5 Jun
2011
5 Jun
'11
11:50 p.m.
Hi Jun,
login/logout can be implemented in order to store on the client side
user credentials that are sent with HTTP requests.
Currently there is no way in the REST-api to get a "session token"
(like the cookie sent after a login is made using the web form) so
that subsequent requests are performed on the behalf of a previously
authenticated user.
So what is usually done is to send basic-auth credentials with each request.
You can start with this. Next you might try to retrieve the cookie by
faking a standard login and using that cookie in subsequent requests.
The ideal setting would be to implement server side some OAuth-like
mechanism, but this is out of scope wrt your project.
-Fabio
On Sat, Jun 4, 2011 at 6:27 PM, Jun Han <jun.han37(a)gmail.com> wrote:
Dear all,
I am on the way of replacing the xmlrpc implementation of
RemoteXWikiDataStorage implements IDataStorage {}.
One question is about how to implement login and logout functionality
via REST API.
From REST API document, users can be authenticated via something like:
1. XWiki session
2. HTTP Basic Auth.
HTTP basic auth can be implemented via adding HTTP header to the HTTP
request, then XEclipse can display Xwiki Resources by parsing the response.
Therefore, do we need to implement login and logout methods?
Best regards
Jun Han
_______________________________________________
devs mailing list
devs(a)xwiki.org
http://lists.xwiki.org/mailman/listinfo/devs