24 Mar
2009
24 Mar
'09
3:10 p.m.
fmancinelli (SVN) wrote:
Author: fmancinelli
Date: 2009-03-23 22:15:24 +0100 (Mon, 23 Mar 2009)
New Revision: 17953
Modified:
platform/core/branches/xwiki-core-1.8/xwiki-core/src/main/java/com/xpn/xwiki/xmlrpc/XWikiUtils.java
platform/core/branches/xwiki-core-1.8/xwiki-core/src/main/java/com/xpn/xwiki/xmlrpc/XWikiXmlRpcApiImpl.java
Log:
XWIKI-3449: Authenticated XWiki user name might be incorrect in XMLRPC login
XWIKI-3450: Allow guest access to be disabled in XMLRPC
+ /* Check if we must grant access when no
token is provided */
+ boolean allowGuest =
context.getWiki().ParamAsLong("xwiki.authentication.always", 0) != 1;
+
Fabio, you are using this parameter wrong. This doesn't mean that only
authenticated users are allowed, but it controls the optimization done
by Thomas, which is to only check the authentication only if there is no
Principal in the session. This parameter forces to check the cookies at
each request instead of using the session object.
--
Sergiu Dumitriu
http://purl.org/net/sergiu/