Thanks Marco, I understand.
As an aside for others, a GO edge router with BaseX is another option - say https://github.com/thomseddon/traefik-forward-auth. OIDC, ACME and SSL are all built in.
BaseX can trust / check the forwarded cookie as part of BaseX permissions checking. https://docs.basex.org/wiki/Permissions
Adam
On Mon, May 3, 2021 at 6:00 PM basex-talk-request@mailman.uni-konstanz.de wrote:
Send BaseX-Talk mailing list submissions to basex-talk@mailman.uni-konstanz.de
To subscribe or unsubscribe via the World Wide Web, visit https://mailman.uni-konstanz.de/mailman/listinfo/basex-talk or, via email, send a message with subject or body 'help' to basex-talk-request@mailman.uni-konstanz.de
You can reach the person managing the list at basex-talk-owner@mailman.uni-konstanz.de
When replying, please edit your Subject line so it is more specific than "Re: Contents of BaseX-Talk digest..."
Today's Topics:
- Re: Make use of external Identity Management for BaseX (Marco Lettere)
- Re: Make use of external Identity Management for BaseX (Marco Lettere)
Message: 1 Date: Mon, 3 May 2021 09:20:45 +0200 From: Marco Lettere m.lettere@gmail.com To: basex-talk@mailman.uni-konstanz.de Subject: Re: [basex-talk] Make use of external Identity Management for BaseX Message-ID: 0978b86f-a884-052c-dd2c-0eb18291f7f5@gmail.com Content-Type: text/plain; charset="utf-8"; Format="flowed"
Hi Adam, sorry but licensing terms are out of our choice. We've developed that code in the framework of EU H2020 funded projects [1,2] thus we have to adhere to the policies of the Institution we cooperate with (Italian Council of Research).
Anyway as I told this code is more a proof of concept for administrative activities related to batch creation of clients ... Feel free to use and adapt the code as you prefer.
Regards, Marco.
[1] https://www.blue-cloud.org/ [2] http://project.sobigdata.eu/
On 01/05/21 05:29, Adam Law wrote:
If Rob isn't interested, I certain am... Yes please share
We have also a RestXQ module that in combination with basex:perm
annotations protects access to a GUI implementing the Oauth2 Code-grant flow. If Rob is interested we could share.
Many thanks for sharing
https://code-repo.d4science.org/gCubeSystem/d4science-keycloak-themes/src/br...
<
https://code-repo.d4science.org/gCubeSystem/d4science-keycloak-themes/src/br...
This is a bit forward of me, but would you consider changing?the license away from European Union Public Licence which appears to be 'copyleft' to say BSD 3-Clause, MIT, ...
Adam
On Fri, Apr 30, 2021 at 6:00 PM <basex-talk-request@mailman.uni-konstanz.de mailto:basex-talk-request@mailman.uni-konstanz.de> wrote:
Send BaseX-Talk mailing list submissions to basex-talk@mailman.uni-konstanz.de <mailto:basex-talk@mailman.uni-konstanz.de> To subscribe or unsubscribe via the World Wide Web, visit https://mailman.uni-konstanz.de/mailman/listinfo/basex-talk <https://mailman.uni-konstanz.de/mailman/listinfo/basex-talk> or, via email, send a message with subject or body 'help' to basex-talk-request@mailman.uni-konstanz.de <mailto:basex-talk-request@mailman.uni-konstanz.de> You can reach the person managing the list at basex-talk-owner@mailman.uni-konstanz.de <mailto:basex-talk-owner@mailman.uni-konstanz.de> When replying, please edit your Subject line so it is more specific than "Re: Contents of BaseX-Talk digest..." Today's Topics: ? ?1. Make use of external Identity Management for BaseX (Rob) ? ?2. Re: Reloading jars on a running http server. (Reece Dunn) ? ?3. Getting profile information in server responses. (Reece Dunn) ? ?4. Re: Make use of external Identity Management for BaseX ? ? ? (Christian Gr?n) ? ?5. Re: Reloading jars on a running http server. (Christian Gr?n) ? ?6. Re: Getting profile information in server responses. ? ? ? (Christian Gr?n) ? ?7. Re: Reloading jars on a running http server. (Reece Dunn) ? ?8. Re: Reloading jars on a running http server. (Christian Gr?n) ? ?9. Re: Make use of external Identity Management for BaseX ? ? ? (Marco Lettere)
