dhis2-devs team mailing list archive
-
dhis2-devs team
-
Mailing list archive
-
Message #25577
[Branch ~dhis2-documenters/dhis2/dhis2-docbook-docs] Rev 840: Minor
------------------------------------------------------------
revno: 840
committer: Lars Helge Øverland <larshelge@xxxxxxxxx>
branch nick: dhis2-docbook-docs
timestamp: Wed 2013-10-16 15:45:28 +0200
message:
Minor
modified:
src/docbkx/en/dhis2_user_man_web_api.xml
--
lp:~dhis2-documenters/dhis2/dhis2-docbook-docs
https://code.launchpad.net/~dhis2-documenters/dhis2/dhis2-docbook-docs
Your team DHIS 2 developers is subscribed to branch lp:~dhis2-documenters/dhis2/dhis2-docbook-docs.
To unsubscribe from this branch go to https://code.launchpad.net/~dhis2-documenters/dhis2/dhis2-docbook-docs/+edit-subscription
=== modified file 'src/docbkx/en/dhis2_user_man_web_api.xml'
--- src/docbkx/en/dhis2_user_man_web_api.xml 2013-10-14 14:46:38 +0000
+++ src/docbkx/en/dhis2_user_man_web_api.xml 2013-10-16 13:45:28 +0000
@@ -26,10 +26,13 @@
<title>Authentication</title>
<para>In order to interoperate with the Web API you will have to authenticate using <emphasis role="italic">Basic authentication</emphasis>. Basic authentication is a technique for clients to send login credentials over HTTP to a web server. Technically speaking, the username is appended with a colon and the password, Base64-encoded, prefixed Basic and supplied as the value of the <emphasis role="italic">Authorization</emphasis> HTTP header. More formally that is<code> Authorization: Basic base64encode(username:password)</code> An important note is that this authentication scheme provides no security since the username and password is sent in plain text and can be easily decoded. Using it is recommended only if the server is using SSL/TLS (HTTPS) to encrypt communication between itself and the client. Most DHIS 2 deployments typically use SSL today - consider it a hard requirement to provide secure interactions with the Web API.</para>
<para>If you are building a form-based web application and want to authenticate using a web form
- you can have the form send a POST request to the login endpoint in DHIS which is <emphasis role="italic">/dhis-web-commons-security/login.action</emphasis> . Two request parameters,
- <emphasis role="italic">j_username</emphasis> and <emphasis role="italic">j_password</emphasis>, containing the username and password in clear-text respectively, are
+ you can have the form send a POST request to the login endpoint in DHIS which is <emphasis
+ role="italic">/dhis-web-commons-security/login.action?authOnly=true</emphasis> . Two request
+ parameters, <emphasis role="italic">j_username</emphasis> and <emphasis role="italic"
+ >j_password</emphasis>, containing the username and password in clear-text respectively, are
expected. The browser will then receive a cookie which will be used for authentication for
- subsequent requests.</para>
+ subsequent requests. The purpose of the <emphasis role="italic">authOnly</emphasis> parameter
+ is to avoid a time-consuming redirect to the home page of the user.</para>
<para>You can verify and get information about the currently authenticated user by making a GET
request to the following URL:</para>
<screen>/api/currentUser</screen>