Actually, I was wrong. The issue seems to be with the 401 Unauthorized status needed with Digest authentication. I can control the header value using both methods when the status is 200 OK, but BaseX does not allow me to modify the WWW-Authenticate header when the status is 401. Is this something that could be changed?


--
Tim A. Thompson
Discovery Metadata Librarian
Yale University Library


On Fri, Aug 18, 2017 at 10:26 PM, Tim Thompson <timathom@gmail.com> wrote:
Christian,

Here is a minimal example to try to illustrate what I am referring to:

https://bibfram.es/basex/static/header-test.xhtml

The first case (using the web:response-header() function) produces the desired response. You should see something like this after clicking "Test" (at least the first time, before caching):

<header> <name>WWW-Authenticate</name> <value>Digest realm="BaseX", nonce="35B2F3011682300F36AD37048B7B8560" </value> </header>

The second case (using custom elements) does not produce the desired response. You should see something like this after clicking "Test":

<header> <name>WWW-Authenticate</name> <value>Custom realm="BaseX" </value> </header>

So the two methods are not producing the same output.


--
Tim A. Thompson
Discovery Metadata Librarian
Yale University Library

On Fri, Aug 18, 2017 at 7:28 PM, Christian Grün <christian.gruen@gmail.com> wrote:
Hm, I still need to understand: Why can't you set WWW-Authenticate via standard response elements if you can do it with web:response-header (which simply generates elements that you could write by yourself)?



Am 19.08.2017 1:04 vorm. schrieb "Tim Thompson" <timathom@gmail.com>:
Yes, but that brings me back to my original issue. The standard RESTXQ response headers let me set the HTTP status, but they don't let me override some default header values: namely, WWW-Authenticate when BaseX is configured for "Custom" authentication. The web:response-header function does let me modify the header, but it does not let me set the HTTP status.

So, there are two different solutions here; each solves part of my problem, but neither one solves the whole problem :(

Tim

--
Tim A. Thompson
Discovery Metadata Librarian
Yale University Library


On Fri, Aug 18, 2017 at 4:46 PM, Christian Grün <christian.gruen@gmail.com> wrote:
True. In many cases, you are probably more flexible by using the
standard RESTXQ response headers.

On Fri, Aug 18, 2017 at 4:37 PM, Tim Thompson <timathom@gmail.com> wrote:
> Right, the status can be set when using the http:response element directly,
> but the web:response-header function does not seem to provide access to
> that. It only allows one to set new headers, not set the status of the
> response.
>
>
>
>
> --
> Tim A. Thompson
> Discovery Metadata Librarian
> Yale University Library
>
>
> On Fri, Aug 18, 2017 at 9:23 AM, Christian Grün <christian.gruen@gmail.com>
> wrote:
>>
>> Hi Tim,
>>
>> That should be possible as well:
>>
>>   <rest:response>
>>     <http:response status="{ ... }" message="{ ... }"/>
>>   </rest:response>
>>
>> Cheers,
>> Christian
>>
>>
>>
>> On Fri, Aug 18, 2017 at 3:20 PM, Tim Thompson <timathom@gmail.com> wrote:
>> > Hi, Christian,
>> >
>> > Yes, it does. The only issue is that there doesn't seem to be a way to
>> > set
>> > the HTTP status and message via web:response-header, is that right? This
>> > would be a great feature to have :)
>> >
>> > Tim
>> >
>> > --
>> > Tim A. Thompson
>> > Discovery Metadata Librarian
>> > Yale University Library
>> >
>> >
>> > On Fri, Aug 18, 2017 at 4:25 AM, Christian Grün
>> > <christian.gruen@gmail.com>
>> > wrote:
>> >>
>> >> Hi Tim,
>> >>
>> >> I am glad to hear the response header output does its job.
>> >>
>> >> As the function does nothing else than creating a response header
>> >> (unfortunately with this standard caching directive – I think I will
>> >> remove it along with BaseX 8.7), you could try to replace your
>> >> response elements with the function’s result. Does this help?
>> >>
>> >> Christian
>> >>
>> >>
>> >>
>> >> On Thu, Aug 17, 2017 at 9:21 PM, Tim Thompson <timathom@gmail.com>
>> >> wrote:
>> >> > Using the web:response-header() function from the BaseX Web Module
>> >> > seems
>> >> > to
>> >> > work for overriding default headers
>> >> > (http://docs.basex.org/wiki/Web_Module#web:response-header). I do
>> >> > wonder
>> >> > why
>> >> > the behavior differs between this function and directly using a
>> >> > rest:response element. Shouldn't these two be equivalent?
>> >> >
>> >> > Thanks,
>> >> > Tim
>> >> >
>> >> >
>> >> > --
>> >> > Tim A. Thompson
>> >> > Discovery Metadata Librarian
>> >> > Yale University Library
>> >> >
>> >> >
>> >> > On Thu, Aug 17, 2017 at 11:50 AM, Tim Thompson <timathom@gmail.com>
>> >> > wrote:
>> >> >>
>> >> >> Hello,
>> >> >>
>> >> >> Is it possible to overwrite default HTTP headers in RESTXQ? I am
>> >> >> running
>> >> >> BaseX in Tomcat 7 and have set the authmethod param set to "Custom."
>> >> >> I
>> >> >> wanted to define my own WWW-Authenticate header for Digest
>> >> >> authentication. I
>> >> >> tried something like this:
>> >> >>
>> >> >> <http:header
>> >> >>         name="WWW-Authenticate"
>> >> >>         value="{
>> >> >>           ``[Digest realm="BaseX",
>> >> >>                     qop="auth, auth-int",
>> >> >>                     algorithm=MD5,
>> >> >>                     nonce=`{hash:md5(random:uuid())}`]``
>> >> >>         }"/>
>> >> >>
>> >> >> (in a custom response, as specified in
>> >> >> http://docs.basex.org/wiki/RESTXQ#Custom_Response).
>> >> >>
>> >> >> However, the WWW-Authenticate header only returns a value of Custom
>> >> >> realm="BaseX" no matter what I do in the custom RESTXQ response.
>> >> >>
>> >> >> Thanks in advance,
>> >> >> Tim
>> >> >>
>> >> >> --
>> >> >> Tim A. Thompson
>> >> >> Discovery Metadata Librarian
>> >> >> Yale University Library
>> >> >>
>> >> >
>> >
>> >
>
>