Looks like a bug ...
----- Original Message ----- From: [email protected] <[email protected]> To: [email protected] <[email protected]> Sent: Wed Mar 25 20:15:58 2009 Subject: [Ecm] Potential restlet authentication breakage in nuxeo > 5.2m3 Hello, I've noticed that in all versions of Nuxeo > 5.2m3, restlets do not seem to challenge clients with HTTP basic properly. I initially thought that it may be a configuration change needed in my custom restlets, but I was able to duplicate it with the locking restlet delivered with Nuxeo. To reproduce: 1) login to a plain vanilla Nuxeo, create a file document, and not the file's docid. 2) Test the lock status in the browser by visiting: http://localhost:8080/nuxeo/restAPI/default/${docid}/Locking/status This seems to work just fine because your existing credentials are being used. 3) Open a different browser (or use curl/wget) and visit the same URL. In nuxeo 5.2.0m3, you are properly challenged for HTTP basic credentials (status 401). In 5.2.0m4 or 5.2.0RC1, you are sent a redirect (status 302) to the login page. Is this change intentional and I need to update some configuration file, or is it just a bug that needs fixing? If anyone has a workaround, I would be very grateful. Thanks, Mike _______________________________________________ ECM mailing list [email protected] http://lists.nuxeo.com/mailman/listinfo/ecm To unsubscribe, go to http://lists.nuxeo.com/mailman/options/ecm
