How to use transactional Cypher HTTP endpoint and new REST API Authentication and Authorization in Neo4j 2.2.x with JQuery

问题

I'm looking for a code example creating a REST POST request with JQuery on Neo4j 2.2.x Transactional Cypher HTTP endpoint with new REST API Authentication and Authorization parameters.

Before Neo4j 2.2 version I used the Legacy Cypher HTTP endpoint (which is deprecated) to execute Cypher queries with the following code:

$.post("http://localhost:7474/db/data/transaction/commit",
{
    "query": query,
    "params": {}
}, "json")...

But I would like to move to 2.2 and use the transactional endpoint with user authentication parameters.

I can't find the right headers and parameters combination to use to create such a request. That's why I'm looking for a code example.

Best would be an example using a cross domain request but an example on same domain would be helpful too.

回答1:

For authentication you need to supply an additional HTTP header to your request:

Authorization: Basic realm="Neo4j" <base64>

where <base64> is the base64 encoded string of username:password.

Not being a jquery ninja, but I guess the most simple way is to set the authorization header using ajax defaults:

$.ajaxSetup({
   headers: { "Authorization": 'Basic realm="Neo4j' <base64>'}
});

When this default has been applied your $.post above should work.

回答2:

The issue has been fixed in 2.2.0-RC01 and I can use transactional Cypher HTTP endpoint with authentication using the following example code:

$.ajaxSetup({
    headers: {
        // Add authorization header in all ajax requests
        // bmVvNGo6cGFzc3dvcmQ= is "password" base64 encoded
        "Authorization": "Basic bmVvNGo6cGFzc3dvcmQ=" 
    }
});

$.ajax({
    type: "POST",
    url: "http://localhost:7474/db/data/transaction/commit ",
    dataType: "json",
    contentType: "application/json;charset=UTF-8",
    data: JSON.stringify({"statements": [{"statement": "MATCH (n) RETURN n LIMIT 10"}]}),
    success: function (data, textStatus, jqXHR) {
        // use result data...
    },
    error: function (jqXHR, textStatus, errorThrown) {
        // handle errors
    }
});

回答3:

Authorization means that the browser will send a preflight OPTIONS request which does not embed authorization headers.

This is most known as CORS.

Currently the Neo4j server do not reply to the OPTIONS request with the appropriate Access-Control-Allow-Headers. This feature has been implemented in the source code and will be shipped with the GA release which I hope will come out this week.

来源：https://stackoverflow.com/questions/28699708/how-to-use-transactional-cypher-http-endpoint-and-new-rest-api-authentication-an