Christian, Thinking through this more, I don't believe anything needs to change in the current BaseX authentication handling. For my use case, I can just use the default BaseX Digest authentication, or else use a custom HTTP header.
I apologize for the trouble! Thanks again, Tim -- Tim A. Thompson Discovery Metadata Librarian Yale University Library On Sun, Aug 20, 2017 at 1:10 PM, Christian Grün <christian.gr...@gmail.com> wrote: > I must confess I’ll need some time to get through this (I haven’t > spent too much time with the Custom option so far). If everything > works out, I’ll be able to do so in the upcoming week. If you manage > to provide me with an SSCCE that show exactly what would need to > happen, that would be great! > > Thanks, > Christian > > > On Sat, Aug 19, 2017 at 4:54 AM, Tim Thompson <timat...@gmail.com> wrote: > > Actually, I was wrong. The issue seems to be with the 401 Unauthorized > > status needed with Digest authentication. I can control the header value > > using both methods when the status is 200 OK, but BaseX does not allow > me to > > modify the WWW-Authenticate header when the status is 401. Is this > something > > that could be changed? > > > > > > -- > > Tim A. Thompson > > Discovery Metadata Librarian > > Yale University Library > > > > > > On Fri, Aug 18, 2017 at 10:26 PM, Tim Thompson <timat...@gmail.com> > wrote: > >> > >> Christian, > >> > >> Here is a minimal example to try to illustrate what I am referring to: > >> > >> https://bibfram.es/basex/static/header-test.xhtml > >> > >> The first case (using the web:response-header() function) produces the > >> desired response. You should see something like this after clicking > "Test" > >> (at least the first time, before caching): > >> > >> <header> <name>WWW-Authenticate</name> <value>Digest realm="BaseX", > >> nonce="35B2F3011682300F36AD37048B7B8560" </value> </header> > >> > >> The second case (using custom elements) does not produce the desired > >> response. You should see something like this after clicking "Test": > >> > >> <header> <name>WWW-Authenticate</name> <value>Custom realm="BaseX" > >> </value> </header> > >> > >> So the two methods are not producing the same output. > >> > >> > >> -- > >> Tim A. Thompson > >> Discovery Metadata Librarian > >> Yale University Library > >> > >> On Fri, Aug 18, 2017 at 7:28 PM, Christian Grün > >> <christian.gr...@gmail.com> wrote: > >>> > >>> Hm, I still need to understand: Why can't you set WWW-Authenticate via > >>> standard response elements if you can do it with web:response-header > (which > >>> simply generates elements that you could write by yourself)? > >>> > >>> > >>> > >>> Am 19.08.2017 1:04 vorm. schrieb "Tim Thompson" <timat...@gmail.com>: > >>> > >>> Yes, but that brings me back to my original issue. The standard RESTXQ > >>> response headers let me set the HTTP status, but they don't let me > override > >>> some default header values: namely, WWW-Authenticate when BaseX is > >>> configured for "Custom" authentication. The web:response-header > function > >>> does let me modify the header, but it does not let me set the HTTP > status. > >>> > >>> So, there are two different solutions here; each solves part of my > >>> problem, but neither one solves the whole problem :( > >>> > >>> Tim > >>> > >>> -- > >>> Tim A. Thompson > >>> Discovery Metadata Librarian > >>> Yale University Library > >>> > >>> > >>> On Fri, Aug 18, 2017 at 4:46 PM, Christian Grün > >>> <christian.gr...@gmail.com> wrote: > >>>> > >>>> True. In many cases, you are probably more flexible by using the > >>>> standard RESTXQ response headers. > >>>> > >>>> On Fri, Aug 18, 2017 at 4:37 PM, Tim Thompson <timat...@gmail.com> > >>>> wrote: > >>>> > Right, the status can be set when using the http:response element > >>>> > directly, > >>>> > but the web:response-header function does not seem to provide access > >>>> > to > >>>> > that. It only allows one to set new headers, not set the status of > the > >>>> > response. > >>>> > > >>>> > > >>>> > > >>>> > > >>>> > -- > >>>> > Tim A. Thompson > >>>> > Discovery Metadata Librarian > >>>> > Yale University Library > >>>> > > >>>> > > >>>> > On Fri, Aug 18, 2017 at 9:23 AM, Christian Grün > >>>> > <christian.gr...