Dear All,
I'm working with a BaseX instance ver 8.5.1, deployed on a tomcat 7 as war package, on a centos 7.2. I'm trying to understand how to configure the REST API authentication.
Apparently, using the REST API, the authentication is required for create/write operations, but not for reading. I mean that I can download an XML resource stored in the DB, just putting the path in the browser without performing any authentication. Would it be possible to configure it in order to put even the GET calls under authentication? Is my configuration wrong?
I have added a username/password in the file web.xml:
<web-app> [...] <context-param> <param-name>org.basex.user</param-name> <param-value>myuser</param-value> </context-param> <context-param> <param-name>org.basex.password</param-name> <param-value>mypassword</param-value> </context-param> <context-param> <param-name>org.basex.authmethod</param-name> <param-value>Basic</param-value> </context-param> [...] <servlet> <servlet-name>REST</servlet-name> <servlet-class>org.basex.http.rest.RESTServlet</servlet-class> <!-- service-specific credentials --> <init-param> <param-name>org.basex.user</param-name> <param-value>myuser</param-value> </init-param> <init-param> <param-name>org.basex.password</param-name> <param-value>mypassword</param-value> </init-param> </servlet> [...]
which results in a user.xml file like this:
$cat /usr/share/tomcat/webapps/BaseX851/data/users.xml <users> <user name="admin" permission="admin"> <password algorithm="digest"> <hash>8c6f257a751d87d1eae5ab59710a818a</hash> </password> <password algorithm="salted-sha256"> <salt>3631994636103909</salt> <hash>9d25a8e3dc227e54f098c3cf3b8d1ca92b76a3bebb62e0f04299beaaf443908d</hash> </password> </user> <user name="myuser" permission="create"> <password algorithm="digest"> <hash>d3adbad8e6540a70a8b958ab27eec9b8</hash> </password> <password algorithm="salted-sha256"> <salt>3629615605296334</salt> <hash>3b64152088b90a2944b07a3d63703cdb8bffd1ccc21e5a40fe2e1f2a19307647</hash> </password> </user> </users>
Thanks, Claudio