Hi,
that's the way I have realized the login before, but now I combine this with the http basic authentication, because otherwise you can download all files in the webapp directory without being logged in. I have realized it in that way, but now I can't get the username of the user who is logged in. Is there any way to read the "org.eclipse.jetty.security.UserIdentity" attribute in the session? I always get an error:
HTTP ERROR 400
Problem accessing /restxq/getSession/org.eclipse.jetty.security.UserIdentity. Reason:
Stopped at D:/Projects/******/basex77/basex/webapp/restxq/utilities.xqm, 35/18:
[BXSE0002] Stored attribute cannot be retrieved: SessionAuthentication.
Stack Trace:
- D:/Projects/******/basex77/basex/webapp/restxq/utilities.xqm, 34/13
Powered by Jetty://
The server stops at the line, where it tries to read the session attribute "org.eclipse.jetty.security.UserIdentity".
Another question: Is there any way to realize parallel update queries in baseX?
Cheers,
Florian
-----Ursprüngliche Nachricht-----
Von: basex-talk-bounces@mailman.uni-konstanz.de [mailto:basex-talk-bounces@mailman.uni-konstanz.de] Im Auftrag von Dirk Kirsten
Gesendet: Montag, 26. August 2013 11:44
An: basex-talk@mailman.uni-konstanz.de
Betreff: Re: [basex-talk] username after login with jetty's HashLoginModule
Hello Florian,
you might want to ask this question on the jetty mailing list as this seems to be not really specific to BaseX. You most likely also will get a more useful response as we are no jetty experts per se.
However, I also couldn't find any HashLoginModule in our default jetty.xml (and I did a quick google search and could find anything), so I am not really sure what you actually do. Might be useful to post the relevant part of your jetty.xml.
Btw, in our RestXQ-based applications we mainly use application-defined authentication, i.e. we first check the proper login within each output function, so something like:
if(not(_:logged-in())) then () else
where _:logged-in() is simply
declare function _:logged-in()
as xs:boolean
{
boolean(_:id())
};
and we set the session variable during login.
Cheers,
Dirk
On 08/26/2013 11:25 AM, Florian Eckey wrote:
> Hey,
>
> I have a problem with the jetty authentication. I use the
> HashLoginModule, which is configured in the jetty.xml. The problem is,
> that I find no way to write the username in the session, so after
> login I have no username to deal with. Has anyone solved the same or a
> similar problem? Or are there any tips how to implement a secure
> login, after that I can use the entered username in the session?
>
> regards
>
> Florian
>
> _______________________________________________
> BaseX-Talk mailing list
> BaseX-Talk@mailman.uni-konstanz.de
> https://mailman.uni-konstanz.de/mailman/listinfo/basex-talk
>
--
Dirk Kirsten, BaseX GmbH, http://basex.org
|-- Firmensitz: Blarerstrasse 56, 78462 Konstanz
|-- Registergericht Freiburg, HRB: 708285, Geschäftsführer:
| Dr. Christian Grün, Dr. Alexander Holupirek, Michael Seiferle
`-- Phone: 0049 7531 28 28 676, Fax: 0049 7531 20 05 22 _______________________________________________
BaseX-Talk mailing list