[MarkLogic Dev General] Read only access to Admin interface.....
Geert Josten
geert.josten at daidalos.nl
Thu Sep 8 07:50:28 PDT 2011
Just be careful with how you use this. Not something to make publicly available. And it could easily break on next MarkLogic Server update..
Kind regards,
Geert
Van: Geert Josten
Verzonden: donderdag 8 september 2011 16:43
Aan: General MarkLogic Developer Discussion
Onderwerp: RE: [MarkLogic Dev General] Read only access to Admin interface.....
Hi Abhishek,
Yes, that is possible. You will have to do that yourself though.
You might be interested in the following though. The basics seem to work at least. You might need to do a thorough check though whether it sufficiently blocks updates, it now only looks at the request method..
Insert the following in a file called default.xqy (anywhere you like, as long as it is callable through some HTTP App Server):
xquery version "1.0-ml";
declare namespace h="http://www.w3.org/1999/xhtml";
declare option xdmp:mapping "false";
declare variable $base-uri := resolve-uri('.', xdmp:get-request-path());
declare variable $admin-uri := 'http://localhost:8001';
declare variable $admin-user := 'admin';
declare variable $admin-pass := 'admin';
declare variable $uri := xdmp:get-request-field("uri", '/');
declare variable $xsl :=
<xsl:stylesheet xmlns:xsl="http://www.w3.org/1999/XSL/Transform" version="2.0" xmlns:h="http://www.w3.org/1999/xhtml">
<xsl:template match="@*|node()">
<xsl:copy>
<xsl:apply-templates select="@*|node()"/>
</xsl:copy>
</xsl:template>
<xsl:template match="@href | @src | @action">
<xsl:attribute name="{{name()}}" select="concat('{$base-uri}?uri=', encode-for-uri(.))"/>
</xsl:template>
<xsl:template match="@style">
<xsl:attribute name="{{name()}}">
<xsl:analyze-string select="." regex="url\([^\)]+\)">
<xsl:matching-substring>
<xsl:value-of select="concat('url({$base-uri}?uri=', encode-for-uri(substring(., 5, string-length(.) - 5)), ')')"/>
</xsl:matching-substring>
<xsl:non-matching-substring>
<xsl:value-of select="."/>
</xsl:non-matching-substring>
</xsl:analyze-string>
</xsl:attribute>
</xsl:template>
</xsl:stylesheet>;
declare function local:fix-links($contents) as item()* {
xdmp:xslt-eval($xsl, $contents)
};
let $uri :=
if (xdmp:get-request-method() = 'GET') then
$uri
else
(: force 404 on POST by proxying a non-existing page :)
"non-exist"
return
let $response :=
xdmp:http-get(
resolve-uri($uri, $admin-uri),
<options xmlns="xdmp:http">
<authentication method="digest">
<username>{$admin-user}</username>
<password>{$admin-pass}</password>
</authentication>
</options>
)
let $set-type :=
xdmp:set-response-content-type($response[1]//*:headers/*:content-type)
let $response := $response[2]
return
if ($response/binary()) then
$response
else
let $unquote :=
try {
xdmp:unquote(
$response
)
} catch ($e) {
$response
}
return
if ($unquote/*) then
local:fix-links($unquote)
else
$response
Kind regards,
Geert
Van: general-bounces at developer.marklogic.com [mailto:general-bounces at developer.marklogic.com] Namens Abhishek53 S
Verzonden: donderdag 8 september 2011 14:17
Aan: General MarkLogic Developer Discussion
Onderwerp: Re: [MarkLogic Dev General] Read only access to Admin interface.....
Geert ,
Thanks for your fast reply....I would like to create custom admin interface that will provide subset of Admin monitoring functionality....
Abhishek Srivastav
Tata Consultancy Services
Cell:- +91-9883389968
Mailto: abhishek53.s at tcs.com
Website: http://www.tcs.com<http://www.tcs.com/>
____________________________________________
Experience certainty. IT Services
Business Solutions
Outsourcing
____________________________________________
From:
Geert Josten <geert.josten at daidalos.nl>
To:
General MarkLogic Developer Discussion <general at developer.marklogic.com>
Date:
09/08/2011 05:37 PM
Subject:
Re: [MarkLogic Dev General] Read only access to Admin interface.....
Sent by:
general-bounces at developer.marklogic.com
________________________________
Hi Abhishek,
Most pages in the Admin interface are shielded with the sec:check-admin function, which only tolerates current users that have admin role. And users with admin role have always unlimited access to anything.
If you only need a small part of the Admin interface functionality, you are best of writing your own using the sec and admin API functions. Bit of a long shot, but you could also try to fit a proxy in between that passes through GET's, but blocks POST's. Not as nice, but perhaps quickest. Not sure it blocks all updates though, there could be updating GET's in the Admin interface..
Kind regards,
Geert
Van: general-bounces at developer.marklogic.com [mailto:general-bounces at developer.marklogic.com] Namens Abhishek53 S
Verzonden: donderdag 8 september 2011 13:57
Aan: General MarkLogic Developer Discussion
Onderwerp: [MarkLogic Dev General] Read only access to Admin interface.....
Hi Folks
I am trying to have read only access to admin console (8001) of ML server...User with this role can logged in to Admin interface to monitor the activity but can not modify any other configurations...
The following execute privileges are provided to the custom read-only-admin role
admin-module-read
admin-ui
xdmp:license-accepted
xdmp:license-key-valid
xdmp:pre-release-expires
xdmp:read-host-config-file
Redirecting to security and configuration upgrade page If the user is logged in with custom read-only-admin credentials....Going through the administrator guide it seems to be impossible as it is mentioned that only user with "admin" role can do that...
Is it not possible to provide read only access to the Admin interface....If not so my next step is to built a custom interface and logged in with the user which have no admin-module-write privilege..
Sorry for the big mail....Any suggestion will be appreciated.
Thanks & Regards
Abhishek Srivastav
Tata Consultancy Services
Cell:- +91-9883389968
Mailto: abhishek53.s at tcs.com<mailto:abhishek53.s at tcs.com>
Website: http://www.tcs.com<http://www.tcs.com/>
____________________________________________
Experience certainty. IT Services
Business Solutions
Outsourcing
____________________________________________
=====-----=====-----=====
Notice: The information contained in this e-mail
message and/or attachments to it may contain
confidential or privileged information. If you are
not the intended recipient, any dissemination, use,
review, distribution, printing or copying of the
information contained in this e-mail message
and/or attachments to it are strictly prohibited. If
you have received this communication in error,
please notify us by reply e-mail or telephone and
immediately and permanently delete the message
and any attachments. Thank you
_______________________________________________
General mailing list
General at developer.marklogic.com
http://developer.marklogic.com/mailman/listinfo/general
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://developer.marklogic.com/pipermail/general/attachments/20110908/72b701c1/attachment-0001.html
More information about the General
mailing list