Hi everyone,
With BaseX 9.0, permission handling in web applications will be further simplified. We have just finalized a new light-weight permission layer that allows you to:
• attach permission strings to RESTXQ functions and • disallow evaluation of such functions via annotated security functions.
More details can be found in the documentation [1]. Thanks to those who gave helpful feedback!
A new snapshot is available [2]; the DBA has already been rewritten to take advantage of the new annotations. In future versions, we might provide built-in support for various authentication methods (LDAP, OAuth, etc.), and the permission layer could possibly be extended to the other BaseX APIs as well.
Looking forward to your feedback, Christian
[1] http://docs.basex.org/wiki/Permissions [2] http://files.basex.org/releases/latest/