[basex-talk] %perm:allow annotation
Hi again,
I've another question about the %perm:allow annotation. Is it possible
to use multiple instances of this annotation?
My expectation would be that any of the listed roles is allowed to call
the function. For example:
declare %rest:GET
%rest:path("/multi")
%perm:allow("role1")
%perm:allow("role2")
function test:multi()as item()*
{
multi
}; declare %rest:GET
%rest:path("/single")
%perm:allow("role1")
function test:single()as item()*
{
single
};
declare %perm:check('/admin','{$perm}')function test:check($perm)
{
()
};
When I call /multi the first time I get a response. But all further
calls to /multi will result in a NullPointerException.
Calls to /single do not have this problem.
My error stacktrace is:
java.lang.NullPointerException
at org.basex.util.list.ObjectList.finish(ObjectList.java:235)
at org.basex.query.value.seq.StrSeq.get(StrSeq.java:64)
at org.basex.http.restxq.RestXqPerm.map(RestXqPerm.java:43)
at org.basex.http.restxq.RestXqFunction.bind(RestXqFunction.java:263)
at org.basex.http.restxq.RestXqResponse.bind(RestXqResponse.java:61)
at org.basex.http.web.WebResponse.create(WebResponse.java:53)
at org.basex.http.restxq.RestXqServlet.run(RestXqServlet.java:50)
at org.basex.http.BaseXServlet.service(BaseXServlet.java:59)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:742)
at
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:231)
at
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
at org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52)
at
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
at
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
at
org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:199)
at
org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:96)
at
org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:478)
at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:140)
at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:81)
at
org.apache.catalina.valves.AbstractAccessLogValve.invoke(AbstractAccessLogValve.java:650)
at
org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:87)
at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:342)
at org.apache.coyote.http11.Http11Processor.service(Http11Processor.java:803)
at
org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:66)
at
org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:868)
at
org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1459)
at
org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:49)
at
java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
at
java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
at
org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)
at java.lang.Thread.run(Thread.java:745)
I think the error is at the location where he parses the perm:allow
annotations.
Best regards
Johannes
Re: [basex-talk] fn:serialize() behaviour
Hi George,
Your query will probably give a better result if you wrap head and
body into an html element:
let $head :=
let $body :=
return serialize(
element html { $head, $body },
map { "method": "html", "version": "5.0"}
)
But you are right, in general it makes no sense to output the document
type declaration more than once. The nifty details are defined in a
separate specification [1], The document is very comprehensive, but
there are still some combinations of serialization parameters that are
not discussed in full depth. I noticed that BaseX and Saxon behave
differently in some cases. For example, Saxon may raise SEPM0004 error
for both the "xml" and "xhtml" output method, while it’s only defined
for "xml" in the spec. This error code is raised if a doctype
declaration is requested, and if more than one item is to be output.
BaseX followed the spec more closely, but as the Saxon solution seems
more consistent to me, I just updated our code:
• The new snapshot [2] will output only one doctype declaration.
• SEPM0004 will also be raised for the xhtml method now (not for html,
though, because html serialization is generally more lax than
xml/xhtml serialization).
• In analogy with Saxon, I turned the implementation-defined default
for the "include-content-type" parameter to "yes"; so the output of
the query above will now be as follows:
Cheers,
Christian
[1] https://www.w3.org/TR/xslt-xquery-serialization-31/
[2] http://files.basex.org/releases/latest/
> This is probably a non issue, but I thought I should report it anyway. I was
> playing around with serialization options today and I noticed that:
>
> let $head :=
> let $body :=
> return serialize(($head, $body), map { "method": "html", "version": "5.0"})
>
> will return
>
>
>
>
>
>
> I don't think fn:serialize() is defined in the xquery spec so it's
> implementation specific so I guess it also could be correct :)
>
> Also I have a question, I remember in the past a discussion about need for
> extra testing (XQuery spec wise) in BaseX? Is this still an issue? Hopefully
> I can find some time and help out with that.
>
> Regards,
>
> George
[basex-talk] WWW-Authenticate header
Hello BaseX Team,
I'm trying to implement a RESTXQ service that uses JWT tokens for
authorization and authentication.
For this purpose I use a permission check annotated function that
validates the token and returns a 401 response if the token is invalid
or missing.
declare %perm:check('/admin','{$perm}')function security:check-admin($perm)
{
let $token := $perm?authorization
where empty($token)
return
};
When I call the endpoint without token I get the expected response but
the WWW-Authenticate header is different to the one that I have defined:
WWW-Authenticate Basic realm="BaseX"
Is there a way to override the BaseX provided header?
Thanks for your input.
Best regards
Johannes
