Re: [basex-talk] WWW-Authenticate header
Hi Christian, I've tested this and the multiple %perm:allow annotations again with the latest snapshot. Both are working as expected now. Thank you for taking care of this. Best regards Johannes Am 04.02.2019 um 14:57 schrieb Christian Grün: Hi Johannes, If the error code 401 is returned, the BaseX standard authentication values had been assigned to the response header. I have revised this a little: With the latest snapshot, the BaseX authentication header will only be assigned if the user does not provide a custom header in the RESTXQ response. A latest snapshot is online [1]. Best, Christian [1] http://files.basex.org/releases/latest/ On Wed, Jan 30, 2019 at 9:16 AM Johannes Bauer wrote: Hello BaseX Team, I'm trying to implement a RESTXQ service that uses JWT tokens for authorization and authentication. For this purpose I use a permission check annotated function that validates the token and returns a 401 response if the token is invalid or missing. declare %perm:check('/admin', '{$perm}') function security:check-admin($perm) { let $token := $perm?authorization where empty($token) return }; When I call the endpoint without token I get the expected response but the WWW-Authenticate header is different to the one that I have defined: WWW-Authenticate Basic realm="BaseX" Is there a way to override the BaseX provided header? Thanks for your input. Best regards Johannes
Re: [basex-talk] %perm:allow annotation
Good catch! It has been fixed in the latest snapshot. On Wed, Jan 30, 2019 at 3:42 PM Johannes Bauer wrote: > > Hi again, > > I've another question about the %perm:allow annotation. Is it possible to use > multiple instances of this annotation? > > My expectation would be that any of the listed roles is allowed to call the > function. For example: > > declare > %rest:GET > %rest:path("/multi") > %perm:allow("role1") > %perm:allow("role2") > function test:multi() as item()* > { >multi > }; > > declare > %rest:GET > %rest:path("/single") > %perm:allow("role1") > function test:single() as item()* > { >single > }; > > > > declare %perm:check('/admin', '{$perm}') function test:check($perm) > { >() > }; > > > When I call /multi the first time I get a response. But all further calls to > /multi will result in a NullPointerException. > Calls to /single do not have this problem. > > My error stacktrace is: > > java.lang.NullPointerException > at org.basex.util.list.ObjectList.finish(ObjectList.java:235) > at org.basex.query.value.seq.StrSeq.get(StrSeq.java:64) > at org.basex.http.restxq.RestXqPerm.map(RestXqPerm.java:43) > at org.basex.http.restxq.RestXqFunction.bind(RestXqFunction.java:263) > at org.basex.http.restxq.RestXqResponse.bind(RestXqResponse.java:61) > at org.basex.http.web.WebResponse.create(WebResponse.java:53) > at org.basex.http.restxq.RestXqServlet.run(RestXqServlet.java:50) > at org.basex.http.BaseXServlet.service(BaseXServlet.java:59) > at javax.servlet.http.HttpServlet.service(HttpServlet.java:742) > at > org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:231) > at > org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166) > at org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52) > at > org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193) > at > org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166) > at > org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:199) > at > org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:96) > at > org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:478) > at > org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:140) > at > org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:81) > at > org.apache.catalina.valves.AbstractAccessLogValve.invoke(AbstractAccessLogValve.java:650) > at > org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:87) > at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:342) > at org.apache.coyote.http11.Http11Processor.service(Http11Processor.java:803) > at > org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:66) > at > org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:868) > at > org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1459) > at > org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:49) > at > java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142) > at > java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617) > at > org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61) > at java.lang.Thread.run(Thread.java:745) > > > I think the error is at the location where he parses the perm:allow > annotations. > > Best regards > Johannes >
Re: [basex-talk] WWW-Authenticate header
Hi Johannes, If the error code 401 is returned, the BaseX standard authentication values had been assigned to the response header. I have revised this a little: With the latest snapshot, the BaseX authentication header will only be assigned if the user does not provide a custom header in the RESTXQ response. A latest snapshot is online [1]. Best, Christian [1] http://files.basex.org/releases/latest/ On Wed, Jan 30, 2019 at 9:16 AM Johannes Bauer wrote: > > Hello BaseX Team, > > I'm trying to implement a RESTXQ service that uses JWT tokens for > authorization and authentication. > For this purpose I use a permission check annotated function that validates > the token and returns a 401 response if the token is invalid or missing. > > declare %perm:check('/admin', '{$perm}') function security:check-admin($perm) > { >let $token := $perm?authorization >where empty($token) >return > > > > > > }; > > When I call the endpoint without token I get the expected response but the > WWW-Authenticate header is different to the one that I have defined: > > WWW-Authenticate Basic realm="BaseX" > > Is there a way to override the BaseX provided header? > > Thanks for your input. > > Best regards > Johannes >
Re: [basex-talk] Global lock = false and parallel update processes to different DBs
Hi France, > I noticed that the latest version of BaseX lost this feature and nothing > seems to replace it. I'm trying to improve performance of batch processes and > I was counting on that feature a lot. Any change it will come back or that > something equivalent will come? With BaseX 9, we removed the classical GLOBALLOCK option (i.e., GLOBALLOCK = false is standard now). > get db:open($lang)/* > process > save to db:open('staging-' || $lang) The name of your database may be specified as static string in your query (no matter if you use BaseX 8 or 9): get db:open('de')/* process save to db:open('staging-de') Did you try this already? Christian