Tiry, When I follow the same procedure as in the original post, your change now prompts me to authenticate. However, when I authenticate successfully, I get a 404.
Assume that I request the URL http://localhost:8080/nuxeo/restAPI/default/8e320448-9315-4511-ae87-f984197ebbbf/Locking/status. If I look at the headers returned from curl after authenticating, I get: HTTP/1.1 404 /nuxeo/nuxeo/restAPI/default/8e320448-9315-4511-ae87-f984197ebbbf/Locking/status Server: Apache-Coyote/1.1 Content-Type: text/html;charset=UTF-8 Transfer-Encoding: chunked Date: Fri, 27 Mar 2009 14:36:33 GMT Note the extra "nuxeo" prepended to the request line. Apparently nuxeo is forwarding to the wrong address internally after authentication. Mike -----Original Message----- From: Tiry [mailto:[email protected]] Sent: Fri 3/27/2009 8:58 AM To: Santy, Michael Cc: [email protected] Subject: Re: [Ecm] Potential restlet authentication breakage in nuxeo > 5.2m3 Should be fixed now. => see http://hg.nuxeo.org/nuxeo/nuxeo-platform/rev/74887f718310 Santy, Michael a écrit : > > Thanks, Thierry. I created a JIRA issue: > > http://jira.nuxeo.org/browse/NXP-3317 > > Would you suspect this is something that would be fixed for 5.2.0-GA? > > Regards, > Mike > > -----Original Message----- > From: tdelprat [mailto:[email protected]] > Sent: Wed 3/25/2009 2:24 PM > To: Santy, Michael; [email protected] > Subject: Re: [Ecm] Potential restlet authentication breakage in nuxeo > > 5.2m3 > > Looks like a bug ... > > > ----- Original Message ----- > From: [email protected] <[email protected]> > To: [email protected] <[email protected]> > Sent: Wed Mar 25 20:15:58 2009 > Subject: [Ecm] Potential restlet authentication breakage in nuxeo > 5.2m3 > > > Hello, > > I've noticed that in all versions of Nuxeo > 5.2m3, restlets do not > seem to > challenge clients with HTTP basic properly. I initially thought that > it may > be a configuration change needed in my custom restlets, but I was able to > duplicate it with the locking restlet delivered with Nuxeo. To reproduce: > > 1) login to a plain vanilla Nuxeo, create a file document, and not the > file's docid. > 2) Test the lock status in the browser by visiting: > http://localhost:8080/nuxeo/restAPI/default/${docid}/Locking/status > This seems to work just fine because your existing credentials are being > used. > 3) Open a different browser (or use curl/wget) and visit the same URL. In > nuxeo 5.2.0m3, you are properly challenged for HTTP basic credentials > (status 401). In 5.2.0m4 or 5.2.0RC1, you are sent a redirect (status > 302) > to the login page. > > Is this change intentional and I need to update some configuration > file, or > is it just a bug that needs fixing? If anyone has a workaround, I > would be > very grateful. > > Thanks, > Mike > >
_______________________________________________ ECM mailing list [email protected] http://lists.nuxeo.com/mailman/listinfo/ecm To unsubscribe, go to http://lists.nuxeo.com/mailman/options/ecm
