Forgot to mention that for decoding the JWT we needed to hook up Java's internal B64 decoder because I don't remember why the one provided with basex was not able to handle that encoding.
On 04/05/21 09:51, Marco Lettere wrote:
Hi Rob and all, I attach here an example of an OIDC code grant flow implemented with RestXQ, BaseX permission and error handler. The file includes a sort of library for performing the steps of the OIDC flow plus a minimal application that is registered as public client inside keycloak and which is what you should access from your browser by calling http://localhost:8984/authtest or http://localhost:8984/authtest/internal. I've put into it also the logout procedure for performing the back-channel logout which closes the SSO session.
This is only a resume of a more generic and complex module but it should be useful as a howto and it should be as simple to install as copying the file to your BaseX' webapp folder. Use it as you like. Regards, Marco.
On 03/05/21 12:50, Rob wrote:
Hi Marco,
Got it! Looking forward to the code! :)
With kind regards, Rob
Op 3 mei 2021, om 09:23 heeft Marco Lettere <m.lettere@gmail.com mailto:m.lettere@gmail.com> het volgende geschreven:
Hi Rob, no the code in the repository the link refers to is more like administrative tooling for batch importing configuration into Keycloak for administration purposes. I'll work on creating an excerpt of the code that realizes Oauth2 code grant flow with RestXQ and Keycloak and I'll share by tonight hopefully. Regards, Marco.
On 01/05/21 17:49, Rob wrote:
Hi all!
Sorry for the late response! I’m reading all the emails now, haha.
I’m very happy to hear that it’s possible, I see you shared the following: https://code-repo.d4science.org/gCubeSystem/d4science-keycloak-themes/src/br... https://code-repo.d4science.org/gCubeSystem/d4science-keycloak-themes/src/branch/master/src/utils/xquery
Thanks for sharing!
Based on the following quote from Marco’s mail: "We have also a RestXQ module that in combination with basex:perm annotations protects access to a GUI implementing the Oauth2 Code-grant flow. If Rob is interested we could share.”
The link above, is that the RESTXQ module Marco’s been talking about? Or is there another RESTXQ module?
With kind regards, Rob
Op 1 mei 2021, om 05:29 heeft Adam Law <adamjameslaw@gmail.com mailto:adamjameslaw@gmail.com> het volgende geschreven:
If Rob isn't interested, I certain am... Yes please share
>We have also a RestXQ module that in combination with basex:perm
annotations protects access to a GUI implementing the Oauth2 Code-grant flow. If Rob is interested we could share.
Many thanks for sharing https://code-repo.d4science.org/gCubeSystem/d4science-keycloak-themes/src/br... https://code-repo.d4science.org/gCubeSystem/d4science-keycloak-themes/src/branch/master/src/utils/xquery
This is a bit forward of me, but would you consider changing the license away from European Union Public Licence which appears to be 'copyleft' to say BSD 3-Clause, MIT, ...
