Good news ;) Thanks for the update!
Am 22.08.2017 20:00 schrieb "Tim Thompson" timathom@gmail.com:
Christian,
Thinking through this more, I don't believe anything needs to change in the current BaseX authentication handling. For my use case, I can just use the default BaseX Digest authentication, or else use a custom HTTP header.
I apologize for the trouble!
Thanks again, Tim
-- Tim A. Thompson Discovery Metadata Librarian Yale University Library
On Sun, Aug 20, 2017 at 1:10 PM, Christian Grün <christian.gruen@gmail.com
wrote:
I must confess I’ll need some time to get through this (I haven’t spent too much time with the Custom option so far). If everything works out, I’ll be able to do so in the upcoming week. If you manage to provide me with an SSCCE that show exactly what would need to happen, that would be great!
Thanks, Christian
On Sat, Aug 19, 2017 at 4:54 AM, Tim Thompson timathom@gmail.com wrote:
Actually, I was wrong. The issue seems to be with the 401 Unauthorized status needed with Digest authentication. I can control the header value using both methods when the status is 200 OK, but BaseX does not allow
me to
modify the WWW-Authenticate header when the status is 401. Is this
something
that could be changed?
-- Tim A. Thompson Discovery Metadata Librarian Yale University Library
On Fri, Aug 18, 2017 at 10:26 PM, Tim Thompson timathom@gmail.com
wrote:
Christian,
Here is a minimal example to try to illustrate what I am referring to:
https://bibfram.es/basex/static/header-test.xhtml
The first case (using the web:response-header() function) produces the desired response. You should see something like this after clicking
"Test"
(at least the first time, before caching):
<header> <name>WWW-Authenticate</name> <value>Digest realm="BaseX", nonce="35B2F3011682300F36AD37048B7B8560" </value> </header>
The second case (using custom elements) does not produce the desired response. You should see something like this after clicking "Test":
<header> <name>WWW-Authenticate</name> <value>Custom realm="BaseX" </value> </header>
So the two methods are not producing the same output.
-- Tim A. Thompson Discovery Metadata Librarian Yale University Library
On Fri, Aug 18, 2017 at 7:28 PM, Christian Grün christian.gruen@gmail.com wrote:
Hm, I still need to understand: Why can't you set WWW-Authenticate via standard response elements if you can do it with web:response-header
(which
simply generates elements that you could write by yourself)?
Am 19.08.2017 1:04 vorm. schrieb "Tim Thompson" timathom@gmail.com:
Yes, but that brings me back to my original issue. The standard RESTXQ response headers let me set the HTTP status, but they don't let me
override
some default header values: namely, WWW-Authenticate when BaseX is configured for "Custom" authentication. The web:response-header
function
does let me modify the header, but it does not let me set the HTTP
status.
So, there are two different solutions here; each solves part of my problem, but neither one solves the whole problem :(
Tim
-- Tim A. Thompson Discovery Metadata Librarian Yale University Library
On Fri, Aug 18, 2017 at 4:46 PM, Christian Grün christian.gruen@gmail.com wrote:
True. In many cases, you are probably more flexible by using the standard RESTXQ response headers.
On Fri, Aug 18, 2017 at 4:37 PM, Tim Thompson timathom@gmail.com wrote: > Right, the status can be set when using the http:response element > directly, > but the web:response-header function does not seem to provide
access
> to > that. It only allows one to set new headers, not set the status of
the
> response. > > > > > -- > Tim A. Thompson > Discovery Metadata Librarian > Yale University Library > > > On Fri, Aug 18, 2017 at 9:23 AM, Christian Grün > christian.gruen@gmail.com > wrote: >> >> Hi Tim, >> >> That should be possible as well: >> >> rest:response >> <http:response status="{ ... }" message="{ ... }"/> >> </rest:response> >> >> Cheers, >> Christian >> >> >> >> On Fri, Aug 18, 2017 at 3:20 PM, Tim Thompson <timathom@gmail.com
>> wrote: >> > Hi, Christian, >> > >> > Yes, it does. The only issue is that there doesn't seem to be a
way
>> > to >> > set >> > the HTTP status and message via web:response-header, is that
right?
>> > This >> > would be a great feature to have :) >> > >> > Tim >> > >> > -- >> > Tim A. Thompson >> > Discovery Metadata Librarian >> > Yale University Library >> > >> > >> > On Fri, Aug 18, 2017 at 4:25 AM, Christian Grün >> > christian.gruen@gmail.com >> > wrote: >> >> >> >> Hi Tim, >> >> >> >> I am glad to hear the response header output does its job. >> >> >> >> As the function does nothing else than creating a response
header
>> >> (unfortunately with this standard caching directive – I think I >> >> will >> >> remove it along with BaseX 8.7), you could try to replace your >> >> response elements with the function’s result. Does this help? >> >> >> >> Christian >> >> >> >> >> >> >> >> On Thu, Aug 17, 2017 at 9:21 PM, Tim Thompson <
timathom@gmail.com>
>> >> wrote: >> >> > Using the web:response-header() function from the BaseX Web >> >> > Module >> >> > seems >> >> > to >> >> > work for overriding default headers >> >> > (http://docs.basex.org/wiki/Web_Module#web:response-header).
I
>> >> > do >> >> > wonder >> >> > why >> >> > the behavior differs between this function and directly
using a
>> >> > rest:response element. Shouldn't these two be equivalent? >> >> > >> >> > Thanks, >> >> > Tim >> >> > >> >> > >> >> > -- >> >> > Tim A. Thompson >> >> > Discovery Metadata Librarian >> >> > Yale University Library >> >> > >> >> > >> >> > On Thu, Aug 17, 2017 at 11:50 AM, Tim Thompson >> >> > timathom@gmail.com >> >> > wrote: >> >> >> >> >> >> Hello, >> >> >> >> >> >> Is it possible to overwrite default HTTP headers in RESTXQ?
I
>> >> >> am >> >> >> running >> >> >> BaseX in Tomcat 7 and have set the authmethod param set to >> >> >> "Custom." >> >> >> I >> >> >> wanted to define my own WWW-Authenticate header for Digest >> >> >> authentication. I >> >> >> tried something like this: >> >> >> >> >> >> http:header > >> >> name="WWW-Authenticate" >> >> >> value="{ >> >> >> ``[Digest realm="BaseX", >> >> >> qop="auth, auth-int", >> >> >> algorithm=MD5, >> >> >> nonce=`{hash:md5(random:uuid())}`]`` >> >> >> }"/> >> >> >> >> >> >> (in a custom response, as specified in >> >> >> http://docs.basex.org/wiki/RESTXQ#Custom_Response). >> >> >> >> >> >> However, the WWW-Authenticate header only returns a value of >> >> >> Custom >> >> >> realm="BaseX" no matter what I do in the custom RESTXQ >> >> >> response. >> >> >> >> >> >> Thanks in advance, >> >> >> Tim >> >> >> >> >> >> -- >> >> >> Tim A. Thompson >> >> >> Discovery Metadata Librarian >> >> >> Yale University Library >> >> >> >> >> > >> > >> > > >