Database Reference
In-Depth Information
Submission authentication
So far, all of our submission examples that store or update documents in eXist have
ignored the issue of security (or assume that you have manually authenticated).
Unfortunately, support in XForms 1.1 for authentication is terribly lacking. You
should really be able to do basic HTTP authentication at the very least, but there is no
function in XForms to Base64-encode your authentication credentials. There is func‐
tion support in XForms for creating digests, so even better, you would hope that you
could perform HTTP digest authentication. Alas, there is no way to handle the chal‐
lenge from the server that provides the
nonce
that you need to reuse as part of your
digest!
At present there is only one mechanism in XForms that is not eXist-specific and can
be reliably used to authenticate with eXist (see
Example 10-6
). That mechanism
involves your passing your username and password in
clear text
as part of the
submis‐
sion
resource
URI. Obviously, sending this information in clear text is not at all ideal!
If you are using the betterForm processor because the processing happens on the
server side, this information will never leave your server. However, it is still not ideal,
so for a betterForm-specific solution, see the next section. If you are using the
XSLTForms processor, this information will be sent in clear text, but there is an alter‐
native option covered in
“XSLTForms” on page 265
.
Example 10-6. Statically coded authentication
<xf:submission
id=
"s-save"
method=
"put"
resource=
"http://username:password@localhost:8080/exist/rest/db/registration
/result.xml"
replace=
"none"
/>
Perhaps slightly better is that through the use of an
xf:resource
element in the
xf:submission
, you could dynamically encode the username and password into the
URI from form fields that the user has completed and that are present in an instance.
See
Example 10-7
.
Example 10-7. Constructed authentication from form
<xf:submission
id=
"s-save"
method=
"put"
replace=
"none"
>
<xf:resource
value=
"concat('http://', instance('auth')/Username,
':', instance('auth')/Password,
'@localhost:8080/exist/rest/db/registration/result.xml')"
/>
</xf:submission>
Search WWH ::
Custom Search