On Nov 8, 2009, at 9:49 PM, Dilipkumar Jadhav wrote: > Hello folks, > > XWiki REST authentication can be BASIC authentication or XWiki browser > sessions. Found XWIKI-3268 (http://jira.xwiki.org/jira/browse/XWIKI-3268 > ) > which stated the same. However is there a possibility to add > username/password used by the XWiki users into the HTTPClient > authentication > methods. > > At present, BASIC authentication would mean creating a username/ > password > again for the users. And relying on cookies mechanism requires that > the > XWiki user should be logged into XWiki through a browser before s/he > can > make REST requests. Either ways, an http client won't be able to > authenticate users without making them put an extra effort to login > manually > somewhere. > > Please let me know your views on this one & If there is a work > around to > this. > As Guillaume already hinted, the username/password for HTTP basic authentication are the same as the XWiki username/password you use to login to your XWiki using the web interface.
To be more precise the XWiki REST authentication works in the following way (priority order): 1) If an authorization header is present the provided username/ password are checked using the XWiki auth service. As said before these credentials are the same of the ones you will use to login using the web interface. 2) If an authorization header is NOT present, but in the request there are session information about a previous login, then this information is used to authenticate the user. 3) If everything fails (neither HTTP basic auth headers nor session information are present), then the request is associated to the Guest user In all cases, XWiki auth components are used to perform authentication so, at a lower level, authentication works exactly as the one in the web interface, using the same usernames and passwords. Hope this helps. -Fabio _______________________________________________ users mailing list users@xwiki.org http://lists.xwiki.org/mailman/listinfo/users