Message: 1 Date: Thu, 29 Apr 2021 15:54:08 +0200 From: Rob <private@tjalma.com <mailto:private@tjalma.com>> To: BaseX <basex-talk@mailman.uni-konstanz.de <mailto:basex-talk@mailman.uni-konstanz.de>> Subject: [basex-talk] Make use of external Identity Management for ? ? ? ? BaseX Message-ID: <39036EF3-E67D-470D-B2F4-E6FBFFDF40E6@tjalma.com <mailto:39036EF3-E67D-470D-B2F4-E6FBFFDF40E6@tjalma.com>> Content-Type: text/plain;? ? ? ?charset=utf-8 Hi, I have a question. Can BaseX make use of an Identity Management application like Keycloak for Users? I can?t find anything about it :) With kind regards, Rob Tjalma ------------------------------ Message: 2 Date: Thu, 29 Apr 2021 20:48:09 +0100 From: Reece Dunn <msclrhd@googlemail.com <mailto:msclrhd@googlemail.com>> To: Christian Gr?n <christian.gruen@gmail.com <mailto:christian.gruen@gmail.com>> Cc: BaseX <basex-talk@mailman.uni-konstanz.de <mailto:basex-talk@mailman.uni-konstanz.de>> Subject: Re: [basex-talk] Reloading jars on a running http server. Message-ID: ? ? ? ? <CAGdtn24Qdgbe3=nebYA1je4hCrZVAgi_sercCRxsTxmZcWcAxQ@mail.gmail.com <mailto:nebYA1je4hCrZVAgi_sercCRxsTxmZcWcAxQ@mail.gmail.com>> Content-Type: text/plain; charset="utf-8" Hi Christian, Thanks for the response. Unfortunately, I've not been able to get the reloading working. Kind regards, Reece On Wed, 21 Apr 2021 at 18:49, Christian Gr?n <christian.gruen@gmail.com <mailto:christian.gruen@gmail.com>> wrote: > Hi Reece, > > If you install your Java code as JAR file in the repository [1],the
> code will be loaded and unloaded every time when your query is > executed. If you get an error message? > >? ?java.lang.reflect.InaccessibleObjectException: Unable to make field > private final jdk.internal.loader.URLClassPath > java.net.URLClassLoader.ucp accessible: module java.base does not > "opens java.net <http://java.net>" to unnamed module @79e2c065 > > ?unloading fails [2], as you?re probably using a more recentversion
> of the JDK, which restricts reflective access to internalvariables.
> You can get around this by adding Java flags at startup time: > >? --add-opens java.base/java.net <http://java.net>=ALL-UNNAMED >? --add-opens java.base/jdk.internal.loader=ALL-UNNAMED > > Maybe there are better solutions to unload JAR files today. > Suggestions are welcome! > > Hope this helps, > Christian > > [1] https://docs.basex.org/wiki/Repository#Java <https://docs.basex.org/wiki/Repository#Java> > [2] >https://github.com/BaseXdb/basex/blob/master/basex-core/src/main/java/org/ba...
<https://github.com/BaseXdb/basex/blob/master/basex-core/src/main/java/org/ba...
> > > > On Tue, Apr 20, 2021 at 6:44 PM Reece Dunn <msclrhd@googlemail.com <mailto:msclrhd@googlemail.com>> wrote: > > > > Hi all, > > > > I'm working on a Java class that I'm importing into an XQuery, so I can > do additional processing on the data that isn't easily expressible in > XQuery (or XSLT). In order to get BaseX to pick up a modified version of > the jar file I'm building, I'm restarting the BaseX http server. > > > > This makes it slower to turn around testing the changes. Is there a > better way of doing this? > > > > Kind regards, > > Reece >
Yes, that is another good idea. For the protection of REST API services we are currently also experimenting with extending Nginx in order to become a full-fledged authn/authz enforcer that will sit in front and absorb all the security concerns on behalf of the services themselves. It just feels less natural for protecting front facing applications (with GUIs) where we still prefer doing the code_grant flow internally. m2c. M.
