8 Nov
2009
8 Nov
'09
9:49 p.m.
Hello folks,
XWiki REST authentication can be BASIC authentication or XWiki browser
sessions. Found XWIKI-3268 (http://jira.xwiki.org/jira/browse/XWIKI-3268)
which stated the same. However is there a possibility to add
username/password used by the XWiki users into the HTTPClient authentication
methods.
At present, BASIC authentication would mean creating a username/password
again for the users. And relying on cookies mechanism requires that the
XWiki user should be logged into XWiki through a browser before s/he can
make REST requests. Either ways, an http client won't be able to
authenticate users without making them put an extra effort to login manually
somewhere.
Please let me know your views on this one & If there is a work around to
this.
Thank you guys.
Regards,
Dilipkumar Jadhav
9 Nov
9 Nov
9:26 a.m.
Hi Dilipkumar,
On Sun, Nov 8, 2009 at 9:49 PM, Dilipkumar Jadhav <
jadhav.dilipkumar(a)gmail.com> wrote:
Hello folks,
XWiki REST authentication can be BASIC authentication or XWiki browser
sessions. Found XWIKI-3268 (http://jira.xwiki.org/jira/browse/XWIKI-3268)
which stated the same. However is there a possibility to add
username/password used by the XWiki users into the HTTPClient
authentication
methods.
At present, BASIC authentication would mean creating a username/password
again for the users. And relying on cookies mechanism requires that the
XWiki user should be logged into XWiki through a browser before s/he can
make REST requests. Either ways, an http client won't be able to
authenticate users without making them put an extra effort to login
manually
somewhere.
As far as I know, your BASIC authentication username / password are the same
as your standard XWiki Username / Password.
That is, if an user has a XWiki account, he can login through basic
authentication using that same account. Thus you don't need to create a new
account / password for your users.
Guillaume
Please let me know your views on this one & If
there is a work around to
this.
Thank you guys.
Regards,
Dilipkumar Jadhav
_______________________________________________
users mailing list
users(a)xwiki.org
http://lists.xwiki.org/mailman/listinfo/users
--
Guillaume Lerouge
Product Manager - XWiki SAS
Skype: wikibc
Twitter: glerouge
http://guillaumelerouge.com/
10:52 a.m.
On Nov 8, 2009, at 9:49 PM, Dilipkumar Jadhav wrote:
Hello folks,
XWiki REST authentication can be BASIC authentication or XWiki browser
sessions. Found XWIKI-3268 (http://jira.xwiki.org/jira/browse/XWIKI-3268
)
which stated the same. However is there a possibility to add
username/password used by the XWiki users into the HTTPClient
authentication
methods.
At present, BASIC authentication would mean creating a username/
password
again for the users. And relying on cookies mechanism requires that
the
XWiki user should be logged into XWiki through a browser before s/he
can
make REST requests. Either ways, an http client won't be able to
authenticate users without making them put an extra effort to login
manually
somewhere.
Please let me know your views on this one & If there is a work
around to
this.
As Guillaume already hinted, the username/password for HTTP basic
authentication are the same as the XWiki username/password you use to
login to your XWiki using the web interface.
To be more precise the XWiki REST authentication works in the
following way (priority order):
1) If an authorization header is present the provided username/
password are checked using the XWiki auth service. As said before
these credentials are the same of the ones you will use to login using
the web interface.
2) If an authorization header is NOT present, but in the request there
are session information about a previous login, then this information
is used to authenticate the user.
3) If everything fails (neither HTTP basic auth headers nor session
information are present), then the request is associated to the Guest
user
In all cases, XWiki auth components are used to perform authentication
so, at a lower level, authentication works exactly as the one in the
web interface, using the same usernames and passwords.
Hope this helps.
-Fabio
5478
days inactive
5479
days old
2 comments
3 participants
participants (3)
-
Dilipkumar Jadhav -
Fabio Mancinelli -
Guillaume Lerouge