Journal of Simon Eames

Developing Marklogic Applications I - Day 4

This is contunuation continuation of my notes from the MarkLogic training course Developing Marklogic Applications I - XQuery

Day 4: Secuirty and Advanced Search

Security

Security Database
Contains
  • users
  • roles
  • privelages
(no term)
Share across applications
(no term)
Projects reference teh security db.
(no term)
Authenticatino occurs agains the security database
Allowed Access Methods

For HTTP & WebDAV

  • Basic
  • Digest
  • Digest-basic
  • Application Level (most common)
App server authenication
  • Configure - Group - Default - App Servers - App Server Name
  • Default user is the non-authenticated user
  • Common to use a Default role for the non-authed user

When searching you are search document you have read permissions for.

Role based auth
  • Roles are hierachical.
    • Content user can query
    • Code users can run
    • Locations users can modify (crud)
    • Primary identifier for auth
    • Users has many roles (1: N roles)
    • Configure - Security - Users
    • Authenticates roles for particular documents
    • Explicitly set via xdmp function
      • Read
      • Update
      • Insert
      • Execute (module database)
    • Execute Privileges
      • Lock downs spoecific functions
      • Assigned on a per user basis
      • Security - Roles - Configure [Tab]
      • is a temporary elevation of a users roles.
    • URI priveges
      • Allow create within a specific space
      • wild card in an any-uri privilege 
xdmp:document-set-permissions(
  "/songs/The-Doobie-Brothers+Black_Water.xml",
  xdmp:permission("top-songs-user-role", "read))
  • Custom Authentication Creation Steps
    1. Turn on
    2. Default User
    3. Use Functions to:
      • Start/End User Session
      • Get Current User Roles

    The lab use a pure marklogic authentication layer 

    import module namespace sec="http://marklogic.com/xdmp/security" at "/MarkLogic/security.xqy"
let $role-id := xdmp:dpcument-get-permissions(fn:base-uri(fn:doc()[1]))/sec:role-id/text()
sec:get-role-name(($role-id))

    xquery version "1.0-ml";
import module namespace sec="http://marklogic.com/xdmp/security" at "/MarkLogic/security.xqy"

for $p in xdmp:eval(
  'xdmp:document-get-permissions(fn: base-uri(fn:doc()[1]))',
   (),
  <options xmlns="xdmp:eval">
    <database>{xdmp:database("top-songs")}</database>
  </options>
)
return sec:get-role-name($p/sec:role-id/text())

Advanced Srach

Advances Types:

  • OR
  • Phrase
  • NOT
  • Fields can group properties to search
Fields
  • Query potions of database based on elemetns
  • Configure - Databases - <dbname> - Files - Create

REST API

There are 3 REST apis
  • client api (buildings apps, crud, search),
  • management rest api (deployment, administrative tasks)
  • Packaging API (configuration mangement, snapshots0
Endpoints
  • /v1/rest-apis : create a rest instance
  • /v1/documents
  • /v1/search
Extensibility
Out of the Box
  • search,
  • crud,
  • xml,
  • json,
  • binary,
  • transactison,
  • admin,
  • configuration
Creating an REST instance
<rest-api xmlns="http://marklogic.com/rest-api">
  <name>top-songs-appserver</name>
  <group>Default</group>
  <database>top-songs-content</database>
  <modules-database>top-songs-modules</modules-database>
  <port>7010</port>
</rest-api>

curl --anyauth --user admin:admin -X POST -d@"./myconfig.xml" -i -H "Content-type:application/xml" http://localhost:8002/v1/rest-apis

Semantics

Terminology
RDF
  • Resource Description Framework
RDF Triple
  • Represents a fact
  • <subject> - <predicate> - <object>
    Subject
    • A representation of a resource
    Predicate
    • A representation of a property or characteristes of the subject or the relationship between the ssubject and the objects
    • Called, arc or edge
    Object
    • preperty value
    • Maybe typed
    • Maybe subject of other triples.
Graph
  • Set of RDF triple statements or patterns
IRI
  • International Resource Identifier
  • Uniquely identifies resources in an RDF triple
  • May contain Unicode characters (unlike URIs which are ASCII)
Trile data
  • Importing standarizes the triple formal, just need to define the import format in ML.
  • Triple index must be turned on for sparkle query.
Sparql
  • SPARQL is the query language for Triple data
  • SPARQL Protocol And RDF Query Languale
  • Use SARQL in Marklogic via:
    • REST
    • XQuery API
    • Query Console Tools
  • Intro to SPARQL
    SELECT ?p
WHERE {<http://dbpedia.org/resource/David_Bowie> ?p ?o}

    PREFIX db: <http://dbpedia.org/resource/>
PREFIX onto: <http://dbpedia.org/ontology/>
PREFIX dc: <http://purl.org/dc/eleemetns/1.1/>
SELECT *
WHERE {
  ?s db:birthPlace db:Athens .
  ?s db:birthPlace db:Greece .
  ?s dc:description ?o
}

    Namespaces foaf : friend of a friend : http://mlxns.com/foaf/0.1 dc : dublin core : http://purl.org/dc/elements/1.1 (about people) 

    SELECT *
WHERE {
?s db:birthPlace db:Athens ;
   db:birthPlace db:Greece ;
   dc:descriptionPlace ?o
}
    • Other keyworks
      • UNION - join
      • OPTIONAL - return a value if avaliable
      • FILTER
      • DISTINCT
      • LIMIT

Log Files

  • By default in found in marklogic directory
    • Access
    • Audit (Empty by default
    • Error
  • 1 Log per App Service
  • Rotate daily
  • Hold for a week 
xdmp:log($message, $level);

xquery version "1.0-ml";
try {
  1 div 0
} catch ($) {
  xdmp:log($e/error:code/text())
}