Hi Claudio,
Apparently, using the REST API, the authentication is required for create/write operations, but not for reading. I mean that I can download an XML resource stored in the DB, just putting the path in the browser without performing any authentication. Would it be possible to configure it in order to put even the GET calls under authentication?
The credentials in the web.xml file are only optional. If you remove all user info, user will always need to authenticate when accessing resources.
Does this help? Christian
Is my configuration wrong?
I have added a username/password in the file web.xml:
<web-app> [...] <context-param> <param-name>org.basex.user</param-name> <param-value>myuser</param-value> </context-param> <context-param> <param-name>org.basex.password</param-name> <param-value>mypassword</param-value> </context-param> <context-param> <param-name>org.basex.authmethod</param-name> <param-value>Basic</param-value> </context-param> [...] <servlet> <servlet-name>REST</servlet-name> <servlet-class>org.basex.http.rest.RESTServlet</servlet-class> <!-- service-specific credentials --> <init-param> <param-name>org.basex.user</param-name> <param-value>myuser</param-value> </init-param> <init-param> <param-name>org.basex.password</param-name> <param-value>mypassword</param-value> </init-param> </servlet> [...]
which results in a user.xml file like this:
$cat /usr/share/tomcat/webapps/BaseX851/data/users.xml
<users> <user name="admin" permission="admin"> <password algorithm="digest"> <hash>8c6f257a751d87d1eae5ab59710a818a</hash> </password> <password algorithm="salted-sha256"> <salt>3631994636103909</salt> <hash>9d25a8e3dc227e54f098c3cf3b8d1ca92b76a3bebb62e0f04299beaaf443908d</hash> </password> </user> <user name="myuser" permission="create"> <password algorithm="digest"> <hash>d3adbad8e6540a70a8b958ab27eec9b8</hash> </password> <password algorithm="salted-sha256"> <salt>3629615605296334</salt> <hash>3b64152088b90a2944b07a3d63703cdb8bffd1ccc21e5a40fe2e1f2a19307647</hash> </password> </user> </users>
Thanks, Claudio