[Architecture] IS and HTTP Basic Auth
Srinath Perera
srinath at wso2.com
Thu Sep 3 22:11:44 EDT 2009
> Doesn't the registry support basic auth (its trivial really to support it)?
> Otherwise getting at a protected resource doesn't work?
I was talking to Prabath yesterday, and I think we do not support it
(If we have Servelt filters support it is trivial to support it IMO).
I think our IS support user name tokens in WS-Secuirty, hence if the
client is using SOAP, it is fine. But if the client is HTTP, we have a
problem. AFAIK, only way to do this with HTTP Clients is to login
using HTML from, and then resending the session ID (cookie) with new
requests, in which case IS autenticates.
Please correct me if I am wrong.
Thanks
Srinath
> Sanjiva.
>
> On Thu, Sep 3, 2009 at 6:47 PM, Srinath Perera <srinath at wso2.com> wrote:
>>
>> Hi All;
>>
>> AFAIK, IS (hence carbon UI) do not support logging based on HTTP basic
>> authentication. Coupled with https, basic authentication is secure
>> enough and provide a good alternative to form based logging. Also it
>> will solve the following scenario.
>>
>> Say I am running Solr (or any other Servlet with in registry/carbon).
>> AFAIK, there is no way that Servelt can be accessed from outside the
>> carbon as users have to first log in to carbon via a Web Form inorder
>> to access the servlet, and otherwise carbon shows a logging page. This
>> is OK when the servelt is used by humans; however, breaks when client
>> is a programme. If we support HTTP basic authentication, we can cover
>> that scenario as well.
>>
>> WDYT? is there a more fundamental reason we do not support Basic Auth?
>>
>> Thanks
>> Srinath
>>
>>
>> --
>> ============================
>> Srinath Perera, Ph.D.
>> WSO2 Inc. http://wso2.com
>> Blog: http://srinathsview.blogspot.com/
>>
>> _______________________________________________
>> Architecture mailing list
>> Architecture at wso2.org
>> https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture
>
>
>
> --
> Sanjiva Weerawarana, Ph.D.
> Founder, Chairman & CEO; WSO2, Inc.; http://wso2.com/
> email: sanjiva at wso2.com; cell: +1 650 265 8311 | +94 77 787 6880
> blog: http://sanjiva.weerawarana.org/
>
> The Open Source SOA Company
>
--
============================
Srinath Perera, Ph.D.
WSO2 Inc. http://wso2.com
Blog: http://srinathsview.blogspot.com/
More information about the Architecture
mailing list