Fabio Mancinelli wrote:
> On Mar 24, 2009, at 3:10 PM, Sergiu Dumitriu wrote:
>
>> fmancinelli (SVN) wrote:
>>> Author: fmancinelli
>>> Date: 2009-03-23 22:15:24 +0100 (Mon, 23 Mar 2009)
>>> New Revision: 17953
>>>
>>> Modified:
>>> platform/core/branches/xwiki-core-1.8/xwiki-core/src/main/java/
>>> com/xpn/xwiki/xmlrpc/XWikiUtils.java
>>> platform/core/branches/xwiki-core-1.8/xwiki-core/src/main/java/
>>> com/xpn/xwiki/xmlrpc/XWikiXmlRpcApiImpl.java
>>> Log:
>>> XWIKI-3449: Authenticated XWiki user name might be incorrect in
>>> XMLRPC login
>>> XWIKI-3450: Allow guest access to be disabled in XMLRPC
>>> + /* Check if we must grant access when no token is provided
>>> */
>>> + boolean allowGuest =
>>> context.getWiki().ParamAsLong("xwiki.authentication.always", 0) != 1;
>>> +
>> Fabio, you are using this parameter wrong. This doesn't mean that only
>> authenticated users are allowed, but it controls the optimization done
>> by Thomas, which is to only check the authentication only if there
>> is no
>> Principal in the session. This parameter forces to check the cookies
>> at
>> each request instead of using the session object.
>>
> I discussed this with Thomas yesterday...
>
> Anyway, maybe we should introduce an "xwiki.xmlrpc.allow.guest"
> property instead of using this one.
>
> WDYT?
Yes, this is good, maybe xwiki.xmlrpc.allowGuest would be a better name.
--
Sergiu Dumitriu
http://purl.org/net/sergiu/
_______________________________________________
devs mailing list
[email protected]
http://lists.xwiki.org/mailman/listinfo/devs
