servlet that will proxy the ODB http calls. This proxy will also do the
base authentication.
The following is some code that I used initially to dig into ODB. Please
adjust for production. It uses Apache HTTP Client.
(this is the body of the doPost() servlet method, and it's groovy)
CloseableHttpClient client = HttpClients.createDefault();
HttpPost httpPost; CloseableHttpResponse response = null
String json = """{"ERROR":"X"}"""
try {
HttpHost targetHost = new HttpHost("localhost", 2480, "http");
CredentialsProvider credsProvider = new BasicCredentialsProvider()
credsProvider.setCredentials(
new AuthScope(targetHost.hostName, AuthScope.ANY_PORT),
new UsernamePasswordCredentials("writer", "writer"))
AuthCache authCache = new BasicAuthCache()
BasicScheme basicAuth = new BasicScheme()
authCache.put(targetHost, basicAuth)
HttpClientContext context = HttpClientContext.create()
context.setCredentialsProvider(credsProvider)
context.setAuthCache(authCache)
println uri
String url = base + URLEncoder.encode(uri,CONST.UTF_8)
httpPost = new HttpPost(uri)
response = client.execute(targetHost, httpPost, context)
json = EntityUtils.toString(response.entity)
} catch(err) {
json.replace("X", err.message)
err.printStackTrace()
} finally {
try {
response.close();
} catch (err) {json.replace("X", err.message)}
}
resp.setContentType(CONST.APPLICATION_JSON)
resp.writer.write json
Since, again for learning purposes, I moved to nginx and setup the proxy in
the nginx config file. Nginx is just a lighter experience.
# proxy the orientdb http requests
location ~ ^/command/ {
default_type 'application/json';
proxy_pass http://localhost:2480;
proxy_set_header Host localhost;
proxy_set_header X-Real-IP 127.0.0.1;
proxy_set_header Authorization "Basic
d3JpdGVyOndyaXRlcg==";
}
As you can see, any URL that starts with /command/ is sent over to ODB.
This allows me to send any SQL request directly to ODB via HTTP. You need
to see the manual for the format of the ODB commands over HTTP.
The user, in my case writer/writer, is not visible to the browser.
Credentials are encoded by an online tool. Don't remember which one I used.
This setup is great for quick and dirty prototyping. If you wanted your
code on the web, I would not expose the SQL requests to world but create a
REST API for the data. In this case, neither user credential nor data model
are exposed.
Take this with a grain of salt. I am not a programmer.
On Wednesday, December 24, 2014 12:11:47 PM UTC-5, jeremies wrote:
>
> Hello Luca,
>
>
>
> I have a question regarding the way the OrientDB studio works.
>
>
>
> When I build my own web application to access the OrientDB database, I
> need to enable CORS and then it works, but how comes that the OrientDB
> studio app works without having to enable CORS?
>
>
>
> That's really puzzling me because I'd like to reuse the code logic of the
> OrientDB Studio app in my own application and it does not work like the
> OrientDB Studio app.
>
>
>
> Also, it seems that the OrientDB Studio app is using the REST API of
> OrientDB, not the JavaScript API (orientdb-api.js). Am I right?
>
>
>
> Is there any documentation I could read to get a full understanding of how
> the Studio works?
>
>
>
> Regards,
>
> Jeremie
>
--
---
You received this message because you are subscribed to the Google Groups
"OrientDB" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
For more options, visit https://groups.google.com/d/optout.
