This repository has been archived by the owner on Oct 27, 2020. It is now read-only.
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
REPO-2575: allow sending 'AlfTicket' scheme in WWW-Authenticate header
"401 response with www-authenticate header causes browser native login prompt to be shown." By sending: WWW-Authenticate: AlfTicket realm="..." We can avoid making the browser pop up a Basic auth dialogue box. This is particularly useful for apps built for the browser that talk directly to the Alfresco public APIs at the backend. To use this feature, set alfresco.restApi.basicAuthScheme=false
- Loading branch information
Matt Ward
committed
Oct 9, 2017
1 parent
1742e74
commit dfb270a
Showing
4 changed files
with
109 additions
and
26 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,24 @@ | ||
################################################################################ | ||
# Remote API property defaults | ||
# 9th October 2017 | ||
################################################################################ | ||
|
||
|
||
# Whether to send a "basic auth" challenge along with a 401 response (not authorized) | ||
# | ||
# If set to true, then a header will be sent similar to: | ||
# | ||
# WWW-Authenticate: Basic realm="..." | ||
# | ||
# If set to false, then a header will be sent with an AlfTicket challenge: | ||
# | ||
# WWW-Authenticate: AlfTicket realm="..." | ||
# | ||
# This latter case is particularly useful when building a web-browser based client | ||
# that communicates directly with the Alfresco Public API - using the AlfTicket | ||
# challenge allows the client to completely control the login behaviour, whereas | ||
# allowing a Basic auth challenge to be sent results in the Basic Authentication | ||
# browser dialogue being popped-up without the client app being involved. | ||
# | ||
# See issue REPO-2575 for details. | ||
alfresco.restApi.basicAuthScheme=true |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters