Juerg,
I can confirm your findings with Safari as discussed in the WebKit
HTTP Authentication thread.
At this point, using the trunk of sling, I am unable to use any WebKit
browser with sling where a principal other than anonymous is required.
-- Mike
On Sep 17, 2009, at 3:27 PM, Juerg Meier wrote:
On Wednesday 16 September 2009 22:55:27 Jonathan Cook wrote:
One trick with this is to call a resource-type URI from /a with the
authentication requested and that will authenticate the user good to
/a/b/c and /a/d , from /a/b/c
so just <img src="/a.png?sling:authRequestLogin" alt="auth shim" />
or
something of the sort. you can have that render spool a blank
image or
login button.
Regards,
Jonathan 'J5' Cook
First, thanks for the huge quantity of light to all repliers!
And sorry that I missed to mention the browsers. I tested with FF
3.0.7
(Linux) and 3.5.3 (win), with IE6 (well, it's still the VW beetle
among
browsers...) and Safari 4.0.3 (win). All had (re-)acted the same way.
Jonathan, I implemented your "trick", that is, I authenticated
hiddenly on /a.
And this really works fine with FF und IE, but not with Safari! That
might be
interesting for the guys discussing in the "WebKit HTTP
Authentication"
thread. With Safari, I still get "anonymous" as remoteUser when
visiting /a/c.html.
So, looks like to support safari and it-s WebKit fellows it'll take
a form
based approach. As to read in one of the discussion entries, that
would
require an HTTP session, thus not precisely the concept we preferin
the REST
world...
-- Juerg
:: mike moulton
:: meltmedia
::
:: [email protected]
:: 602.648.6810 | direct
:: 602.432.2568 | iphone
:: mmoulton66 | aim
