Re: [basex-talk] WWW-Authenticate header
Hi Christian, I've tested this and the multiple %perm:allow annotations again with the latest snapshot. Both are working as expected now. Thank you for taking care of this. Best regards Johannes Am 04.02.2019 um 14:57 schrieb Christian Grün: Hi Johannes, If the error code 401 is returned, the BaseX standard authentication values had been assigned to the response header. I have revised this a little: With the latest snapshot, the BaseX authentication header will only be assigned if the user does not provide a custom header in the RESTXQ response. A latest snapshot is online [1]. Best, Christian [1] http://files.basex.org/releases/latest/ On Wed, Jan 30, 2019 at 9:16 AM Johannes Bauer wrote: Hello BaseX Team, I'm trying to implement a RESTXQ service that uses JWT tokens for authorization and authentication. For this purpose I use a permission check annotated function that validates the token and returns a 401 response if the token is invalid or missing. declare %perm:check('/admin', '{$perm}') function security:check-admin($perm) { let $token := $perm?authorization where empty($token) return }; When I call the endpoint without token I get the expected response but the WWW-Authenticate header is different to the one that I have defined: WWW-Authenticate Basic realm="BaseX" Is there a way to override the BaseX provided header? Thanks for your input. Best regards Johannes
Re: [basex-talk] WWW-Authenticate header
Hi Johannes, If the error code 401 is returned, the BaseX standard authentication values had been assigned to the response header. I have revised this a little: With the latest snapshot, the BaseX authentication header will only be assigned if the user does not provide a custom header in the RESTXQ response. A latest snapshot is online [1]. Best, Christian [1] http://files.basex.org/releases/latest/ On Wed, Jan 30, 2019 at 9:16 AM Johannes Bauer wrote: > > Hello BaseX Team, > > I'm trying to implement a RESTXQ service that uses JWT tokens for > authorization and authentication. > For this purpose I use a permission check annotated function that validates > the token and returns a 401 response if the token is invalid or missing. > > declare %perm:check('/admin', '{$perm}') function security:check-admin($perm) > { >let $token := $perm?authorization >where empty($token) >return > > > > > > }; > > When I call the endpoint without token I get the expected response but the > WWW-Authenticate header is different to the one that I have defined: > > WWW-Authenticate Basic realm="BaseX" > > Is there a way to override the BaseX provided header? > > Thanks for your input. > > Best regards > Johannes >
[basex-talk] WWW-Authenticate header
Hello BaseX Team, I'm trying to implement a RESTXQ service that uses JWT tokens for authorization and authentication. For this purpose I use a permission check annotated function that validates the token and returns a 401 response if the token is invalid or missing. declare %perm:check('/admin','{$perm}')function security:check-admin($perm) { let $token := $perm?authorization where empty($token) return }; When I call the endpoint without token I get the expected response but the WWW-Authenticate header is different to the one that I have defined: WWW-Authenticate Basic realm="BaseX" Is there a way to override the BaseX provided header? Thanks for your input. Best regards Johannes