Vincent Massol wrote: > On Dec 19, 2008, at 6:27 PM, Fabio Mancinelli wrote: > > >> Vincent Massol wrote: >> >> >>> Does this mean I cannot open my browser and call the REST URL without >>> specifying a user? >>> >>> >> It should open up the authentication dialog where you type your >> username >> and password (or guest) the first time you request a resource. >> > > Is that right? It sounds cumbersome and bad for easy automation when > you want guest access. > > Cannot we default to guest when no username/account is specified? > > Thanks > -Vincent > > _______________________________________________ > devs mailing list > [email protected] > http://lists.xwiki.org/mailman/listinfo/devs > +1
I think it would be easier and more natural to have the default to guest or anonymous user. When an anonymous user tries to access restricted content -> 403 If he wants to log-in, he just does: http://user:[email protected]/space/X/page/Y We should mimic the basic auth and skip the pop`ul window that requires user/pass in the browser. That is: Imply that the current user is exactly who he says he is and do not assume he could be a user with rights to a resource until he explicitly says so. _______________________________________________ devs mailing list [email protected] http://lists.xwiki.org/mailman/listinfo/devs
