XQuery/URL Driven Authorization

From Wikibooks, open books for an open world
Jump to: navigation, search

Motivation[edit]

You want to check to see if a user is loged in before a page is rendered.

Method[edit]

This example will use a custom controller.xql file to do this.


Sample controller.xql file:

(:  Protected resource: user is required to log in with valid credentials.
   If the login fails or no credentials were provided, the request is
redirected
   to the login.xml page. :)
else if ($exist:resource eq 'protected.xml') then
   let $login := local:set-user()
   return
       if ($login) then
           <dispatch xmlns="http://exist.sourceforge.net/NS/exist">
               {$login}
               <view>
                   <forward url="style.xql"/>
               </view>
           </dispatch>
       else
           <dispatch xmlns="http://exist.sourceforge.net/NS/exist">
               <forward url="login.xml"/>
               <view>
                 <forward url="style.xql"/>
               </view>
           </dispatch>
 
else
   (: everything else is passed through :)
   <dispatch xmlns="http://exist.sourceforge.net/NS/exist">
       <cache-control cache="yes"/>
   </dispatch>