Uploaded image for project: 'XWiki Platform'
  1. XWiki Platform
  2. XWIKI-18532

The authentication process of the REST module is quite a mess

    XMLWordPrintable

    Details

    • Type: Bug
    • Status: Closed
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: 3.2 M1
    • Fix Version/s: 13.4-rc-1
    • Component/s: REST
    • Labels:
      None
    • Difficulty:
      Unknown
    • Documentation:
      N/A
    • Similar issues:

      Description

      • there is a first authentication done by org.xwiki.wysiwyg.filter.XWikiContextInitializationFilter
      • then org.xwiki.rest.internal.XWikiAuthentication reset the context user and redo the authentication
      • then if we are not authenticated org.xwiki.rest.internal.XWikiSecretVerifier

      Among other things it means it's not great for performances but worst if you use the wrong credential you end up blocking yourself (3 bad credentials).

        Attachments

          Activity

            People

            Assignee:
            tmortagne Thomas Mortagne
            Reporter:
            tmortagne Thomas Mortagne
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

              Dates

              Created:
              Updated:
              Resolved:
              Date of First Response: