24 Mar
2009
24 Mar
'09
4:02 p.m.
On Mar 24, 2009, at 3:10 PM, Sergiu Dumitriu wrote:
fmancinelli (SVN) wrote:
I discussed this with Thomas yesterday...
Anyway, maybe we should introduce an "xwiki.xmlrpc.allow.guest"
property instead of using this one.
WDYT?
Cheers,
Fabio
Author: fmancinelli
Date: 2009-03-23 22:15:24 +0100 (Mon, 23 Mar 2009)
New Revision: 17953
Modified:
platform/core/branches/xwiki-core-1.8/xwiki-core/src/main/java/
com/xpn/xwiki/xmlrpc/XWikiUtils.java
platform/core/branches/xwiki-core-1.8/xwiki-core/src/main/java/
com/xpn/xwiki/xmlrpc/XWikiXmlRpcApiImpl.java
Log:
XWIKI-3449: Authenticated XWiki user name might be incorrect in
XMLRPC login
XWIKI-3450: Allow guest access to be disabled in XMLRPC
+ /* Check if we must grant access when no
token is provided
*/
+ boolean allowGuest =
context.getWiki().ParamAsLong("xwiki.authentication.always", 0) != 1;
+
Fabio, you are using this parameter wrong. This doesn't mean that only
authenticated users are allowed, but it controls the optimization done
by Thomas, which is to only check the authentication only if there
is no
Principal in the session. This parameter forces to check the cookies
at
each request instead of using the session object.