To clarify the context, I am trying the client on my own .html page,
outside of the Marmotta interface.
I made a trial with a marmotta.js based on jquery instead of the
current one. But I got to the same point:
Without security, the calls work, but if I try to specify an http
authentication, the call fails (return status 0).
Thus, is my problem related to "cross-origin" ?
If so, do I have to ask if Marmotta does handle CORS ?
Thanks
Fabian
>>> "Fabian Cretton" <fabian.cret...@hevs.ch> 29.09.2014 09:01 >>>
Thank you Sergio,
Once I can make the marmotta.js work with HTTP Basic Authentication, I
could add some information to "security/admin/about.html" about that.
But so far, I have not been successful, and this is what I tried:
- I want a 'user' authentication to perform SPARQL select calls, so I
did add:
security.permission.sparql_query.roles: user
- I did create a new user 'fabian' pwd 'fabian', with only a 'user'
role.
- security.method is set to 'BASIC'
The authentication from the marmotta interface does work as expected.
Then I did change marmotta.js from:
request.open(method, _url, true);
if(method=="PUT"||method=="POST")request.setRequestHeader("Content-Type",mimetype);
if(method=="GET")request.setRequestHeader("Accept",mimetype);
request.send( data );
To:
request.open(method, _url, true);
if(method=="PUT"||method=="POST")request.setRequestHeader("Content-Type",mimetype);
if(method=="GET")request.setRequestHeader("Accept",mimetype);
request.setRequestHeader("Authorization", "Basic " +
Base64.encode("fabian:fabian"));
request.send( data );
I think the Base64 I found here [1] is correct, and i also tried with a
btoa("fabian:fabian") with the same result.
Nevertheless, my SPARQL select call does return with an error and this
message: "(Unknown or not implmented)"
If I don't add the new line to set the "Authorization" header, then I
get the following message as expected: "(Unauthorized)"
Thank you for any help
Fabian
[1] www.webtoolkit.info/javascript-base64.html
>>> Sergio Fernández<wik...@apache.org> 26.09.2014 17:24 >>>
Hi Fabian,
On 26/09/14 14:40, Fabian Cretton wrote:
> But then, how can the client now specify the credential to access the
platform ?
> I haven't found any information about that in marmotta.js.
> I did look for information in the forum, also without success.
>
> I see now that the php and java clients implementation do provide
"clientConfiguration" mechanism.
> Is it just not implemented yet for the javascript client ? if so, I
could implement it based on the java/php implementations.
Yes, the client should support HTTP Basic Authentication. And I think
JS
client does not.
I have to admit that the client library is not so well maintained, so
you may find some issues. For instance the JS client library is based
on
raw XMLHttpRequest objects, but at some point we should migrate to a
higher level and more portable library, such as jQuery.
All patches would be welcomed! Also, all the help updating the
documentation would be appreciated, because as you can see right now
the
information is not good enough for new users:
http://marmotta.apache.org/platform/security-module.html
Cheers,
--
Sergio Fernández
Partner Technology Manager
Redlink GmbH
m: +43 660 2747 925
e: sergio.fernan...@redlink.co
w: http://redlink.co