Adam
On Fri, Apr 30, 2021 at 6:00 PM <basex-talk-request@mailman.uni-konstanz.de mailto:basex-talk-request@mailman.uni-konstanz.de> wrote:
Send BaseX-Talk mailing list submissions to basex-talk@mailman.uni-konstanz.de <mailto:basex-talk@mailman.uni-konstanz.de> To subscribe or unsubscribe via the World Wide Web, visit https://mailman.uni-konstanz.de/mailman/listinfo/basex-talk <https://mailman.uni-konstanz.de/mailman/listinfo/basex-talk> or, via email, send a message with subject or body 'help' to basex-talk-request@mailman.uni-konstanz.de <mailto:basex-talk-request@mailman.uni-konstanz.de> You can reach the person managing the list at basex-talk-owner@mailman.uni-konstanz.de <mailto:basex-talk-owner@mailman.uni-konstanz.de> When replying, please edit your Subject line so it is more specific than "Re: Contents of BaseX-Talk digest..." Today's Topics: 1. Make use of external Identity Management for BaseX (Rob) 2. Re: Reloading jars on a running http server. (Reece Dunn) 3. Getting profile information in server responses. (Reece Dunn) 4. Re: Make use of external Identity Management for BaseX (Christian Gr?n) 5. Re: Reloading jars on a running http server. (Christian Gr?n) 6. Re: Getting profile information in server responses. (Christian Gr?n) 7. Re: Reloading jars on a running http server. (Reece Dunn) 8. Re: Reloading jars on a running http server. (Christian Gr?n) 9. Re: Make use of external Identity Management for BaseX (Marco Lettere) ---------------------------------------------------------------------- Message: 1 Date: Thu, 29 Apr 2021 15:54:08 +0200 From: Rob <private@tjalma.com <mailto:private@tjalma.com>> To: BaseX <basex-talk@mailman.uni-konstanz.de <mailto:basex-talk@mailman.uni-konstanz.de>> Subject: [basex-talk] Make use of external Identity Management for BaseX Message-ID: <39036EF3-E67D-470D-B2F4-E6FBFFDF40E6@tjalma.com <mailto:39036EF3-E67D-470D-B2F4-E6FBFFDF40E6@tjalma.com>> Content-Type: text/plain; charset=utf-8 Hi, I have a question. Can BaseX make use of an Identity Management application like Keycloak for Users? I can?t find anything about it :) With kind regards, Rob Tjalma ------------------------------ Message: 2 Date: Thu, 29 Apr 2021 20:48:09 +0100 From: Reece Dunn <msclrhd@googlemail.com <mailto:msclrhd@googlemail.com>> To: Christian Gr?n <christian.gruen@gmail.com <mailto:christian.gruen@gmail.com>> Cc: BaseX <basex-talk@mailman.uni-konstanz.de <mailto:basex-talk@mailman.uni-konstanz.de>> Subject: Re: [basex-talk] Reloading jars on a running http server. Message-ID: <CAGdtn24Qdgbe3=nebYA1je4hCrZVAgi_sercCRxsTxmZcWcAxQ@mail.gmail.com <mailto:nebYA1je4hCrZVAgi_sercCRxsTxmZcWcAxQ@mail.gmail.com>> Content-Type: text/plain; charset="utf-8" Hi Christian, Thanks for the response. Unfortunately, I've not been able to get the reloading working. Kind regards, Reece On Wed, 21 Apr 2021 at 18:49, Christian Gr?n <christian.gruen@gmail.com <mailto:christian.gruen@gmail.com>> wrote: > Hi Reece, > > If you install your Java code as JAR file in the repository [1], the > code will be loaded and unloaded every time when your query is > executed. If you get an error message? > > java.lang.reflect.InaccessibleObjectException: Unable to make field > private final jdk.internal.loader.URLClassPath > java.net.URLClassLoader.ucp accessible: module java.base does not > "opens java.net <http://java.net/>" to unnamed module @79e2c065 > > ?unloading fails [2], as you?re probably using a more recent version > of the JDK, which restricts reflective access to internal variables. > You can get around this by adding Java flags at startup time: > > --add-opens java.base/java.net <http://java.net/>=ALL-UNNAMED > --add-opens java.base/jdk.internal.loader=ALL-UNNAMED > > Maybe there are better solutions to unload JAR files today. > Suggestions are welcome! > > Hope this helps, > Christian > > [1] https://docs.basex.org/wiki/Repository#Java <https://docs.basex.org/wiki/Repository#Java> > [2] > https://github.com/BaseXdb/basex/blob/master/basex-core/src/main/java/org/basex/util/JarLoader.java#L34 <https://github.com/BaseXdb/basex/blob/master/basex-core/src/main/java/org/basex/util/JarLoader.java#L34> > > > > On Tue, Apr 20, 2021 at 6:44 PM Reece Dunn <msclrhd@googlemail.com <mailto:msclrhd@googlemail.com>> wrote: > > > > Hi all, > > > > I'm working on a Java class that I'm importing into an XQuery, so I can > do additional processing on the data that isn't easily expressible in > XQuery (or XSLT). In order to get BaseX to pick up a modified version of > the jar file I'm building, I'm restarting the BaseX http server. > > > > This makes it slower to turn around testing the changes. Is there a > better way of doing this? > > > > Kind regards, > > Reece >