Actually, I was wrong. The issue seems to be with the 401 Unauthorized status needed with Digest authentication. I can control the header value using both methods when the status is 200 OK, but BaseX does not allow me to modify the WWW-Authenticate header when the status is 401. Is this something that could be changed? -- Tim A. Thompson Discovery Metadata Librarian Yale University Library On Fri, Aug 18, 2017 at 10:26 PM, Tim Thompson <timathom@gmail.com> wrote:
Christian,
Here is a minimal example to try to illustrate what I am referring to:
https://bibfram.es/basex/static/header-test.xhtml
The first case (using the web:response-header() function) produces the desired response. You should see something like this after clicking "Test" (at least the first time, before caching):
<header> <name>WWW-Authenticate</name> <value>Digest realm="BaseX", nonce=" 35B2F3011682300F36AD37048B7B8560" </value> </header>
The second case (using custom elements) does not produce the desired response. You should see something like this after clicking "Test":
<header> <name>WWW-Authenticate</name> <value>Custom realm="BaseX" </value> </header>
So the two methods are not producing the same output.
-- Tim A. Thompson Discovery Metadata Librarian Yale University Library
On Fri, Aug 18, 2017 at 7:28 PM, Christian Grün <christian.gruen@gmail.com
wrote:
Hm, I still need to understand: Why can't you set WWW-Authenticate via standard response elements if you can do it with web:response-header (which simply generates elements that you could write by yourself)?
Am 19.08.2017 1:04 vorm. schrieb "Tim Thompson" <timathom@gmail.com>:
Yes, but that brings me back to my original issue. The standard RESTXQ response headers let me set the HTTP status, but they don't let me override some default header values: namely, WWW-Authenticate when BaseX is configured for "Custom" authentication. The web:response-header function does let me modify the header, but it does not let me set the HTTP status.
So, there are two different solutions here; each solves part of my problem, but neither one solves the whole problem :(
Tim
-- Tim A. Thompson Discovery Metadata Librarian Yale University Library
On Fri, Aug 18, 2017 at 4:46 PM, Christian Grün < christian.gruen@gmail.com> wrote:
True. In many cases, you are probably more flexible by using the standard RESTXQ response headers.
On Fri, Aug 18, 2017 at 4:37 PM, Tim Thompson <timathom@gmail.com> wrote:
Right, the status can be set when using the http:response element directly, but the web:response-header function does not seem to provide access to that. It only allows one to set new headers, not set the status of the response.
-- Tim A. Thompson Discovery Metadata Librarian Yale University Library
On Fri, Aug 18, 2017 at 9:23 AM, Christian Grün < christian.gruen@gmail.com> wrote:
Hi Tim,
That should be possible as well:
<rest:response> <http:response status="{ ... }" message="{ ... }"/> </rest:response>
Cheers, Christian
On Fri, Aug 18, 2017 at 3:20 PM, Tim Thompson <timathom@gmail.com>
wrote:
Hi, Christian,
Yes, it does. The only issue is that there doesn't seem to be a way to set the HTTP status and message via web:response-header, is that right? This would be a great feature to have :)
Tim
-- Tim A. Thompson Discovery Metadata Librarian Yale University Library
On Fri, Aug 18, 2017 at 4:25 AM, Christian Grün <christian.gruen@gmail.com> wrote: > > Hi Tim, > > I am glad to hear the response header output does its job. > > As the function does nothing else than creating a response header > (unfortunately with this standard caching directive – I think I will > remove it along with BaseX 8.7), you could try to replace your > response elements with the function’s result. Does this help? > > Christian > > > > On Thu, Aug 17, 2017 at 9:21 PM, Tim Thompson <timathom@gmail.com> > wrote: > > Using the web:response-header() function from the BaseX Web Module > > seems > > to > > work for overriding default headers > > (http://docs.basex.org/wiki/Web_Module#web:response-header). I do > > wonder > > why > > the behavior differs between this function and directly using a > > rest:response element. Shouldn't these two be equivalent? > > > > Thanks, > > Tim > > > > > > -- > > Tim A. Thompson > > Discovery Metadata Librarian > > Yale University Library > > > > > > On Thu, Aug 17, 2017 at 11:50 AM, Tim Thompson < timathom@gmail.com> > > wrote: > >> > >> Hello, > >> > >> Is it possible to overwrite default HTTP headers in RESTXQ? I am > >> running > >> BaseX in Tomcat 7 and have set the authmethod param set to "Custom." > >> I > >> wanted to define my own WWW-Authenticate header for Digest > >> authentication. I > >> tried something like this: > >> > >> <http:header > >> name="WWW-Authenticate" > >> value="{ > >> ``[Digest realm="BaseX", > >> qop="auth, auth-int", > >> algorithm=MD5, > >> nonce=`{hash:md5(random:uuid())}`]`` > >> }"/> > >> > >> (in a custom response, as specified in > >> http://docs.basex.org/wiki/RESTXQ#Custom_Response). > >> > >> However, the WWW-Authenticate header only returns a value of Custom > >> realm="BaseX" no matter what I do in the custom RESTXQ response. > >> > >> Thanks in advance, > >> Tim > >> > >> -- > >> Tim A. Thompson > >> Discovery Metadata Librarian > >> Yale University Library > >> > >