On Jun 21, 2009, at 2:49 PM, Sergiu Dumitriu wrote: > Marco K. wrote: >> Hi all, >> >> has anyone already tried the "Junp to page" feature of the release >> 1.9.0 >> behind an Apache server? >> >> When I type the page name, I'm asked for authentication again and >> again. > > This is caused by the fact that the REST service doesn't handle basic > authentication. > Actually it's correct. REST supports basic authentication. The problem is that it uses the credentials provided in the authorization header to authenticate the XWiki users, and if authentication fails it challenges the client with a 403 forbidden header (that's why the browser keeps opening the auth dialog again and again)
What happens, in this case, is that the username:password provided to bypass .htaccess is also used to authenticate the xwiki and this, of course, fails. We were discussing of it yesterday and a solution would be to fallback to cookie authentication if the basic auth fails. -Fabio _______________________________________________ users mailing list [email protected] http://lists.xwiki.org/mailman/listinfo/users
