Actually, I was wrong. The issue seems to be with the 401 Unauthorized status needed with Digest authentication. I can control the header value using both methods when the status is 200 OK, but BaseX does not allow me to modify the WWW-Authenticate header when the status is 401. Is this something that could be changed?
-- Tim A. Thompson Discovery Metadata Librarian Yale University Library On Fri, Aug 18, 2017 at 10:26 PM, Tim Thompson <timat...@gmail.com> wrote: > Christian, > > Here is a minimal example to try to illustrate what I am referring to: > > https://bibfram.es/basex/static/header-test.xhtml > > The first case (using the web:response-header() function) produces the > desired response. You should see something like this after clicking "Test" > (at least the first time, before caching): > > <header> <name>WWW-Authenticate</name> <value>Digest realm="BaseX", nonce=" > 35B2F3011682300F36AD37048B7B8560" </value> </header> > > The second case (using custom elements) does not produce the desired > response. You should see something like this after clicking "Test": > > <header> <name>WWW-Authenticate</name> <value>Custom realm="BaseX" > </value> </header> > > So the two methods are not producing the same output. > > > -- > Tim A. Thompson > Discovery Metadata Librarian > Yale University Library > > On Fri, Aug 18, 2017 at 7:28 PM, Christian Grün <christian.gr...@gmail.com > > wrote: > >> Hm, I still need to understand: Why can't you set WWW-Authenticate via >> standard response elements if you can do it with web:response-header (which >> simply generates elements that you could write by yourself)? >> >> >> >> Am 19.08.2017 1:04 vorm. schrieb "Tim Thompson" <timat...@gmail.com>: >> >> Yes, but that brings me back to my original issue. The standard RESTXQ >> response headers let me set the HTTP status, but they don't let me override >> some default header values: namely, WWW-Authenticate when BaseX is >> configured for "Custom" authentication. The web:response-header function >> does let me modify the header, but it does not let me set the HTTP status. >> >> So, there are two different solutions here; each solves part of my >> problem, but neither one solves the whole problem :( >> >> Tim >> >> -- >> Tim A. Thompson >> Discovery Metadata Librarian >> Yale University Library >> >> >> On Fri, Aug 18, 2017 at 4:46 PM, Christian Grün < >> christian.gr...@gmail.com> wrote: >> >>> True. In many cases, you are probably more flexible by using the >>> standard RESTXQ response headers. >>> >>> On Fri, Aug 18, 2017 at 4:37 PM, Tim Thompson <timat...@gmail.com> >>> wrote: >>> > Right, the status can be set when using the http:response element >>> directly, >>> > but the web:response-header function does not seem to provide access to >>> > that. It only allows one to set new headers, not set the status of the >>> > response. >>> > >>> > >>> > >>> > >>> > -- >>> > Tim A. Thompson >>> > Discovery Metadata Librarian >>> > Yale University Library >>> > >>> > >>> > On Fri, Aug 18, 2017 at 9:23 AM, Christian Grün < >>> christian.gr...@gmail.com> >>> > wrote: >>> >> >>> >> Hi Tim, >>> >> >>> >> That should be possible as well: >>> >> >>> >> <rest:response> >>> >> <http:response status="{ ... }" message="{ ... }"/> >>> >> </rest:response> >>> >> >>> >> Cheers, >>> >> Christian >>> >> >>> >> >>> >> >>> >> On Fri, Aug 18, 2017 at 3:20 PM, Tim Thompson <timat...@gmail.com> >>> wrote: >>> >> > Hi, Christian, >>> >> > >>> >> > Yes, it does. The only issue is that there doesn't seem to be a way >>> to >>> >> > set >>> >> > the HTTP status and message via web:response-header, is that right? >>> This >>> >> > would be a great feature to have :) >>> >> > >>> >> > Tim >>> >> > >>> >> > -- >>> >> > Tim A. Thompson >>> >> > Discovery Metadata Librarian >>> >> > Yale University Library >>> >> > >>> >> > >>> >> > On Fri, Aug 18, 2017 at 4:25 AM, Christian Grün >>> >> > <christian.gr...@gmail.com> >>> >> > wrote: >>> >> >> >>> >> >> Hi Tim, >>> >> >> >>> >> >> I am glad to hear the response header output does its job. >>> >> >> >>> >> >> As the function does nothing else than creating a response header >>> >> >> (unfortunately with this standard caching directive – I think I >>> will >>> >> >> remove it along with BaseX 8.7), you could try to replace your >>> >> >> response elements with the function’s result. Does this help? >>> >> >> >>> >> >> Christian >>> >> >> >>> >> >> >>> >> >> >>> >> >> On Thu, Aug 17, 2017 at 9:21 PM, Tim Thompson <timat...@gmail.com> >>> >> >> wrote: >>> >> >> > Using the web:response-header() function from the BaseX Web >>> Module >>> >> >> > seems >>> >> >> > to >>> >> >> > work for overriding default headers >>> >> >> > (http://docs.basex.org/wiki/Web_Module#web:response-header). I >>> do >>> >> >> > wonder >>> >> >> > why >>> >> >> > the behavior differs between this function and directly using a >>> >> >> > rest:response element. Shouldn't these two be equivalent? >>> >> >> > >>> >> >> > Thanks, >>> >> >> > Tim >>> >> >> > >>> >> >> > >>> >> >> > -- >>> >> >> > Tim A. Thompson >>> >> >> > Discovery Metadata Librarian >>> >> >> > Yale University Library >>> >> >> > >>> >> >> > >>> >> >> > On Thu, Aug 17, 2017 at 11:50 AM, Tim Thompson < >>> timat...@gmail.com> >>> >> >> > wrote: >>> >> >> >> >>> >> >> >> Hello, >>> >> >> >> >>> >> >> >> Is it possible to overwrite default HTTP headers in RESTXQ? I am >>> >> >> >> running >>> >> >> >> BaseX in Tomcat 7 and have set the authmethod param set to >>> "Custom." >>> >> >> >> I >>> >> >> >> wanted to define my own WWW-Authenticate header for Digest >>> >> >> >> authentication. I >>> >> >> >> tried something like this: >>> >> >> >> >>> >> >> >> <http:header >>> >> >> >> name="WWW-Authenticate" >>> >> >> >> value="{ >>> >> >> >> ``[Digest realm="BaseX", >>> >> >> >> qop="auth, auth-int", >>> >> >> >> algorithm=MD5, >>> >> >> >> nonce=`{hash:md5(random:uuid())}`]`` >>> >> >> >> }"/> >>> >> >> >> >>> >> >> >> (in a custom response, as specified in >>> >> >> >> http://docs.basex.org/wiki/RESTXQ#Custom_Response). >>> >> >> >> >>> >> >> >> However, the WWW-Authenticate header only returns a value of >>> Custom >>> >> >> >> realm="BaseX" no matter what I do in the custom RESTXQ response. >>> >> >> >> >>> >> >> >> Thanks in advance, >>> >> >> >> Tim >>> >> >> >> >>> >> >> >> -- >>> >> >> >> Tim A. Thompson >>> >> >> >> Discovery Metadata Librarian >>> >> >> >> Yale University Library >>> >> >> >> >>> >> >> > >>> >> > >>> >> > >>> > >>> > >>> >> >> >> >
