Hi Dirk,
see comments (red).
Cheers and thanks for your quick answer,
Florian
-----Ursprüngliche Nachricht----- Von: basex-talk-bounces@mailman.uni-konstanz.de [mailto:basex-talk-bounces@mailman.uni-konstanz.de] Im Auftrag von Dirk Kirsten Gesendet: Donnerstag, 29. August 2013 13:11 An: basex-talk@mailman.uni-konstanz.de Betreff: Re: [basex-talk] username after login with jetty's HashLoginModule AND parallel update queries
Hi Florian,
one way to solve your original problem might be (we used this before) is to make the file folder not accessible by the web, but just by the RestXQ stack and instead of directly accessing the file providing a RestXQ function which will retrieve the file, based on your user authentication. Thanks. J
I am not sure about accessing jetty session variables from within the RestXQ stack. I'll have to check on this, if and how it can be achieved. It would be nice, if you have an answer how I can do this. So if you have a solution, please contact me.
You can not parallelize update queries, you will never be able to do that in an ACID-compliant database. It would always be possible to corrupt data with concurrent updating queries. However, locking is based on database-level, so you can write to different databases at the same time. When I split the database in smaller databases, can I write in this little databases with one update function in parallel way? If yes, does this basex automatically or is there a special configuration or implementation necessary? Or other formulation: The sections in the database I would like to write parallel can be divided into more smaller databases. Is there any way to write parallel in different databases inside exactly one update function? Or must I use restxq calls for every parallel action?
As you probably know, I want to optimize my apps performance. Maybe you or anyone else has some ideas to optimize performance in basex?
Cheers,
Dirk
On 08/29/2013 12:23 PM, Florian Eckey wrote:
Hi,
that's the way I have realized the login before, but now I combine
this with the http basic authentication, because otherwise you can
download all files in the webapp directory without being logged in. I
have realized it in that way, but now I can't get the username of the
user who is logged in. Is there any way to read the
"org.eclipse.jetty.security.UserIdentity" attribute in the session? I
always get an error:
HTTP ERROR 400
Problem accessing
/restxq/getSession/org.eclipse.jetty.security.UserIdentity. Reason:
Stopped at
D:/Projects/******/basex77/basex/webapp/restxq/utilities.xqm,
35/18:
[BXSE0002] Stored attribute cannot be retrieved: SessionAuthentication.
Stack Trace:
- D:/Projects/******/basex77/basex/webapp/restxq/utilities.xqm, 34/13
Powered by Jetty://
The server stops at the line, where it tries to read the session
attribute "org.eclipse.jetty.security.UserIdentity".
Another question: Is there any way to realize parallel update queries
in baseX?
Cheers,
Florian
-----Ursprüngliche Nachricht-----
basex-talk-bounces@mailman.uni-konstanz.de
mailto:basex-talk-bounces@mailman.uni-konstanz.de] Im Auftrag von
Dirk Kirsten
Gesendet: Montag, 26. August 2013 11:44
basex-talk@mailman.uni-konstanz.de
Betreff: Re: [basex-talk] username after login with jetty's
HashLoginModule
Hello Florian,
you might want to ask this question on the jetty mailing list as this
seems to be not really specific to BaseX. You most likely also will
get a more useful response as we are no jetty experts per se.
However, I also couldn't find any HashLoginModule in our default
jetty.xml (and I did a quick google search and could find anything),
so I am not really sure what you actually do. Might be useful to post
the relevant part of your jetty.xml.
Btw, in our RestXQ-based applications we mainly use
application-defined authentication, i.e. we first check the proper
login within each output function, so something like:
if(not(_:logged-in())) then () else
where _:logged-in() is simply
declare function _:logged-in()
as xs:boolean
{
boolean(_:id())
};
and we set the session variable during login.
Cheers,
Dirk
On 08/26/2013 11:25 AM, Florian Eckey wrote:
Hey,
I have a problem with the jetty authentication. I use the
HashLoginModule, which is configured in the jetty.xml. The problem
is,
that I find no way to write the username in the session, so after
login I have no username to deal with. Has anyone solved the same or
a
similar problem? Or are there any tips how to implement a secure
login, after that I can use the entered username in the session?
regards
Florian
BaseX-Talk mailing list
mailto:BaseX-Talk@mailman.uni-konstanz.de>
BaseX-Talk@mailman.uni-konstanz.de
< https://mailman.uni-konstanz.de/mailman/listinfo/basex-talk
https://mailman.uni-konstanz.de/mailman/listinfo/basex-talk%3E
https://mailman.uni-konstanz.de/mailman/listinfo/basex-talk
--
Dirk Kirsten, BaseX GmbH, < http://basex.org http://basex.org%3E
http://basex.org http://basex.org
|-- Firmensitz: Blarerstrasse 56, 78462 Konstanz
|-- Registergericht Freiburg, HRB: 708285, Geschäftsführer:
| Dr. Christian Grün, Dr. Alexander Holupirek, Michael Seiferle
`-- Phone: 0049 7531 28 28 676, Fax: 0049 7531 20 05 22
BaseX-Talk mailing list
mailto:BaseX-Talk@mailman.uni-konstanz.de>
BaseX-Talk@mailman.uni-konstanz.de
< https://mailman.uni-konstanz.de/mailman/listinfo/basex-talk
https://mailman.uni-konstanz.de/mailman/listinfo/basex-talk%3E
https://mailman.uni-konstanz.de/mailman/listinfo/basex-talk
BaseX-Talk mailing list
BaseX-Talk@mailman.uni-konstanz.de
https://mailman.uni-konstanz.de/mailman/listinfo/basex-talk
--
Dirk Kirsten, BaseX GmbH, http://basex.org http://basex.org
|-- Firmensitz: Blarerstrasse 56, 78462 Konstanz
|-- Registergericht Freiburg, HRB: 708285, Geschäftsführer:
| Dr. Christian Grün, Dr. Alexander Holupirek, Michael Seiferle
`-- Phone: 0049 7531 28 28 676, Fax: 0049 7531 20 05 22 _______________________________________________
BaseX-Talk mailing list
mailto:BaseX-Talk@mailman.uni-konstanz.de BaseX-Talk@mailman.uni-konstanz.de
https://mailman.uni-konstanz.de/mailman/listinfo/basex-talk https://mailman.uni-konstanz.de/mailman/listinfo/basex-talk