The optional Module session.xq provides simple RESTful services enabling you to perform Authentication at the Application Level instead of other methods such as HTTP Digest or HTTP Basic Authentication.
The library serves as a starting point to you building your own custom Authentication mechanism for your users.
If you're using the XQRS Gradle Plugin then
this module is already installed and ready to go under the
ml-modules/root/xqrs/optional-libraries
directory.
If you're not using Gradle, download the session.xq
module and add an import statement to it in your
xqrs.xqy file, e.g.
import module namespace session =
"http://xmllondon.com/xquery/session" at
"optional-libraries/session.xq";
There are 3 RESTful Services
URI | Description |
---|---|
/session/login | Log in to a User Session |
/session/status | Shows which user is logged in and what roles they have |
/session/logout | Logs out of the User Session |
/session/login
You can submit a
POST
request containing the user credentials in
either XML or JSON format.
Content-Type: text/xml | Content-Type: application/json |
---|---|
<auth>
<user>john.smith</user>
<password>password123</password>
</auth>
|
{
"user" : "john.smith",
"password" : "password123"
}
|
The service will respond with either a
200 - Success
status and a Cookie such as
SessionID=6045388ef271f4e7; path=/
meaning that you
have successfully logged in, or
it will respond with a 401 - Unauthorized
status
in which case there was an Authentication issue.
The Session Cookie issued upon a successful login is the token you must to send back on all subsequent RESTful requests so that MarkLogic Server knows who you are.
All RESTful requests executed with the Session token happen within the context of the user's active session.
/session/status
This service will tell you which user you are logged in as and which roles it has, it will give either a XML or JSON response depending on what the client prefers (Content Negotiation).
Accept: text/xml | Accept: application/json |
---|---|
<info>
<user>john.smith</user>
<roles>
<role>custom-write</role>
<role>custom-read</role>
<role>custom-execute</role>
</roles>
</info>
|
{
"user" : "john.smith",
"role" : [ "custom-write",
"custom-read",
"custom-execute" ]
}
|
/session/logout
Sending a request to this service logs the user out
and will delete the Session Cookie which was originally issued
on the first log-in. This service should always respond with
a 200 - Success
status.