Oliver,
Thanks for your feedback.
Following Omar’s suggestion and using RESTXQ is another good alternative, it definitely gives you most flexibility. You can possibly use it to block requests to resources that are not supposed to be made public.
By default, the admin user is enabled for RESTXQ in your BaseX web.xml file [1]. If you want to use the basic REST API, and if you don’t need authentication, all need to do is paste these quoted lines into the REST servlet configuration some lines below, and restart BaseX.
Talking about eXist-db, do you use basic authentication in the URL there as well? I’ll check out if we can generalize authentication in Java connections and make it available in the XSLT Module as well.
All the best, Christian
[1] https://github.com/BaseXdb/basex/blob/e44322378254a1db31de94b35a10a0ec8e29be...
I just wanted to give you a short reply belatedly. Finally, I wrote a small RESTXQ service to make the information accessible via stylesheet. For the moment it works fine for me und in regards to my current setup, it was easier to realize than relocating the whole transformation outside BaseX.
I found out that Michael Kay already recommended to write a custom URI resolver and I guess that is what is done in exist-db. In parallel I tried everything out in exist-db too and honestly it was no big deal to achieve that goal there.
Best, Oliver
-----Ursprüngliche Nachricht----- Von: Christian Grün [mailto:christian.gruen@gmail.com] Gesendet: Freitag, 24. November 2017 16:57 An: Zmorek, Oliver Oliver.Zmorek@degruyter.com Cc: BaseX basex-talk@mailman.uni-konstanz.de Betreff: Re: [basex-talk] xsl - using doc() to read in an xml stored within BaseX
Dear Oliver,
Here I used doc() and referred to the additional documents, e.g. doc(‘/serials/serial-123.xml’). Unfortunately, the transformation says that the file or directory does not exist.
If this function call is located in the XSLT file, it’s exactly what you have already guessed: Saxon won’t be able to resolve this file against the database.
Checked that simple with a browser – worked. The transformation instead didn’t work – it returned a 401 unauthorized http response.
I assume this is due to the way how Saxon evaluates the fn:doc function. Authorization information in URLs is ignored by the standard URL connections in Java, and my guess is that Saxon is based on these connections (in BaseX, we tackle this by enriching the connections with the given authorization data; but I know this won’t help you here).
Here are a few approaches how to solve the issue:
Use the REST API of BaseX with default admin privileges (by adding a context parameter with 'org.basex.user' in the web.xml file [1], and restarting BaseX). This should only be done if your XQuery expression does not perform any updates (otherwise, you will run into a deadlock), and (quite obviously) if there are no security concerns.
Temporarily write database files to disk, and delete them after the transformation. This may sound a bit cumbersome, but it may be the fastest solution (if performance is critical), because no time will be spent for retrieving files via HTTP.
Ask Michael Kay/Saxon if there is a chance to make fn:doc aware of authorization info.
Hope this helps, all the best from Konstanz, Christian