Remember the session problem we were facing in 1.2, where each and every REST request would create its own session that would never expire (since by default, the embedded Jetty would not expire sessions)? It has then be decided to make sure that after a call to a REST service, sessions should be cleared, which is why your cookie is no longer valid and you need to authentciate with each request.
In my mind, this behavior is correct for REST services, as the word "stateless" is often used when describing this protocol. And stateless in this sense means no session. Tobias On 15.03.2012, at 12:46, Rubén Pérez <[email protected]> wrote: > Hello list, > > We've been extensively using the Digest authentication with Matterhorn to > integrate our home-made systems, particularly the Galicaster Capturer. > However, we've seen that we are somehow unable to authenticate with the 1.3 > release candidate. > > This is an example script we are using for testing: > > echo > "---------------------------------------------------------------------------------------------------------------------------------------------" > echo > "-----------/welcome.html---------------------------------------------------------------------------------------------------------------------" > echo > "---------------------------------------------------------------------------------------------------------------------------------------------" > curl -v -c cookies.txt $server"/welcome.html" \ > --get -H "X-Requested-Auth: Digest" \ > --digest --user $username:$password \ > echo > "---------------------------------------------------------------------------------------------------------------------------------------------" > echo > "-----------/info/me.json--------------------------------------------------------------------------------------------------------------------" > echo > "---------------------------------------------------------------------------------------------------------------------------------------------" > curl -v -b cookies.txt $server"/info/me.json" > > > , where me.json could be any other Matterhorn endpoint. > > What happened in 1.2 is that we could use the cookie received in the > "welcome.html" part to access to any other endpoints without further > authentication. However, in 1.3 we DO get a cookie and the resource (the > welcome.html page), but we remain being an anonymous user. That is > surprising, because anonymous users are not supposed to log in the welcome > page. > > On the other hand, we have seen that the integration tests perform the > authentication process every time they call an endpoint, instead of obtaining > a SESSIONID cookie once and then using it in the following calls (perhaps the > http client tries, the authentication fails and it logs in again). > > I can't think of substantial changes in the authentication policy right now, > but I'd be glad to hear from you if this is an intended behavior, if others > can reproduce that problem and if you know of some changes in the code that > may have caused this issue. > > Thanks in advance for you input > Rubén > _______________________________________________ > Matterhorn mailing list > [email protected] > http://lists.opencastproject.org/mailman/listinfo/matterhorn > > > To unsubscribe please email > [email protected] > _______________________________________________ _______________________________________________ Matterhorn mailing list [email protected] http://lists.opencastproject.org/mailman/listinfo/matterhorn To unsubscribe please email [email protected] _______________________________________________