On 03/05/21 14:07, Adam Law wrote:
Thanks Marco, I understand.
As an aside for others, a GO edge router with BaseX is another option
https://github.com/thomseddon/traefik-forward-auth. OIDC, ACME and SSL are all built in.
BaseX can trust / check the forwarded cookie as part of BaseX permissions checking. https://docs.basex.org/wiki/Permissions https://docs.basex.org/wiki/Permissions
Adam
On Mon, May 3, 2021 at 6:00 PM <basex-talk-request@mailman.uni-konstanz.de mailto:basex-talk-request@mailman.uni-konstanz.de> wrote:
Send BaseX-Talk mailing list submissions to basex-talk@mailman.uni-konstanz.de <mailto:basex-talk@mailman.uni-konstanz.de> To subscribe or unsubscribe via the World Wide Web, visit https://mailman.uni-konstanz.de/mailman/listinfo/basex-talk <https://mailman.uni-konstanz.de/mailman/listinfo/basex-talk> or, via email, send a message with subject or body 'help' to basex-talk-request@mailman.uni-konstanz.de <mailto:basex-talk-request@mailman.uni-konstanz.de> You can reach the person managing the list at basex-talk-owner@mailman.uni-konstanz.de <mailto:basex-talk-owner@mailman.uni-konstanz.de> When replying, please edit your Subject line so it is more specific than "Re: Contents of BaseX-Talk digest..." Today's Topics: 1. Re: Make use of external Identity Management for BaseX (Marco Lettere) 2. Re: Make use of external Identity Management for BaseX (Marco Lettere) ---------------------------------------------------------------------- Message: 1 Date: Mon, 3 May 2021 09:20:45 +0200 From: Marco Lettere <m.lettere@gmail.com <mailto:m.lettere@gmail.com>> To: basex-talk@mailman.uni-konstanz.de <mailto:basex-talk@mailman.uni-konstanz.de> Subject: Re: [basex-talk] Make use of external Identity Management for BaseX Message-ID: <0978b86f-a884-052c-dd2c-0eb18291f7f5@gmail.com <mailto:0978b86f-a884-052c-dd2c-0eb18291f7f5@gmail.com>> Content-Type: text/plain; charset="utf-8"; Format="flowed" Hi Adam, sorry but licensing terms are out of our choice. We've developed that code in the framework of EU H2020 funded projects [1,2] thus we have to adhere to the policies of the Institution we cooperate with (Italian Council of Research). Anyway as I told this code is more a proof of concept for administrative activities related to batch creation of clients ... Feel free to use and adapt the code as you prefer. Regards, Marco. [1] https://www.blue-cloud.org/ <https://www.blue-cloud.org/> [2] http://project.sobigdata.eu/ <http://project.sobigdata.eu/> On 01/05/21 05:29, Adam Law wrote: > If Rob isn't interested, I certain am... Yes please share > > >>We have also a RestXQ module that in combination with basex:perm > annotations protects access to a GUI implementing the Oauth2 Code-grant > flow. If Rob is interested we could share. > > Many thanks for sharing > https://code-repo.d4science.org/gCubeSystem/d4science-keycloak-themes/src/branch/master/src/utils/xquery <https://code-repo.d4science.org/gCubeSystem/d4science-keycloak-themes/src/branch/master/src/utils/xquery> > <https://code-repo.d4science.org/gCubeSystem/d4science-keycloak-themes/src/branch/master/src/utils/xquery <https://code-repo.d4science.org/gCubeSystem/d4science-keycloak-themes/src/branch/master/src/utils/xquery>> > > This is a bit forward of me, but would you consider changing?the > license away from European Union Public Licence which appears to be > 'copyleft' to say BSD 