Security - eXist: A NoSQL Database and Application Development Platform

Database Reference

In-Depth Information

}

The first line, the proxy_set_header directive, takes the host header from the

HTTP request sent from the client and sets it in the new HTTP request that

Nginx sends to eXist. This can be useful for informing eXist which virtual host it

is servicing.

These proxy_set_header directives set new headers in the HTTP request that

Nginx sends to eXist. eXist automatically uses these when behind a reverse proxy

to understand the request from the client correctly.

This proxy_set_header directive sets a new header in the HTTP request that

Nginx sends to eXist, which allows a user in an XQuery to find the original URI

requested by the client using request:get-header(" nginx-request-uri ") .

Requests to any URI that starts *.mywebsite.com on TCP port 80 (standard

HTTP) will be proxied.

Matched URIs are forwarded to the collection /db/mywebsite.com in eXist via the

REST Server, so http://www.mywebsite.com/documents/2012 would be forwarded

to http://localhost:8080/exist/rest/db/mywebsite.com/documents/2012 .

User Authentication in XQuery

eXist provides an extension module of XQuery functions, called the Security Manager

module , for handling security concerns programmatically. This module, discussed in

the entry for sm in Appendix A , allows you to manipulate users, groups, and group

managers, and also to manage both resource and collection permissions. However,

the Security Manager module has a major intentional omission: if you wish to

authenticate users in your own XQuery modules (perhaps in response to a login

form), you can't do so through this module; rather, you have to use the xmldb module

(see the entry for xmldb in Appendix A ).

It may seem strange that authentication and login in XQuery are provided by the

xmldb module and not the Security Manager module. The reason for this is that the

Security Manager module is a relatively new addition to eXist. The developers felt

that the login and authentication mechanisms from XQuery could be improved, and

unfortunately it was not possible to accomplish this work before eXist 2.1 was

released. It is likely that new and improved authentication and login mechanisms will

be added to the Security Manager module in the future, deprecating those in the

xmldb module.

Search WWH ::

Custom Search

Home