Tim Holloway wrote:Just to be clear - you shouldn't even think of allowing an outsider to connect directly to a database.
Yes, that's the reason I'm interested in postgrest. All the security is defined in the database, and it determines which, if any, tables, views, stored procedures & so on are available via the rest api
Tim Holloway wrote:
A URL in the form https://mydomain.com/api is actually equivalent to https://mydomain.com:443/api, since port 443 is the default port for https, just as port 80 is the default port for http. But any port numbered less than 4096 is considered "privileged".
yep, I'm ok with that. The Tomcat server I want to use already has a number of web applications running on it, accessible via https. The only port visible to the outside world is the one that Tomcat uses, say 2345. In fact, Tomcat is using https, but on 2345, not 443. I don't want to open any more ports in the firewall.
Tim Holloway wrote:
If it were not for that, you wouldn't need any URL rewriting, since you could simply name your server www.mydomain.com and deploy the webapp under the context path of "/api".
Postgrest isn't a webapp that runs inside Tomcat It's a stand alone application that responds to http requests, written afaik in Haskell, listening on port 3000.
So, what I need is an application on Tomcat, visible at say
https://mydomain.com:2345/api where all requests to that application get sent on to the postgrest application running on the same host.
Rather than write any such thing myself, I thought I could make a do-nothing web app called 'api' & use UrlRewriteFilter
Hopefully, that makes more sense.