3-Clause, MIT, ... > > Adam > > On Fri, Apr 30, 2021 at 6:00 PM > <basex-talk-request@mailman.uni-konstanz.de <mailto:basex-talk-request@mailman.uni-konstanz.de> > <mailto:basex-talk-request@mailman.uni-konstanz.de <mailto:basex-talk-request@mailman.uni-konstanz.de>>> wrote: > > Send BaseX-Talk mailing list submissions to > basex-talk@mailman.uni-konstanz.de <mailto:basex-talk@mailman.uni-konstanz.de> > <mailto:basex-talk@mailman.uni-konstanz.de <mailto:basex-talk@mailman.uni-konstanz.de>> > > To subscribe or unsubscribe via the World Wide Web, visit > https://mailman.uni-konstanz.de/mailman/listinfo/basex-talk <https://mailman.uni-konstanz.de/mailman/listinfo/basex-talk> > <https://mailman.uni-konstanz.de/mailman/listinfo/basex-talk <https://mailman.uni-konstanz.de/mailman/listinfo/basex-talk>> > or, via email, send a message with subject or body 'help' to > basex-talk-request@mailman.uni-konstanz.de <mailto:basex-talk-request@mailman.uni-konstanz.de> > <mailto:basex-talk-request@mailman.uni-konstanz.de <mailto:basex-talk-request@mailman.uni-konstanz.de>> > > You can reach the person managing the list at > basex-talk-owner@mailman.uni-konstanz.de <mailto:basex-talk-owner@mailman.uni-konstanz.de> > <mailto:basex-talk-owner@mailman.uni-konstanz.de <mailto:basex-talk-owner@mailman.uni-konstanz.de>> > > When replying, please edit your Subject line so it is more specific > than "Re: Contents of BaseX-Talk digest..." > > > Today's Topics: > > ? ?1. Make use of external Identity Management for BaseX (Rob) > ? ?2. Re: Reloading jars on a running http server. (Reece Dunn) > ? ?3. Getting profile information in server responses. (Reece Dunn) > ? ?4. Re: Make use of external Identity Management for BaseX > ? ? ? (Christian Gr?n) > ? ?5. Re: Reloading jars on a running http server. (Christian Gr?n) > ? ?6. Re: Getting profile information in server responses. > ? ? ? (Christian Gr?n) > ? ?7. Re: Reloading jars on a running http server. (Reece Dunn) > ? ?8. Re: Reloading jars on a running http server. (Christian Gr?n) > ? ?9. Re: Make use of external Identity Management for BaseX > ? ? ? (Marco Lettere) > > > ---------------------------------------------------------------------- > > Message: 1 > Date: Thu, 29 Apr 2021 15:54:08 +0200 > From: Rob <private@tjalma.com <mailto:private@tjalma.com> <mailto:private@tjalma.com <mailto:private@tjalma.com>>> > To: BaseX <basex-talk@mailman.uni-konstanz.de <mailto:basex-talk@mailman.uni-konstanz.de> > <mailto:basex-talk@mailman.uni-konstanz.de <mailto:basex-talk@mailman.uni-konstanz.de>>> > Subject: [basex-talk] Make use of external Identity Management for > ? ? ? ? BaseX > Message-ID: <39036EF3-E67D-470D-B2F4-E6FBFFDF40E6@tjalma.com <mailto:39036EF3-E67D-470D-B2F4-E6FBFFDF40E6@tjalma.com> > <mailto:39036EF3-E67D-470D-B2F4-E6FBFFDF40E6@tjalma.com <mailto:39036EF3-E67D-470D-B2F4-E6FBFFDF40E6@tjalma.com>>> > Content-Type: text/plain;? ? ? ?charset=utf-8 > > Hi, > > I have a question. > Can BaseX make use of an Identity Management application like > Keycloak for Users? > > I can?t find anything about it :) > > With kind regards, > Rob Tjalma > > ------------------------------ > > Message: 2 > Date: Thu, 29 Apr 2021 20:48:09 +0100 > From: Reece Dunn <msclrhd@googlemail.com <mailto:msclrhd@googlemail.com> > <mailto:msclrhd@googlemail.com <mailto:msclrhd@googlemail.com>>> > To: Christian Gr?n <christian.gruen@gmail.com <mailto:christian.gruen@gmail.com> > <mailto:christian.gruen@gmail.com <mailto:christian.gruen@gmail.com>>> > Cc: BaseX <basex-talk@mailman.uni-konstanz.de <mailto:basex-talk@mailman.uni-konstanz.de> > <mailto:basex-talk@mailman.uni-konstanz.de <mailto:basex-talk@mailman.uni-konstanz.de>>> > Subject: Re: [basex-talk] Reloading jars on a running http server. > Message-ID: > ? ? ? ? > <CAGdtn24Qdgbe3=nebYA1je4hCrZVAgi_sercCRxsTxmZcWcAxQ@mail.gmail.com <mailto:nebYA1je4hCrZVAgi_sercCRxsTxmZcWcAxQ@mail.gmail.com> > <mailto:nebYA1je4hCrZVAgi_sercCRxsTxmZcWcAxQ@mail.gmail.com <mailto:nebYA1je4hCrZVAgi_sercCRxsTxmZcWcAxQ@mail.gmail.com>>> > Content-Type: text/plain; charset="utf-8" > > Hi Christian, > > Thanks for the response. Unfortunately, I've not been able to get the > reloading working. > > Kind regards, > Reece > > On Wed, 21 Apr 2021 at 18:49, Christian Gr?n > <christian.gruen@gmail.com <mailto:christian.gruen@gmail.com> <mailto:christian.gruen@gmail.com <mailto:christian.gruen@gmail.com>>> > wrote: > > > Hi Reece, > > > > If you install your Java code as JAR file in the repository [1], the > > code will be loaded and unloaded every time when your query is > > executed. If you get an error message? > > > >? ?java.lang.reflect.InaccessibleObjectException: Unable to make > field > > private final jdk.internal.loader.URLClassPath > > java.net.URLClassLoader.ucp accessible: module java.base does not > > "opens java.net <http://java.net> <http://java.net <http://java.net>>" to unnamed module @79e2c065 > > > > ?unloading fails [2], as you?re probably using a more recent version > > of the JDK, which restricts reflective access to internal variables. > > You can get around this by adding Java flags at startup time: > > > >? --add-opens java.base/java.net <http://java.net> <http://java.net <http://java.net>>=ALL-UNNAMED > >? --add-opens java.base/jdk.internal.loader=ALL-UNNAMED > > > > Maybe there are better solutions to unload JAR files today. > > Suggestions are welcome! > > > > Hope this helps, > > Christian > > > > [1] https://docs.basex.org/wiki/Repository#Java <https://docs.basex.org/wiki/Repository#Java> > <https://docs.basex.org/wiki/Repository#Java <https://docs.basex.org/wiki/Repository#Java>> > > [2] > > > https://github.com/BaseXdb/basex/blob/master/basex-core/src/main/java/org/basex/util/JarLoader.java#L34 <https://github.com/BaseXdb/basex/blob/master/basex-core/src/main/java/org/basex/util/JarLoader.java#L34> > <https://github.com/BaseXdb/basex/blob/master/basex-core/src/main/java/org/basex/util/JarLoader.java#L34 <https://github.com/BaseXdb/basex/blob/master/basex-core/src/main/java/org/basex/util/JarLoader.java#L34>> > > > > > > > > On Tue, Apr 20, 2021 at 6:44 PM Reece Dunn > <msclrhd@googlemail.com <mailto:msclrhd@googlemail.com> <mailto:msclrhd@googlemail.com <mailto:msclrhd@googlemail.com>>> wrote: > > > > > > Hi all, > > > > > > I'm working on a Java class that I'm importing into an XQuery, > so I can > > do additional processing on the data that isn't easily > expressible in > > XQuery (or XSLT). In order to get BaseX to pick up a modified > version of > > the jar file I'm building, I'm restarting the BaseX http server. > > > > > > This makes it slower to turn around testing the changes. Is > there a > > better way of doing this? > > > > > > Kind regards, > > > Reece > > >
basex-talk@mailman.uni-konstanz.de
-
Adam Law -
Marco Lettere