On Mar 24, 2009, at 3:10 PM, Sergiu Dumitriu wrote:
> fmancinelli (SVN) wrote:
>> Author: fmancinelli
>> Date: 2009-03-23 22:15:24 +0100 (Mon, 23 Mar 2009)
>> New Revision: 17953
>>
>> Modified:
>> platform/core/branches/xwiki-core-1.8/xwiki-core/src/main/java/
>> com/xpn/xwiki/xmlrpc/XWikiUtils.java
>> platform/core/branches/xwiki-core-1.8/xwiki-core/src/main/java/
>> com/xpn/xwiki/xmlrpc/XWikiXmlRpcApiImpl.java
>> Log:
>> XWIKI-3449: Authenticated XWiki user name might be incorrect in
>> XMLRPC login
>> XWIKI-3450: Allow guest access to be disabled in XMLRPC
>
>> + /* Check if we must grant access when no token is provided
>> */
>> + boolean allowGuest =
>> context.getWiki().ParamAsLong("xwiki.authentication.always", 0) != 1;
>> +
>
> Fabio, you are using this parameter wrong. This doesn't mean that only
> authenticated users are allowed, but it controls the optimization done
> by Thomas, which is to only check the authentication only if there
> is no
> Principal in the session. This parameter forces to check the cookies
> at
> each request instead of using the session object.
>
I discussed this with Thomas yesterday...
Anyway, maybe we should introduce an "xwiki.xmlrpc.allow.guest"
property instead of using this one.
WDYT?
Cheers,
Fabio
_______________________________________________
devs mailing list
[email protected]
http://lists.xwiki.org/mailman/listinfo/devs
