Hi, Rajesh and David: While it is possible to modify the rewriter declarations distributed with the REST API, that would be modifying the implementation of the REST API. The rewriter declarations are internal to the REST API, not part of the documented interface.
Such changes would fall in the same category as modifying the XQuery and JavaScript modules that implement the REST API. The distributed implementation can change in any release, even a point release. Also, MarkLogic cannot support the REST API if the implementation has been changed. In other words, you should be aware that you are taking a risk. Erik Hennum ________________________________ From: general-boun...@developer.marklogic.com [general-boun...@developer.marklogic.com] on behalf of David Lee [david....@marklogic.com] Sent: Wednesday, April 19, 2017 7:16 AM To: MarkLogic Developer Discussion Subject: Re: [MarkLogic Dev General] custom Rest rewriter If I understand your architecture correctly, you have 2 'parts' of an app in one context. Is this a JavaScript browser app ? You want your 'ajax' part to 'piggy back' on the credentials the user entered to login ?The ( stored in the browser as cookies ) The reference to avoiding passing credentials and having to use the same port seems to indicate that. If so, then it will be impossible to securely protect/restrict access to the REST API from all parts of the app, by implication of sharing credentials. So your 2 goals cannot be simultaneously achieved. So focusing on how to simply expose your app in addition to REST -- very easy. Create a new REST application for your combined app. Then edit the generated rewriter.xml (It will be in the Modules DB, the path to it in the App configuration in the <url-rewriter> element in groups.xml, or the corresponding "Rewriter URI" in the HTTP App config page on 8001. It will look something like this: <!-- Copyright 2011-2017 MarkLogic Corporation. All Rights Reserved. --> <rewriter xmlns="http://marklogic.com/xdmp/rewriter";> <!-- XDBC --> <match-path any-of="/eval /invoke /spawn /insert"> <dispatch xdbc="true">$0</dispatch> </match-path> <!-- XDBC --> ---------->>> ADD HERE <!-- REST Client API endpoints --> <match-path matches="^/?$|^/content/([^/]+)/?$"> .... Insert your own rules before he REST Client API rules. A minimal example might be <match-path prefix="/myapp/myapi"> <dispatch>/myapp/myapi.xqy</dispatch> </match-path> That would dispatch any URL like /myapp/myapi/myfunction?query=abc to invoke the module /myapp/myapi.xqy You can somewhat constrain 'external' use of the REST API by adding a custom Header or query param to your internal calls then matching those and dispatching to an error page if they don’t exist. A minimal example. Insert just before the <!-- REST Client API endpoints --> <match-header name="X-INTERNAL"> Then at the end a </match-header> That will only allow REST calls which include the "X-INTERNAL" HTTP header. How to do that will depend on what libraries your using. Details on the XML rewriter : https://docs.marklogic.com/guide/app-dev/XMLrewriter From: general-boun...@developer.marklogic.com [mailto:general-boun...@developer.marklogic.com] On Behalf Of Rajesh Kumar Sent: Wednesday, April 19, 2017 6:59 AM To: general@developer.marklogic.com Subject: [MarkLogic Dev General] custom Rest rewriter Thanks David, I can maintain two different ports as app and rest servers. But every time I want to call REST API i have to pass credentials for the request from app server , which I want to avoid by having both in same port. I want to access endpoints ( app API or REST API) whenever header has token info except login page. I tried this using roxy hybrid and rest type, but didn't succeed. Can you help me by sharing any rewriter which I can use to achieve this functionality. Thanks & Regards, Rajesh
_______________________________________________ General mailing list General@developer.marklogic.com Manage your subscription at: http://developer.marklogic.com/mailman/listinfo/general
