5 Jun
2011
5 Jun
'11
4:46 a.m.
Hi, Paul,
Thanks a lot for your reply.
I think I kinda understand how Xwiki session is created when user logs
in using a login form in a web browser. But I am not very clear about
how to achieve the same function of XWiki session in XEclipse desktop
application.
An HTTP post request can be sent from XEclipse client and get a response
with some session id.
Then what would be the next step in XEclipse client?
Save session id for the future request (in cookie or some other form)
and pass it in some way (in HTTP header or as a form parameter) to the
REST API along with the resource URL?
Best regards
Jun Han
On 06/04/2011 04:56 PM, Paul Libbrecht wrote:
You certainly need it with XWiki session.
In general, XWiki session is more secure because:
- the login part can be made over https if needed
- then, no password but only a session ID is exchange (typically bound to the IP)
I agree it makes no sense to login with Basic Auth.
paul
Le 4 juin 2011 à 18:27, Jun Han a écrit :
Dear all,
I am on the way of replacing the xmlrpc implementation of
RemoteXWikiDataStorage implements IDataStorage {}.
One question is about how to implement login and logout functionality
via REST API.
From REST API document, users can be authenticated via something like:
1. XWiki session
2. HTTP Basic Auth.
HTTP basic auth can be implemented via adding HTTP header to the HTTP
request, then XEclipse can display Xwiki Resources by parsing the response.
Therefore, do we need to implement login and logout methods?
Best regards
Jun Han
_______________________________________________
devs mailing list
devs(a)xwiki.org
http://lists.xwiki.org/mailman/listinfo/devs
_______________________________________________
devs mailing list
devs(a)xwiki.org
http://lists.xwiki.org/mailman/listinfo/devs