Vincent Massol wrote: > For ex I can open a browser and type: > http://repository.sonatype.org/service/local/repositories > > And it just gives me the answer without having to type anything. > Because resources are not restricted and they can be browsed as "guest".
> See the Authentication section of > https://docs.sonatype.com/display/Nx/Nexus+Rest+API > > I really prefer it this way. We need to make it extra easy to query > IMO (for open wikis). > Even there they state that "A user may be authenticated by providing their credentials to /authentication/login OR to any restricted resource in the form of HTTP Basic formatted data in the Authorization HTTP header of the request. The response will include the authToken as a value in the data response to the request." Now since in our case, imho, every resource can be considered "restricted" (starting from the space list, because its representation depends on the actual user requesting it) this boils down to what I was saying. But the link you provided contains an interesting alternative! (To be verified) We could provide a /authentication resource which provides a challenge for plain browser users. So basically if the user requests a resource, it will always be served as if he were guest. In order to access to the "restricted" representation it must before visit the /authentication and provide credentials (through the popup). Then he could visit other resources that will be server by taking into account the auth header that the browser (hopefully) sends. The only concern is whether the browser, after the authentication, sends at each subsequent request to the site the auth header. Of course here I am speaking only about an interaction with a plain browser. Anyway this is an important aspect that must be discusses in depth. Others, WDYT? -Fabio _______________________________________________ devs mailing list [email protected] http://lists.xwiki.org/mailman/listinfo/devs
