Hi everyone,
With BaseX 9.0, permission handling in web applications will be
further simplified. We have just finalized a new light-weight
permission layer that allows you to:
• attach permission strings to RESTXQ functions and
• disallow evaluation of such functions via annotated security functions.
More details can be found in the documentation [1]. Thanks to those
who gave helpful feedback!
A new snapshot is available [2]; the DBA has already been rewritten to
take advantage of the new annotations. In future versions, we might
provide built-in support for various authentication methods (LDAP,
OAuth, etc.), and the permission layer could possibly be extended to
the other BaseX APIs as well.
Looking forward to your feedback,
Christian
[1] http://docs.basex.org/wiki/Permissions
[2] http://files.basex.org/releases/latest/
