Hi,

Looks likt I got BaseX 9.1.2 to work.

I configured the AUTHMETHOD in .basex to Digest

In the %perm:check funktion I return 401 if I want authentication. As noted in commit https://github.com/BaseXdb/basex/commit/acd4713e99f618c8dc9dda8d5f994d0139c2bf42 for 9.2 there is no way to send a custom WWW-Authentication header but this triggers the BaseX/jetty built in authentication, be that Basic, Digest or "Custom"

So if I return a response containing this part:

    <http:response status="401" message="Authenticate">
      {(: <http:header name="WWW-Authenticate" value=""/> Never before 9.2 used see AUTHMETHOD  --> :)}
      <http:header name="Content-Language" value="en"/>
      <http:header name="Content-Type" value="text/html; charset=utf-8"/>
    </http:response>

I can decide in code when i need a user to autheticate.

Hope that keeps working.

Best regards

Omar

Am 15.02.2019 um 16:28 schrieb Christian Grün:

Hi Omar,

As I see it there is no way of doing this selectively.

Right, there is no such solution at the moment. We didn’t implement
digest authentication via our permission layer so far, but it should
definitely be possible (might be an interesting challenge… any
volunteers out there?).

Best,
Christian