问题
I have a public website running from an eXist app. I am now developing an interface for logged in users to edit certain documents through HTML forms and AJAX. I've set up a module in eXist to receive AJAX POST requests through the eXist REST interface (ie. http://www.example.com/exist/rest/db/myapp/api/myxquery.xql). However this module does not seem to be aware of the fact that the user is already logged in!
How do I get the REST module to use the session/authentication of the logged in user?
Am I required to store the user/password in the browser to pass with each REST API request?
If this is not the preferred model for passing data from the browser under user/password, what is eXist's recommended solution?
Many thanks in advance.
(A variation on this question was asked two years ago but received no solutions.)
回答1:
In order to use the REST-API from existdb you can only authenticate each request using HTTP Basic Authentication. Also mentioned in the question you referenced.
If you decide to handle AJAX request in your app's controller.xql you will need to:
- Add routes for your AJAX requests to the controller
- Make sure you call
login:set-userfor the user session to be picked up - Make sure the AJAX request sends the cookie:
For instance, the
fetchfunction will send the authorisation cookie only ifsend-authorizationis true. - Look at the
output-methodandserializationsettings, since you will likely want to respond in JSON-format. useful blog post about this
来源:https://stackoverflow.com/questions/57437856/using-authenticated-session-user-for-rest-api-in-exist-db