You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@manifoldcf.apache.org by "Karl Wright (JIRA)" <ji...@apache.org> on 2012/09/05 15:37:08 UTC

[jira] [Comment Edited] (CONNECTORS-518) Support for API authorization and security tokens

    [ https://issues.apache.org/jira/browse/CONNECTORS-518?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13448722#comment-13448722 ] 

Karl Wright edited comment on CONNECTORS-518 at 9/6/12 12:37 AM:
-----------------------------------------------------------------

Hi Maciej,

The Web Connector avoids this problem by keeping its session cookies in a database table.  You could use the same approach for the wiki connector, if you need session management, so I'd definitely have a look at that code.  The alternative is a global in-memory structure, as you have currently implemented, but you have to be careful that there is no possibility of cross-pollution of session cookies between different connections, and I am not sure there is a good mechanism in HttpClient to achieve that.  So you may want to create and maintain your own in-memory global object that has the right characteristics for session management within ManifoldCF.

You will obviously also need to handle the case of session expiration properly, when a content fetch fails because a login session has expired, and relogin is necessary.
                
      was (Author: kwright@metacarta.com):
    Hi Maciej,

The Web Connector avoids this problem by keeping its session cookies in a database table.  You could use the same approach for the wiki connector, if you need session management, so I'd definitely have a look at that code.  The alternative is a global in-memory structure, as you have currently implemented, but you have to be careful that there is no possibility of cross-pollution of session cookies between different connections, and I am not sure there is a good mechanism in HttpClient to achieve that.

You will obviously also need to handle the case of session expiration properly, when a content fetch fails because a login session has expired, and relogin is necessary.
                  
> Support for API authorization and security tokens
> -------------------------------------------------
>
>                 Key: CONNECTORS-518
>                 URL: https://issues.apache.org/jira/browse/CONNECTORS-518
>             Project: ManifoldCF
>          Issue Type: Bug
>          Components: Wiki connector
>    Affects Versions: ManifoldCF 0.6
>            Reporter: Maciej Lizewski
>            Assignee: Karl Wright
>             Fix For: ManifoldCF next
>
>
> Wiki connector does not support API with restricted access (there is "login" method in API: https://www.mediawiki.org/wiki/API:Login)
> There is no "security" tab for forced authorization tokens or any other security implemented. There should be at least forced tokens tab or tokens assigned to wiki namespaces (second would be better)

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira