5 MKWS accesses targets using the Pazpar2 metasearching engine, almost
6 always fronted by the Service Proxy to manage target selection. This
7 document assumes the SP is used, and so that a library of targets is
8 available, maintained using an instance of MKAdmin (often
9 http://mkc-admin.indexdata.com/console/)
12 1. Selecting targets within the library
13 ---------------------------------------
15 MKWS applications can choose what subset of the library's targets to
16 use, by means of several alternative settings on individual widgets or
17 in the mkws_config structure:
19 * targets -- contains a Pazpar2 targets string, typically of the form
20 "pz:id=" or "pz:id~" followed by a pipe-separated list of low-level
23 At present, these IDs can take one of two forms, depending on the
24 configuration of the Service Proxy being used: they may be based on
25 ZURLs, so a typical value would be something like:
26 pz:id=josiah.brown.edu:210/innopac|lui.indexdata.com:8080/solr4/select?fq=database:4902
27 Or they may be UDBs, so a typical value would be something like:
30 * targetfilter -- contains a CQL query which is used to find relevant
31 targets from the relvant library. For example,
36 * target -- contains a single UDB, that of the sole target to be
39 This is merely syntactic sugar for "targetfilter" with the query
43 2. Changing the library
44 -----------------------
46 Some MKWS applications will be content to use the default library with
47 its selection of targets. Most, though, will want to define their own
48 library providing a different range of available targets. An important
49 case is that of applications that authenticate onto subscription
50 resources by means of credentials stored in MKAdmin: precautions must
51 be taken so that such library accounts do not allow unauthorised
54 Setting up such a library is a two-stage process.
59 - Make a new library on http://mkc-admin.indexdata.com/console/
60 - Select relevant targets
61 - Add authentication credentials to the targets as necessary
62 - Create an end-user account
63 - Set its username and password
65 Stage B (on the application's web-server):
67 Authentication onto the library can be achieved by a single HTTP GET
68 to the relevant Service Proxy, passing in the credentials and thereby
69 initiating an HTTP session. This can most simply be done just by
70 setting the service_proxy_auth configuration item to a URL such as
71 http://mkws.indexdata.com/service-proxy/?command=auth&action=check,login&username=MIKE&password=SWORDFISH
72 which is usually done with JavaScript like:
74 <script type="text/javascript">
75 var mkws_config = { service_proxy_auth:
76 "http://mkws.indexdata.com/service-proxy/?command=auth&action=check,login&username=MIKE&password=SWORDFISH" };
79 However, doing so reveals the the credentials to public view -- to
80 anyone who does View Source on the MKWS application. This may be
81 acceptable for some libraries, but is intolerable for those which
82 provide authenticated access to subscription resources. For such
83 circumstances, a more elaborate approach is necessary. The idea is to
84 make a local URL that is used for authentication onto the Service
85 Proxy, hiding the credentials, and to use local mechanisms to limit
86 access to that local authentication URL. Here is one way to do it when
87 Apache2 is the application's web-server, which we will call
90 - Add a rewriting authentication alias to the configuration:
92 RewriteRule /spauth/ http://mkws.indexdata.com/service-proxy/?command=auth&action=check,login&username=U&password=PW [P]
93 - Set thwe MKWS configuration item "service_proxy_auth" to:
94 http://example.com/spauth/
95 - Protect access to http://example.com/spauth/ (e.g. using a .htaccess file).
97 Once such a library has been set up, and access to it established,
98 target selection within the set that it makes available can be done
99 using the mechanisms above.
projects / mkws-moved-to-github.git / blob