Changes for page HTTP login service backend-requests API

Summary

• Page properties (1 modified, 0 added, 0 removed)
• Objects (1 modified, 0 added, 0 removed)
  • Confluence.Code.ConfluencePageClass[0]

Details

Page properties

Content

...	...	@@ -1,6 +1,6 @@
1	1	=== {{id name="HTTPloginservicebackend-requestsAPI-Motivation"/}}Motivation ===
2	2
3		-The http-util [[HttpLoginService>>url:http://svn.clazzes.org/svn/util/tags/http-util-1.1.0/src/main/java/org/clazzes/util/http/sec/HttpLoginService.java]] interface provides a means for registering various login mechanism to be uset by teh gwt-sec library and other using OSGi/GWT.
	3	+The http-util [[HttpLoginService>>url:http://svn.clazzes.org/svn/util/tags/http-util-1.1.0/src/main/java/org/clazzes/util/http/sec/HttpLoginService.java||shape="rect"]] interface provides a means for registering various login mechanism to be uset by teh gwt-sec library and other using OSGi/GWT.
4	4
5	5	There are implementations of HttpLoginService, which use LDAP (gwt-ladp-login-service) or JAAS (gwt-jaas-login-service) for authentication.
6	6
...	...	@@ -11,7 +11,6 @@
11	11	A request to an authentication URL is a HTTPS POST request
12	12
13	13	{{code}}
14		-
15	15	POST /my/authentication/service HTTP/1.1
16	16	Host: auth.my.domain
17	17	Content-Type: application/x-www-form-urlencoded
...	...	@@ -20,7 +20,7 @@
20	20
21	21	{{/code}}
22	22
23		-The user and password fields must not be tranferred as GET variables and the use of plain HTTP is strongly discouraged, an authentication service should always use HTTPS.
	22	+The user and password fields *must* not be tranferred as GET variables and the use of plain HTTP is strongly discouraged, an authentication service should always use HTTPS.
24	24
25	25	=== {{id name="HTTPloginservicebackend-requestsAPI-AuthenticationResponse"/}}Authentication Response ===
26	26
...	...	@@ -27,7 +27,6 @@
27	27	An authentication must respond to an authentication request with an HTTP response with
28	28
29	29	{{code}}
30		-
31	31	Content-Type: text/plain; charset=utf-8
32	32
33	33	{{/code}}
...	...	@@ -35,16 +35,12 @@
35	35	and on of the following status codes:
36	36
37	37	{{code}}
38		-
39	39	200 OK - successful authentication
40		-401 Unauthorized - if no user and passwd fields are given in the POST data.
41		-403 Forbidden - if the user name or the password is wrong.
	37	+403 Forbidden - if the user name or the password is wrong or no user and passwd field ist given.
42	42	406 Not Acceptable - The status, which will be returned after to many unsuccessful authentications.
43	43
44	44	{{/code}}
45	45
46		-{{color value="#000000"}}
47		-The body of the response \*must\* no contain more than 1024 bytes and should contain a short, information text message encoded in UTF-8. The text message will be logged by the gwt-http-login-service bundle and will not be displayed to the user.
48		-{{/color}}
	42	+(% style="color: rgb(0,0,0);" %)The body of the response *must* no contain more than 1024 bytes and should contain a short, information text message encoded in UTF-8. The text message will be logged by the gwt-http-login-service bundle and will not be displayed to the user.
49	49
50		-\\
	44	+(% style="color: rgb(0,0,0);" %) (%%)The server may enforce the use of HTTP basic authentication in order to keep offending servers away from dictionary attacks.

Confluence.Code.ConfluencePageClass[0]

Id

...	...	@@ -1,1 +1,1 @@
1		-688266
	1	+688337

URL

...	...	@@ -1,1 +1,1 @@
1		-https://clazzes.atlassian.net/wiki/spaces/GWTBASICS/pages/688266/HTTP authentication requests
	1	+https://clazzes.atlassian.net/wiki/spaces/GWTBASICS/pages/688337/HTTP authentication requests