Very strange.
I'll check that.
Thx for feedback.
Tiry
Santy, Michael a écrit :
Tiry,
When I follow the same procedure as in the original post, your change
now prompts me to authenticate. However, when I authenticate
successfully, I get a 404.
Assume that I request the URL
http://localhost:8080/nuxeo/restAPI/default/8e320448-9315-4511-ae87-f984197ebbbf/Locking/status.
If I look at the headers returned from curl after authenticating, I get:
HTTP/1.1 404
/nuxeo/nuxeo/restAPI/default/8e320448-9315-4511-ae87-f984197ebbbf/Locking/status
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Transfer-Encoding: chunked
Date: Fri, 27 Mar 2009 14:36:33 GMT
Note the extra "nuxeo" prepended to the request line. Apparently
nuxeo is forwarding to the wrong address internally after authentication.
Mike
-----Original Message-----
From: Tiry [mailto:[email protected]]
Sent: Fri 3/27/2009 8:58 AM
To: Santy, Michael
Cc: [email protected]
Subject: Re: [Ecm] Potential restlet authentication breakage in nuxeo
> 5.2m3
Should be fixed now.
=> see http://hg.nuxeo.org/nuxeo/nuxeo-platform/rev/74887f718310
Santy, Michael a écrit :
>
> Thanks, Thierry. I created a JIRA issue:
>
> http://jira.nuxeo.org/browse/NXP-3317
>
> Would you suspect this is something that would be fixed for 5.2.0-GA?
>
> Regards,
> Mike
>
> -----Original Message-----
> From: tdelprat [mailto:[email protected]]
> Sent: Wed 3/25/2009 2:24 PM
> To: Santy, Michael; [email protected]
> Subject: Re: [Ecm] Potential restlet authentication breakage in nuxeo
> > 5.2m3
>
> Looks like a bug ...
>
>
> ----- Original Message -----
> From: [email protected] <[email protected]>
> To: [email protected] <[email protected]>
> Sent: Wed Mar 25 20:15:58 2009
> Subject: [Ecm] Potential restlet authentication breakage in nuxeo >
5.2m3
>
>
> Hello,
>
> I've noticed that in all versions of Nuxeo > 5.2m3, restlets do not
> seem to
> challenge clients with HTTP basic properly. I initially thought that
> it may
> be a configuration change needed in my custom restlets, but I was
able to
> duplicate it with the locking restlet delivered with Nuxeo. To
reproduce:
>
> 1) login to a plain vanilla Nuxeo, create a file document, and not the
> file's docid.
> 2) Test the lock status in the browser by visiting:
> http://localhost:8080/nuxeo/restAPI/default/${docid}/Locking/status
> This seems to work just fine because your existing credentials are being
> used.
> 3) Open a different browser (or use curl/wget) and visit the same
URL. In
> nuxeo 5.2.0m3, you are properly challenged for HTTP basic credentials
> (status 401). In 5.2.0m4 or 5.2.0RC1, you are sent a redirect (status
> 302)
> to the login page.
>
> Is this change intentional and I need to update some configuration
> file, or
> is it just a bug that needs fixing? If anyone has a workaround, I
> would be
> very grateful.
>
> Thanks,
> Mike
>
>
_______________________________________________
ECM mailing list
[email protected]
http://lists.nuxeo.com/mailman/listinfo/ecm
To unsubscribe, go to http://lists.nuxeo.com/mailman/options/ecm
