Thanks for help - comments below .. I'll go with two logins, for now.
/N
== Nils,
I would caution against this since the password can appear plaintext in the address bar, error pages, and history. Also depending on the server's logging settings, it could get put in a server log. The extra login is annoying, but I'm not sure it's worth the risk. One approach you might consider is to use OAuth. As part of the OAuth flow, you show a browser window for the user to login. This OAuth login actually establishes a session with RTC, so I don't think the user will have to login again when you show the preview.
[Nils] Hmm - I can authenticate using the Lyo OslcOAuthClient but not sure what to reuse from that authentication when opening the org.eclipse.swt.browser.Browser.. It has a setUrl method for setting the url, post data (i.e. encoded in url) and headers, and also a setCookies method.
Since the session is https, the password is not in the clear over the wire. But, unless your are taking extra steps, it is in the clear in memory. Open a bug if there are any OSLC4J messages displaying plaintext passwords, though - that would be bad. [Nils] No OSLC4J messages - the one I get is from Chrome.
_______________________________________________ lyo-dev mailing list lyo-dev@xxxxxxxxxxx http://dev.eclipse.org/mailman/listinfo/lyo-dev
|