Re: [basex-talk] Using HTTP Digest Authentication in a RESTXQ services
Sounds good, Omar, thanks for reporting this back to the list!
I believe your solution should continue to function with BaseX 9.2.
On Tue, Feb 26, 2019 at 3:42 PM Omar Siam wrote:
>
> Hi,
>
> Looks likt I got BaseX 9.1.2 to work.
>
> I configured the AUTHMETHOD in .basex to Digest
>
> In the %perm:check funktion I return 401 if I want authentication. As noted
> in commit
> https://github.com/BaseXdb/basex/commit/acd4713e99f618c8dc9dda8d5f994d0139c2bf42
> for 9.2 there is no way to send a custom WWW-Authentication header but this
> triggers the BaseX/jetty built in authentication, be that Basic, Digest or
> "Custom"
>
> So if I return a response containing this part:
>
>
> {(: Never before 9.2
> used see AUTHMETHOD --> :)}
>
>
>
>
> I can decide in code when i need a user to autheticate.
>
> Hope that keeps working.
>
> Best regards
>
> Omar
>
> Am 15.02.2019 um 16:28 schrieb Christian Grün:
>
> Hi Omar,
>
> As I see it there is no way of doing this selectively.
>
> Right, there is no such solution at the moment. We didn’t implement
> digest authentication via our permission layer so far, but it should
> definitely be possible (might be an interesting challenge… any
> volunteers out there?).
>
> Best,
> Christian
>
Re: [basex-talk] Using HTTP Digest Authentication in a RESTXQ services
Hi,
Looks likt I got BaseX 9.1.2 to work.
I configured the AUTHMETHOD in .basex to Digest
In the %perm:check funktion I return 401 if I want authentication. As
noted in commit
https://github.com/BaseXdb/basex/commit/acd4713e99f618c8dc9dda8d5f994d0139c2bf42
for 9.2 there is no way to send a custom WWW-Authentication header but
this triggers the BaseX/jetty built in authentication, be that Basic,
Digest or "Custom"
So if I return a response containing this part:
{(: Never before 9.2 used
see AUTHMETHOD --> :)}
I can decide in code when i need a user to autheticate.
Hope that keeps working.
Best regards
Omar
Am 15.02.2019 um 16:28 schrieb Christian Grün:
Hi Omar,
As I see it there is no way of doing this selectively.
Right, there is no such solution at the moment. We didn’t implement
digest authentication via our permission layer so far, but it should
definitely be possible (might be an interesting challenge… any
volunteers out there?).
Best,
Christian
Re: [basex-talk] Using HTTP Digest Authentication in a RESTXQ services
Hi Omar, > As I see it there is no way of doing this selectively. Right, there is no such solution at the moment. We didn’t implement digest authentication via our permission layer so far, but it should definitely be possible (might be an interesting challenge… any volunteers out there?). Best, Christian > Like having the / > page not having authentication and /dba do authentication using some > other method. Or if I have some service where I need to decide at > runtime in XQuery code that I now would like to require the client to do > digest authentication. Digest authentication cannot be hooked to the > %perm annotation I think. > > Is that correct or am I missing something? > > Best regards > > Omar > > Am 14.02.2019 um 18:39 schrieb Christian Grün: > > Hi Omar, > > > > Digest authentication with RESTXQ should work out of the box. The > > following changes in the configuration may be required: > > > > • You’ll need to enable digest authentication in the web.xml > > configuration file [1] > > • By default, the admin user is enabled for RESTXQ requests. You’ll > > need to remove the corresponding entry [2] > > > > Best > > Christian > > > > [1] > > https://github.com/BaseXdb/basex/blob/9a089491894a01f9d8edb5d30e695f18b13bc9c4/basex-api/src/main/webapp/WEB-INF/web.xml#L93-L96 > > [2] > > https://github.com/BaseXdb/basex/blob/9a089491894a01f9d8edb5d30e695f18b13bc9c4/basex-api/src/main/webapp/WEB-INF/web.xml#L32-L35 > > > > > > > > On Thu, Feb 14, 2019 at 6:35 PM Omar Siam wrote: > >> Hi list! > >> > >> I just experimented a bit to see if there is an obvious way to use HTTP > >> digest authentication for some RESTXQ service I plan to write. I would > >> prefer not to reimplement the HTTP digest logic in XQuery. I thought > >> maybe there is a way to use the built in digest logic like for the REST > >> endpoint. I don't seem to get that to work. Any suggestions? > >> > >> Best regards > >> > >> Omar Siam > >>
Re: [basex-talk] Using HTTP Digest Authentication in a RESTXQ services
Hi and thanks for the quick response! Ok. Now I see how that works. As I see it there is no way of doing this selectively. Like having the / page not having authentication and /dba do authentication using some other method. Or if I have some service where I need to decide at runtime in XQuery code that I now would like to require the client to do digest authentication. Digest authentication cannot be hooked to the %perm annotation I think. Is that correct or am I missing something? Best regards Omar Am 14.02.2019 um 18:39 schrieb Christian Grün: Hi Omar, Digest authentication with RESTXQ should work out of the box. The following changes in the configuration may be required: • You’ll need to enable digest authentication in the web.xml configuration file [1] • By default, the admin user is enabled for RESTXQ requests. You’ll need to remove the corresponding entry [2] Best Christian [1] https://github.com/BaseXdb/basex/blob/9a089491894a01f9d8edb5d30e695f18b13bc9c4/basex-api/src/main/webapp/WEB-INF/web.xml#L93-L96 [2] https://github.com/BaseXdb/basex/blob/9a089491894a01f9d8edb5d30e695f18b13bc9c4/basex-api/src/main/webapp/WEB-INF/web.xml#L32-L35 On Thu, Feb 14, 2019 at 6:35 PM Omar Siam wrote: Hi list! I just experimented a bit to see if there is an obvious way to use HTTP digest authentication for some RESTXQ service I plan to write. I would prefer not to reimplement the HTTP digest logic in XQuery. I thought maybe there is a way to use the built in digest logic like for the REST endpoint. I don't seem to get that to work. Any suggestions? Best regards Omar Siam
Re: [basex-talk] Using HTTP Digest Authentication in a RESTXQ services
Hi Omar, Digest authentication with RESTXQ should work out of the box. The following changes in the configuration may be required: • You’ll need to enable digest authentication in the web.xml configuration file [1] • By default, the admin user is enabled for RESTXQ requests. You’ll need to remove the corresponding entry [2] Best Christian [1] https://github.com/BaseXdb/basex/blob/9a089491894a01f9d8edb5d30e695f18b13bc9c4/basex-api/src/main/webapp/WEB-INF/web.xml#L93-L96 [2] https://github.com/BaseXdb/basex/blob/9a089491894a01f9d8edb5d30e695f18b13bc9c4/basex-api/src/main/webapp/WEB-INF/web.xml#L32-L35 On Thu, Feb 14, 2019 at 6:35 PM Omar Siam wrote: > > Hi list! > > I just experimented a bit to see if there is an obvious way to use HTTP > digest authentication for some RESTXQ service I plan to write. I would > prefer not to reimplement the HTTP digest logic in XQuery. I thought > maybe there is a way to use the built in digest logic like for the REST > endpoint. I don't seem to get that to work. Any suggestions? > > Best regards > > Omar Siam >
