Hi Girish,
Yes, you got it.
Web browser will popup a login dialog when response code is 401:
setResponseHeader("WWW-Authenticate", "Bearer realm=\"authentication
required\"");
The popup is skipped and then react/vue/angular can handle the response:
setResponseHeader("WWW-Authenticate", "OFBiz realm=\"authentication
required\"");
发件人: Girish Vasmatkar<mailto:girish.vasmat...@hotwaxsystems.com>
发送时间: 2020年7月9日 14:54
收件人: dev@ofbiz.apache.org<mailto:dev@ofbiz.apache.org>
主题: Re: REST implementation
Hi Shi
Thanks for taking a look at it. I have a question on "WWW-Authenticate"
header so please clarify and I can make appropriate changes accordingly -
All I am finding is that to prevent the pop-up, either return 403 (which I
do not want to do) or not include "WWW-Authenticate" header at all (not
inclined to do this as well because then we would be violating the spec).
Do you mean to NOT start the value of the header with "Bearer" ?
so instead of below
*WWW-Authenticate: Bearer realm="Access to OFBiz", charset="UTF-8"*
should we change it to
*WWW-Authenticate: xBearer realm="Access to OFBiz", charset="UTF-8"*
I did not test it, but I can just change it like this without testing if
you can please confirm it will prevent the browser dialog.
Thanks again for the review.
Best,
Girish
On Wed, Jul 8, 2020 at 8:45 PM Shi Jinghai <huaru...@hotmail.com> wrote:
> Hi Girish,
>
> Excellent.
>
> Only one suggestion from my quick view, when response code is 401, the
> "WWW-Authenticate" header should be set to start with a word NOT “Bearer
> …”, this can prevent web browser from popping up a login dialog.
>
> Kind Regards,
>
> Shi Jinghai
>
> 发件人: Girish Vasmatkar<mailto:girish.vasmat...@hotwaxsystems.com>
> 发送时间: 2020年7月8日 20:47
> 收件人: dev@ofbiz.apache.org<mailto:dev@ofbiz.apache.org>
> 主题: Re: REST implementation
>
> Hi Folks
>
> I have added support for OpenApi Integration. The updated code can be found
> here : https://github.com/girishvasmatkar/ofbiz-rest-impl. Please go
> through the changes and test at your end and let me know your thoughts.
>
> I am planning to do some refactoring and then raise initial PR for the
> plug-in if the changes look good to everyone.
>
> Best,
> Girish
>
>
> On Wed, Jun 17, 2020 at 4:54 PM Carsten Schinzer <
> cars...@dcs-verkaufssysteme.de> wrote:
>
> > Hi Girish,
> >
> > Thanks to clarify :)
> > What caught me on the OpenAPI integration is the snippet quoted below and
> > I realize I should have read it in context. Actually then it is aligned
> > with my view.
> >
> > Warm regards
> >
> > Carsten
> >
> > >>>>> Initial implementation does not contain OpenApi integration yet.
> And
> >
> >
>
>
