Re: [basex-talk] WWW-Authenticate header

2019-02-04 Thread Johannes Bauer 

Hi Christian,

I've tested this and the multiple %perm:allow annotations again with the 
latest snapshot.

Both are working as expected now.

Thank you for taking care of this.

Best regards
Johannes

Am 04.02.2019 um 14:57 schrieb Christian Grün:

Hi Johannes,

If the error code 401 is returned, the BaseX standard authentication
values had been assigned to the response header.

I have revised this a little: With the latest snapshot, the BaseX
authentication header will only be assigned if the user does not
provide a custom header in the RESTXQ response. A latest snapshot is
online [1].

Best,
Christian

[1] http://files.basex.org/releases/latest/




On Wed, Jan 30, 2019 at 9:16 AM Johannes Bauer  wrote:

Hello BaseX Team,

I'm trying to implement a RESTXQ service that uses JWT tokens for authorization 
and authentication.
For this purpose I use a permission check annotated function that validates the 
token and returns a 401 response if the token is invalid or missing.

declare %perm:check('/admin', '{$perm}') function security:check-admin($perm)
{
let $token := $perm?authorization
where empty($token)
return

   
  
   

};

When I call the endpoint without token I get the expected response but the 
WWW-Authenticate header is different to the one that I have defined:

WWW-Authenticate Basic realm="BaseX"

Is there a way to override the BaseX provided header?

Thanks for your input.

Best regards
Johannes

Re: [basex-talk] WWW-Authenticate header

2019-02-04 Thread Christian Grün 
Hi Johannes,

If the error code 401 is returned, the BaseX standard authentication
values had been assigned to the response header.

I have revised this a little: With the latest snapshot, the BaseX
authentication header will only be assigned if the user does not
provide a custom header in the RESTXQ response. A latest snapshot is
online [1].

Best,
Christian

[1] http://files.basex.org/releases/latest/




On Wed, Jan 30, 2019 at 9:16 AM Johannes Bauer  wrote:
>
> Hello BaseX Team,
>
> I'm trying to implement a RESTXQ service that uses JWT tokens for 
> authorization and authentication.
> For this purpose I use a permission check annotated function that validates 
> the token and returns a 401 response if the token is invalid or missing.
>
> declare %perm:check('/admin', '{$perm}') function security:check-admin($perm)
> {
>let $token := $perm?authorization
>where empty($token)
>return
>
>   
>  
>   
>
> };
>
> When I call the endpoint without token I get the expected response but the 
> WWW-Authenticate header is different to the one that I have defined:
>
> WWW-Authenticate Basic realm="BaseX"
>
> Is there a way to override the BaseX provided header?
>
> Thanks for your input.
>
> Best regards
> Johannes
>

[basex-talk] WWW-Authenticate header

2019-01-30 Thread Johannes Bauer 

Hello BaseX Team,

I'm trying to implement a RESTXQ service that uses JWT tokens for 
authorization and authentication.
For this purpose I use a permission check annotated function that 
validates the token and returns a 401 response if the token is invalid 
or missing.


declare %perm:check('/admin','{$perm}')function security:check-admin($perm)
{
   let $token := $perm?authorization
   where empty($token)
   return 
  
 
  
   
};

When I call the endpoint without token I get the expected response but 
the WWW-Authenticate header is different to the one that I have defined:


WWW-Authenticate Basic realm="BaseX"

Is there a way to override the BaseX provided header?

Thanks for your input.

Best regards
Johannes