[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Bug-wget] Sprint Security non-challenge use case
From: |
Tim Pizey |
Subject: |
[Bug-wget] Sprint Security non-challenge use case |
Date: |
Thu, 1 Jul 2010 13:23:20 +0100 |
Hi Micah and list,
Thanks for a great utility, whose size and complexity I am only just
beginning to appreciate.
I have just been tripped up by the newish (post 1.10.2 ) behaviour of
wget, that it relies upon a challenge prior to supplying
authentication headers.
I have written up the problem at
http://tim-pizey.blogspot.com/2010/07/using-both-http-basic-and-session-based.html
To paraphrase: I think the old behaviour was more intuitive: if user
supplies username and password pass them on to server.
The Spring Security auto-config (ie their default) is to respect
http-basic authentication if it is supplied but to redirect the 'user'
to a forms based login if it is not supplied, ie not to issue a
challenge.
So I suggest that at the least the manpage wording is changed, if not
the behaviour reverted.
yours
Tim
--
Tim Pizey
Centre for Genomics and Global Health <http://cggh.org>
- [Bug-wget] Sprint Security non-challenge use case,
Tim Pizey <=