Vincent Massol wrote: > On Dec 19, 2008, at 6:27 PM, Fabio Mancinelli wrote: > >> Vincent Massol wrote: >> >>> Does this mean I cannot open my browser and call the REST URL without >>> specifying a user? >>> >> It should open up the authentication dialog where you type your >> username >> and password (or guest) the first time you request a resource. > > Is that right? It sounds cumbersome and bad for easy automation when > you want guest access. > > Cannot we default to guest when no username/account is specified? >
Well, when a resource is requested for the first time (i.e., a request with no auth headers) either the server assume that is a guest or it sends back a challenge (e.g., auth basic) in order to request an auth header. It's this challenge that makes the browser open the popup. So if we want to be able to authenticate users that types URIs in a browser we need to make this popup open. AFAIK this is the only way for making the browser send an auth header. Otherwise a user that types URIs in a plain browser will always results as "guest". For automation I don't really see the problem. If we are going to write a script or another automated agent, for example using curl, we can always stick an auth header starting from the first request and no challenge will be generated: the server will provide the requested resource (provided that the credentials in the auth header are correct) -Fabio _______________________________________________ devs mailing list [email protected] http://lists.xwiki.org/mailman/listinfo/devs
