Eduard Moraru wrote: > We should provide a standard way accessible both to a browser and a > command-line tool like curl. > > WDYT?
I agree. I have to catch up today's discussion but I think it's worth that I detail what I have implemented yesterday: --- With Firefox: * http://localhost:8080/xwiki/rest/spaces (gets all spaces as guest) * http://localhost:8080/xwiki/rest/browser_authentication (sends a challenge that makes the browser pop up the username password dialog) Type Admin, admin and from now on we are recognized as admin (Firefox starts to send Authorization headers in subsequent requests) * http://localhost:8080/xwiki/rest/spaces (gets all spaces as Admin) Logout by clearing your private data and authenticated session (or restarting Firefox) * http://localhost:8080/xwiki/rest/spaces (gets all spaces as guest) --- With curl: $ curl http://localhost:8080/xwiki/rest/spaces (gets all spaces as guest) $ curl -u Admin:amdin http://localhost:8080/xwiki/rest/spaces (gets all spaces as Admin) Isn't it an acceptable implementation (modulo security via HTTPS, etc.)? Logout is not really necessary. Each request bears the Authorization header if the user wants to be recognized (i.e., it like a login at each request, consistent with the REST stateless constraint) -Fabio _______________________________________________ devs mailing list [email protected] http://lists.xwiki.org/mailman/listinfo/devs
