[
http://jira.xwiki.org/jira/browse/XWIKI-2018?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel#action_23179
]
Ricardo RodrÃguez commented on XWIKI-2018:
------------------------------------------
After some trials here by using several user agents (web browsers) and http
servers (Apache, M+NetMail WebAccess and Tomcat/Xwiki) I can only conclude that
there is something that I don't understand in the server side that prevents
basic authorization to work.
For instance, I'm using Firefox and Live HTTP Headers to read the conversation
between the browser and M+NetMail. If I pass an URL in the form...
http://username:[EMAIL PROTECTED]
It seems that the http server correctly sent a 401 challenge to the client; and
it responds with the right Authorization header in the form:
Authorization: Basic xxxxxxxxxxxxxxxxxxxxxxxxxxxx
Being the x string the substitution of Base64 encoding of "user:password".
So, the HTTP client does support Basic authorization (Sergiu, you spoke about
authentication, but I think we must speak about authorization here, musn't we?)
But if I pass the same URL to Tomcat/XWik I never see a 401 challenge in the
conversation log. And it fails.
Please, I am lost anywhere or there something that it is worth attention here?
I hope this is not just noise. Thanks!
> Support URL authentication
> --------------------------
>
> Key: XWIKI-2018
> URL: http://jira.xwiki.org/jira/browse/XWIKI-2018
> Project: XWiki Core
> Issue Type: New Feature
> Components: Actions and URLs, Authentication and Rights Management
> Affects Versions: 1.2
> Reporter: Sergiu Dumitriu
> Fix For: 1.4 M1
>
>
> In order to support private RSS feeds, XWiki should:
> - work behind https (does, with the correct container settings)
> - accept authentication using URL parameters, like
> https://server/bin/view/Main/NewsRss?xpage=rss&username=user&authtoken=token
> The token should verify the password and the IP, so that stealing it would
> not work.
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators:
http://jira.xwiki.org/jira/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira
_______________________________________________
notifications mailing list
[email protected]
http://lists.xwiki.org/mailman/listinfo/notifications
