Database Reference
In-Depth Information
xmldb:authenticate
The
xmldb:authenticate
function allows you to validate that a user has access to a
collection in the database. The function takes three arguments: a collection URI, the
username of a user, and the corresponding password of that user. It then performs
two distinct steps:
1. It attempts to authenticate the user, using her username and password, with the
Security Manager.
2. It attempts to open the collection given in the collection URI argument; that is to
say, it verifies whether the authenticated user has execute access to the collection.
If either of the two steps fails, the function returns
false
; if both steps succeed in suc‐
cession, then the function returns
true
.
This function is basic, but can be useful when you want to authenticate a user but do
not wish to perform actions on that user's behalf.
xmldb:login
The
xmldb:login
function takes the same arguments as the
xmldb:authenticate
function and performs exactly the same steps. Assuming those steps succeed, it then
performs two additional steps:
1. It changes the user account of the XQuery that called the function to be that
described by the username passed to the function. Subsequently, the calling
XQuery has the same access rights to resources and collections in the database as
the newly logged-in user.
2. If the XQuery is operating in an HTTP context (i.e., executed via the REST
Server, SOAP Server, or XQuery Servlet), then the logged-in user is cached in the
HTTP session, if one exists (you can control creation of the session by calling the
four-argument version of
xmldb:login
or using the
session:create
function
explicitly). Subsequent XQuery invocations from within the same HTTP session
will reuse the cached user from this login until the session is invalidated or the
user logs out.
The
login
function is very useful when you want to present a user with a login form,
authenticate him, and subsequently allow him to access and manipulate database
resources and collections with the permissions he has previously been allocated.
Search WWH ::
Custom Search