I have implemented the HTTP basic authentication support for resource content access through the webapp.
Now the authorization for the HTTP GET requests for the wso2registry/resources/... path works as below.
If a user is not logged in and GET request is made on an unauthorized resource, WWW-Authenticate: Basic realm="WSO2Registry" header is sent with a 401 response.
If the request contains Authorization: Basic QWxhZGRpbjpvcGVuIHNlc2FtZQ== header, specified user is authenticated and logged in. This happens irrespective of a user is logged in or not. That means a client can force to log in as a user by providing the Authorization header.
If a user is logged in and GET request is made on an unauthorized resource, 401 response is returned without the WWW-Authenticate header.
I have tested this implementation using Firefox browser and tcpmon. Thanks, Chathura _______________________________________________ Registry-dev mailing list [email protected] http://wso2.org/cgi-bin/mailman/listinfo/registry-dev
