Uploaded image for project: 'Magnolia RSS Aggregator Module'
  1. Magnolia RSS Aggregator Module
  2. MGNLRSSAGG-31

Protected feeds should be protected via Basic authentication

    XMLWordPrintable

Details

    • Bug
    • Resolution: Won't Do
    • Major
    • 2.2.x
    • 1.1
    • None
    • None
    • Safari 4, Mac OSX

    Description

      ... since rss clients can't fill in the html form rendered by FormClientCallback. For instance, Safari 4 hangs when trying to retrieve feeds generated by the RSS Aggregator, and of one uses an external rss client, it will fail to register the feed with a 401, not showing a username/password box, since all it gets is indeed a 401 and the FreeMarker-rendered login page.

      This happens when authentication is needed to access the resource; on windows, it seems that this only shows up if the user previously logs out from Magnolia, while on osx, it's more obvious, as apparently the session cookie is not shared.

      If one changes the authentication callback to BasicClientCallback, then it all works as expected.

      The default uriSecurity callbacks should probably use a pattern delegating (as setup by demo-project for instance), so that other modules could insert their own configuration too. (WebDAV would be a candidate, since it currently replaces the URISecurityFilter for the same purposes)

      Checklists

        Acceptance criteria

        Attachments

          Issue Links

            Activity

              People

                Unassigned Unassigned
                had Jan Haderka
                Votes:
                1 Vote for this issue
                Watchers:
                1 Start watching this issue

                Dates

                  Created:
                  Updated:
                  Resolved:

                  Checklists

                    Bug DoR
                    Task DoD