On Mon, Dec 22, 2008 at 10:56 AM, Eduard Moraru <[email protected]>wrote:
> Vincent Massol wrote: > > On Dec 19, 2008, at 6:27 PM, Fabio Mancinelli wrote: > > > > > >> Vincent Massol wrote: > >> > >> > >>> Does this mean I cannot open my browser and call the REST URL without > >>> specifying a user? > >>> > >>> > >> It should open up the authentication dialog where you type your > >> username > >> and password (or guest) the first time you request a resource. > >> > > > > Is that right? It sounds cumbersome and bad for easy automation when > > you want guest access. > > > > Cannot we default to guest when no username/account is specified? > > > > Thanks > > -Vincent > > > > _______________________________________________ > > devs mailing list > > [email protected] > > http://lists.xwiki.org/mailman/listinfo/devs > > > +1 > User as a resource seems quite logical... this is the same point of view as OpenID... > > I think it would be easier and more natural to have the default to guest > or anonymous user. > When an anonymous user tries to access restricted content -> 403 > If he wants to log-in, he just does: > http://user:[email protected]/space/X/page/Y > for security issues, passing the user/password for each request is really not very good... I really prefer the authentication token approach... > > We should mimic the basic auth and skip the pop`ul window that requires > user/pass in the browser. > > That is: Imply that the current user is exactly who he says he is and do > not assume he could be a user with rights to a resource until he > explicitly says so. > _______________________________________________ > devs mailing list > [email protected] > http://lists.xwiki.org/mailman/listinfo/devs > _______________________________________________ devs mailing list [email protected] http://lists.xwiki.org/mailman/listinfo/devs
