On Mon, Dec 22, 2008 at 10:56 AM, Eduard Moraru <eduard.moraru(a)xwiki.com>wrote;wrote:
Vincent Massol wrote:
On Dec 19, 2008, at 6:27 PM, Fabio Mancinelli
wrote:
Vincent Massol wrote:
Does this mean I cannot open my browser and call
the REST URL without
specifying a user?
It should open up the authentication dialog where you type your
username
and password (or guest) the first time you request a resource.
Is that right? It sounds cumbersome and bad for easy automation when
you want guest access.
Cannot we default to guest when no username/account is specified?
Thanks
-Vincent
_______________________________________________
devs mailing list
devs(a)xwiki.org
http://lists.xwiki.org/mailman/listinfo/devs
+1
User as a resource seems quite logical... this is the same point of view as
OpenID...
I think it would be easier and more natural to have the default to guest
or anonymous user.
When an anonymous user tries to access restricted content -> 403
If he wants to log-in, he just does:
http://user:password@xwikihost.xxx/space/X/page/Y
for security issues, passing the user/password for each request is really
not very good... I really prefer the authentication token approach...
We should mimic the basic auth and skip the pop`ul window that requires
user/pass in the browser.
That is: Imply that the current user is exactly who he says he is and do
not assume he could be a user with rights to a resource until he
explicitly says so.
_______________________________________________
devs mailing list
devs(a)xwiki.org
http://lists.xwiki.org/mailman/listinfo/devs