Hi Chathura,
Excellent! Did you also try this over HTTPS? Please set up a testcase too
to make sure its working right.
Since the browser maintains the HTTP session, is it correct that in the
browser case the authn happens only once? Whereas in the RemoteRegistry
case, the authn will happen each time right now as we're not getting http
session support by Abdera. Deepal please check that the authn is working
right for the remote registry too.
Sanjiva.
Chathura C. Ekanayake wrote:
I have implemented the HTTP basic authentication support for resource
content access through the webapp.
Now the authorization for the HTTP GET requests for the
wso2registry/resources/... path works as below.
If a user is not logged in and GET request is made on an unauthorized
resource, WWW-Authenticate: Basic realm="WSO2Registry" header is sent
with a 401 response.
If the request contains Authorization: Basic
QWxhZGRpbjpvcGVuIHNlc2FtZQ== header, specified user is authenticated and
logged in. This happens irrespective of a user is logged in or not. That
means a client can force to log in as a user by providing the
Authorization header.
If a user is logged in and GET request is made on an unauthorized
resource, 401 response is returned without the WWW-Authenticate header.
I have tested this implementation using Firefox browser and tcpmon.
Thanks,
Chathura
_______________________________________________
Registry-dev mailing list
[email protected]
http://wso2.org/cgi-bin/mailman/listinfo/registry-dev
--
Sanjiva Weerawarana, Ph.D.
Founder, Chairman & CEO; WSO2, Inc.; http://www.wso2.com/
email: [EMAIL PROTECTED]; cell: +1 650 265 8311 | +94 77 787 6880
"Oxygenating the Web Service Platform."
_______________________________________________
Registry-dev mailing list
[email protected]
http://wso2.org/cgi-bin/mailman/listinfo/registry-dev