@gmail.com> > >>>> > wrote: > >>>> >> > >>>> >> Hi Tim, > >>>> >> > >>>> >> That should be possible as well: > >>>> >> > >>>> >> <rest:response> > >>>> >> <http:response status="{ ... }" message="{ ... }"/> > >>>> >> </rest:response> > >>>> >> > >>>> >> Cheers, > >>>> >> Christian > >>>> >> > >>>> >> > >>>> >> > >>>> >> On Fri, Aug 18, 2017 at 3:20 PM, Tim Thompson <timat...@gmail.com> > >>>> >> wrote: > >>>> >> > Hi, Christian, > >>>> >> > > >>>> >> > Yes, it does. The only issue is that there doesn't seem to be a > way > >>>> >> > to > >>>> >> > set > >>>> >> > the HTTP status and message via web:response-header, is that > right? > >>>> >> > This > >>>> >> > would be a great feature to have :) > >>>> >> > > >>>> >> > Tim > >>>> >> > > >>>> >> > -- > >>>> >> > Tim A. Thompson > >>>> >> > Discovery Metadata Librarian > >>>> >> > Yale University Library > >>>> >> > > >>>> >> > > >>>> >> > On Fri, Aug 18, 2017 at 4:25 AM, Christian Grün > >>>> >> > <christian.gr...@gmail.com> > >>>> >> > wrote: > >>>> >> >> > >>>> >> >> Hi Tim, > >>>> >> >> > >>>> >> >> I am glad to hear the response header output does its job. > >>>> >> >> > >>>> >> >> As the function does nothing else than creating a response > header > >>>> >> >> (unfortunately with this standard caching directive – I think I > >>>> >> >> will > >>>> >> >> remove it along with BaseX 8.7), you could try to replace your > >>>> >> >> response elements with the function’s result. Does this help? > >>>> >> >> > >>>> >> >> Christian > >>>> >> >> > >>>> >> >> > >>>> >> >> > >>>> >> >> On Thu, Aug 17, 2017 at 9:21 PM, Tim Thompson < > timat...@gmail.com> > >>>> >> >> wrote: > >>>> >> >> > Using the web:response-header() function from the BaseX Web > >>>> >> >> > Module > >>>> >> >> > seems > >>>> >> >> > to > >>>> >> >> > work for overriding default headers > >>>> >> >> > (http://docs.basex.org/wiki/Web_Module#web:response-header). > I > >>>> >> >> > do > >>>> >> >> > wonder > >>>> >> >> > why > >>>> >> >> > the behavior differs between this function and directly using > a > >>>> >> >> > rest:response element. Shouldn't these two be equivalent? > >>>> >> >> > > >>>> >> >> > Thanks, > >>>> >> >> > Tim > >>>> >> >> > > >>>> >> >> > > >>>> >> >> > -- > >>>> >> >> > Tim A. Thompson > >>>> >> >> > Discovery Metadata Librarian > >>>> >> >> > Yale University Library > >>>> >> >> > > >>>> >> >> > > >>>> >> >> > On Thu, Aug 17, 2017 at 11:50 AM, Tim Thompson > >>>> >> >> > <timat...@gmail.com> > >>>> >> >> > wrote: > >>>> >> >> >> > >>>> >> >> >> Hello, > >>>> >> >> >> > >>>> >> >> >> Is it possible to overwrite default HTTP headers in RESTXQ? I > >>>> >> >> >> am > >>>> >> >> >> running > >>>> >> >> >> BaseX in Tomcat 7 and have set the authmethod param set to > >>>> >> >> >> "Custom." > >>>> >> >> >> I > >>>> >> >> >> wanted to define my own WWW-Authenticate header for Digest > >>>> >> >> >> authentication. I > >>>> >> >> >> tried something like this: > >>>> >> >> >> > >>>> >> >> >> <http:header > >>>> >> >> >> name="WWW-Authenticate" > >>>> >> >> >> value="{ > >>>> >> >> >> ``[Digest realm="BaseX", > >>>> >> >> >> qop="auth, auth-int", > >>>> >> >> >> algorithm=MD5, > >>>> >> >> >> nonce=`{hash:md5(random:uuid())}`]`` > >>>> >> >> >> }"/> > >>>> >> >> >> > >>>> >> >> >> (in a custom response, as specified in > >>>> >> >> >> http://docs.basex.org/wiki/RESTXQ#Custom_Response). > >>>> >> >> >> > >>>> >> >> >> However, the WWW-Authenticate header only returns a value of > >>>> >> >> >> Custom > >>>> >> >> >> realm="BaseX" no matter what I do in the custom RESTXQ > >>>> >> >> >> response. > >>>> >> >> >> > >>>> >> >> >> Thanks in advance, > >>>> >> >> >> Tim > >>>> >> >> >> > >>>> >> >> >> -- > >>>> >> >> >> Tim A. Thompson > >>>> >> >> >> Discovery Metadata Librarian > >>>> >> >> >> Yale University Library > >>>> >> >> >> > >>>> >> >> > > >>>> >> > > >>>> >> > > >>>> > > >>>> > > >>> > >>> > >>> > >> > > >