Great thanks! Fixed...
BR, Marco.
________________________________________ From: Christian Grün christian.gruen@gmail.com Sent: Wednesday, October 21, 2015 3:13 PM To: Marco Lettere Cc: BaseX Subject: Re: [basex-talk] Circumvent authentication
Hi Marco,
Thanks for the pull request.
It works up to the fact that the static property CUSTOMAUTH is not passed correctly and it always results in the default value false. I fear here I'm a bit stuck at the moment.
You'll probably need to access the StaticOptions instance bound to the Context. It will look something like...
context.soptions.get(StaticOptions.CUSTOMAUTH)
Hope this helps! Christian
If you have few minutes left during your busy day let me know what you think about it. Thanks a lot, Marco.
From: Christian Grün christian.gruen@gmail.com Sent: Wednesday, October 21, 2015 10:17 AM To: Marco Lettere Cc: BaseX Subject: Re: [basex-talk] Circumvent authentication
Hi Marco,
Thanks for the background info.
Yes, authorization is handled by BaseX. You will find most of the auth code in the HTTPContext class [1].
Hope this helps? Christian
[1] https://github.com/BaseXdb/basex/blob/master/basex-api/src/main/java/org/bas...
On Wed, Oct 21, 2015 at 10:11 AM, Marco Lettere marco.lettere@dedalus.eu wrote:
Hi Christian, we are trying to implement an OAuth2 provider in XQuery/RestXQ and are of course using BaseX as our runtime. This is why we need access to the Authorization header and we need the possibility to set the header to something like:
Authorization: Bearer XXXYYYZZZ
Is there BaseX code that handles the Authorization or is it completely up to Jetty? Any link into the github repo to have a look at the related LoCs?
Regards, Marco.
Hi Marco,
In a proof of concept project we have currently to face an authorization scheme which is not Basic or Digest. Unfortunately we always get an "Unsupported Authorization" exception.
Out of interest: Which authorization scheme are you using?
Right now, I have no idea how to circumvent the BaseX authorization without using an additional proxy. Suggestions from the community are welcome, though.
Best, Christian
Workaround now is to place a proxy in front of Basex and transform the Authorization header into something like X-Authorization. Anyway I'd really like our code to be standard compliant.
Thanks for any support as usual!
Regards,
Marco.