On Dec 19, 2008, at 6:57 PM, Fabio Mancinelli wrote:
Vincent Massol wrote:
On Dec 19, 2008, at 6:27 PM, Fabio Mancinelli
wrote:
Vincent Massol wrote:
Does this mean I cannot open my browser and call
the REST URL
without
specifying a user?
It should open up the authentication dialog where you type your
username
and password (or guest) the first time you request a resource.
Is that right? It sounds cumbersome and bad for easy automation when
you want guest access.
Cannot we default to guest when no username/account is specified?
Well, when a resource is requested for the first time (i.e., a request
with no auth headers) either the server assume that is a guest or it
sends back a challenge (e.g., auth basic) in order to request an auth
header.
It's this challenge that makes the browser open the popup. So if we
want
to be able to authenticate users that types URIs in a browser we
need to
make this popup open. AFAIK this is the only way for making the
browser
send an auth header. Otherwise a user that types URIs in a plain
browser
will always results as "guest".
For automation I don't really see the problem. If we are going to
write
a script or another automated agent, for example using curl, we can
always stick an auth header starting from the first request and no
challenge will be generated: the server will provide the requested
resource (provided that the credentials in the auth header are
correct)
I have the feeling that REST services that I have used in the past
don't do this.
For ex I can open a browser and type:
http://repository.sonatype.org/service/local/repositories
And it just gives me the answer without having to type anything.
See the Authentication section of
https://docs.sonatype.com/display/Nx/Nexus+Rest+API
I really prefer it this way. We need to make it extra easy to query
IMO (for open wikis).
Thanks
-Vincent