dhis2-devs team mailing list archive

Thread
Date

[Branch ~dhis2-documenters/dhis2/dhis2-docbook-docs] Rev 731: Update on authentication

To: DHIS 2 developers <dhis2-devs@xxxxxxxxxxxxxxxxxxx>
From: noreply@xxxxxxxxxxxxx
Date: Wed, 24 Apr 2013 13:02:13 -0000
Reply-to: noreply@xxxxxxxxxxxxx
Sender: bounces@xxxxxxxxxxxxx

------------------------------------------------------------
revno: 731
committer: Lars Helge Øverland <larshelge@xxxxxxxxx>
branch nick: dhis2-docbook-docs
timestamp: Wed 2013-04-24 15:01:26 +0200
message:
  Update on authentication
modified:
  src/docbkx/en/dhis2_user_man_web_api.xml


--
lp:~dhis2-documenters/dhis2/dhis2-docbook-docs
https://code.launchpad.net/~dhis2-documenters/dhis2/dhis2-docbook-docs

Your team DHIS 2 developers is subscribed to branch lp:~dhis2-documenters/dhis2/dhis2-docbook-docs.
To unsubscribe from this branch go to https://code.launchpad.net/~dhis2-documenters/dhis2/dhis2-docbook-docs/+edit-subscription

=== modified file 'src/docbkx/en/dhis2_user_man_web_api.xml'
--- src/docbkx/en/dhis2_user_man_web_api.xml	2013-04-23 12:01:27 +0000
+++ src/docbkx/en/dhis2_user_man_web_api.xml	2013-04-24 13:01:26 +0000
@@ -25,6 +25,16 @@
   <section>
     <title>Authentication</title>
     <para>In order to interoperate with the Web API you will have to authenticate using <emphasis role="italic">Basic authentication</emphasis>. Basic authentication is a technique for clients to send login credentials over HTTP to a web server. Technically speaking, the username is appended with a colon and the password, Base64-encoded, prefixed Basic  and   supplied as the value of the <emphasis role="italic">Authorization</emphasis> HTTP header. More formally that is<code> Authorization: Basic base64encode(username:password)</code> An important note is that this authentication scheme provides no security since the username and password is sent in plain text and can be easily decoded. Using it is  recommended only if the server is using SSL/TLS (HTTPS) to encrypt communication between itself and the client. Most DHIS 2 deployments typically use SSL today - consider it a hard requirement to provide secure interactions with the Web API.</para>
+    <para>If you are building a form-based web application and want to authenticate using a web form
+      you can have the form send a POST request to the login endpoint in DHIS which is <emphasis
+        role="italic">/dhis-web-commons-security/login.action</emphasis> . Two request parameters,
+        <emphasis role="italic">j_username</emphasis> and <emphasis role="italic"
+        >j_password</emphasis>, containing the username and password in clear-text respectively, are
+      expected. The browser will then receive a cookie which will be used for authentication for
+      subsequent request.</para>
+    <para>After authenticating you can verify and get information about the currently autenticated
+      user by making a GET request to the following URL:</para>
+    <screen>/api/currentUser</screen>
   </section>
   <section>
     <title>Date and period format</title>