From: Dr J. K. <jo...@ka...> - 2014-01-24 14:51:31
|
Would you please point me to where your branch is? :) Thanks, Joe On 20 Dec 2013, at 12:43, Adam Retter <ad...@ex...> wrote: > I'm currently skiing in the alps, but if you look at my fork of eXist there is a branch, where the session module is supported from RestXQ, this is a temporary measure. I want to create a set of security annotations instead, just need time, or if people want to collaborate with me? > > On 20 Dec 2013 08:57, "Dr Josef Karthauser" <jo...@ka...> wrote: > Hi Adam et al., > > I've implemented some sweet REST apis using RESTXQ; I really like it - nice clean APIs coupled with XFORMS for the user interface. > > But, the data isn't open to all, and some users need privileged access and others don't. > > So, I'm wondering what the best pattern to use is. Normally I would expect to use OAUTH or something to establish credentials with the REST side of things, but I've not found anything standard kicking around in the docs to serve a similar purpose. > > I would expect to be able to do something like this: > > declare > %rest:GET("") > %rest:path("/questiondb/login") > %rest:form-param("user", "{$user}", "guest") > %rest:form-param("password", "{$password}", "") > %rest:produces("application/xml", "text/xml") > function login:login($user as xs:string*, $password as xs:string*) { > let $u1 := xmldb:get-current-user() > let $l := xmldb:login("/", $user, $password) > let $u2 := xmldb:get-current-user() > return > <login> <u1>{$u1}</u1> <l>{$l}</l> <u2>{$u2}</u2> </login> > }; > > declare > %rest:GET("") > %rest:path("/questiondb/login/check") > %rest:produces("application/xml", "text/xml") > function login:check() { > if (xmldb:is-authenticated()) then > <yes/> > else > <no/> > }; > > Under the standard exist code paths this would work: the 'xmldb:login' call would add a session cookie to the response and subsequence calls would automatically be authenticated. However that bridge into the RESTXQ request/response doesn't appear exist. > > Can you please recommend a light weight way for me to proceed? > > Many thanks, > Joe > |