roller-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Henning Brune <henning.br...@googlemail.com>
Subject Re: Roller + CAS + MetaWeblog API
Date Mon, 23 Mar 2009 15:21:29 GMT
Hello rollers,

just to close this and give a feedback, if someone else needs it:

We are now using Rollers MetaWeblog API and enforce SSL on our users.
The archive this we made the following steps:

* Our Tomcat servers work behind apache servers which do the SSL
stuff. We configured the apacher servers to enforce SSL requests going
to '/<blogbase>/roller-services/xmlrpc'

* In the roller webapp we changed file
'WEB-INF/velocity/templates/weblog/rsd.vm' to make it offer SSL links.
This is hard coded and not using on roller properties.

* We tested access with Microsoft Live Writer which works fine.

-Henning

On Fri, Mar 13, 2009 at 10:53 PM, Henning Brune
<henning.brune@googlemail.com> wrote:
> Hello Dave,
>
> thank you for your help.
>
>> I believe the Sun (blogs.sun.com) folks made a change so that the
>> password stored in Roller is known as the "weblog client password" --
>> which is not a bad idea. After all, do you really want folks passing
>> their real CAS password around via XML-RPC? But they never contributed
>> this back to Roller.
>
> does this mean you would suggest not to use MetaWeblog/XML-RPC at all?
> But what else can I offer our users now?
>
> Our blog server already enforces SSL for the protected areas so it is
> possible to make the MetaWeblog/XML-RPC communication secure. The only
> thing I would have to fix are the non-SSL links offered by the
> autodiscovery rsd file.
>
> -Henning
>



-- 
Dipl.-Inform. Henning Brune

http://ekvv.uni-bielefeld.de/pers_publ/publ/PersonDetail.jsp?personId=10185

Universit├Ąt Bielefeld
Projekt BIS
Postfach 10 01 31
D-33501 Bielefeld

Die neue Homepage des BIS Projektes:
http://www.uni-bielefeld.de/bis/

Mime
View raw message