On Wednesday 16 September 2009 22:55:27 Jonathan Cook wrote: > One trick with this is to call a resource-type URI from /a with the > authentication requested and that will authenticate the user good to > /a/b/c and /a/d , from /a/b/c > > so just <img src="/a.png?sling:authRequestLogin" alt="auth shim" /> or > something of the sort. you can have that render spool a blank image or > login button. > > Regards, > Jonathan 'J5' Cook >
First, thanks for the huge quantity of light to all repliers! And sorry that I missed to mention the browsers. I tested with FF 3.0.7 (Linux) and 3.5.3 (win), with IE6 (well, it's still the VW beetle among browsers...) and Safari 4.0.3 (win). All had (re-)acted the same way. Jonathan, I implemented your "trick", that is, I authenticated hiddenly on /a. And this really works fine with FF und IE, but not with Safari! That might be interesting for the guys discussing in the "WebKit HTTP Authentication" thread. With Safari, I still get "anonymous" as remoteUser when visiting /a/c.html. So, looks like to support safari and it-s WebKit fellows it'll take a form based approach. As to read in one of the discussion entries, that would require an HTTP session, thus not precisely the concept we preferin the REST world... -- Juerg
