On Dec 19, 2008, at 6:57 PM, Fabio Mancinelli wrote: > Vincent Massol wrote: >> On Dec 19, 2008, at 6:27 PM, Fabio Mancinelli wrote: >> >>> Vincent Massol wrote: >>> >>>> Does this mean I cannot open my browser and call the REST URL >>>> without >>>> specifying a user? >>>> >>> It should open up the authentication dialog where you type your >>> username >>> and password (or guest) the first time you request a resource. >> >> Is that right? It sounds cumbersome and bad for easy automation when >> you want guest access. >> >> Cannot we default to guest when no username/account is specified? >> > > Well, when a resource is requested for the first time (i.e., a request > with no auth headers) either the server assume that is a guest or it > sends back a challenge (e.g., auth basic) in order to request an auth > header. > > It's this challenge that makes the browser open the popup. So if we > want > to be able to authenticate users that types URIs in a browser we > need to > make this popup open. AFAIK this is the only way for making the > browser > send an auth header. Otherwise a user that types URIs in a plain > browser > will always results as "guest". > > For automation I don't really see the problem. If we are going to > write > a script or another automated agent, for example using curl, we can > always stick an auth header starting from the first request and no > challenge will be generated: the server will provide the requested > resource (provided that the credentials in the auth header are > correct)
I have the feeling that REST services that I have used in the past don't do this. For ex I can open a browser and type: http://repository.sonatype.org/service/local/repositories And it just gives me the answer without having to type anything. See the Authentication section of https://docs.sonatype.com/display/Nx/Nexus+Rest+API I really prefer it this way. We need to make it extra easy to query IMO (for open wikis). Thanks -Vincent _______________________________________________ devs mailing list [email protected] http://lists.xwiki.org/mailman/listinfo/devs
