roller-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Henning Brune <>
Subject Re: Roller + CAS + MetaWeblog API
Date Mon, 23 Mar 2009 15:21:29 GMT
Hello rollers,

just to close this and give a feedback, if someone else needs it:

We are now using Rollers MetaWeblog API and enforce SSL on our users.
The archive this we made the following steps:

* Our Tomcat servers work behind apache servers which do the SSL
stuff. We configured the apacher servers to enforce SSL requests going
to '/<blogbase>/roller-services/xmlrpc'

* In the roller webapp we changed file
'WEB-INF/velocity/templates/weblog/rsd.vm' to make it offer SSL links.
This is hard coded and not using on roller properties.

* We tested access with Microsoft Live Writer which works fine.


On Fri, Mar 13, 2009 at 10:53 PM, Henning Brune
<> wrote:
> Hello Dave,
> thank you for your help.
>> I believe the Sun ( folks made a change so that the
>> password stored in Roller is known as the "weblog client password" --
>> which is not a bad idea. After all, do you really want folks passing
>> their real CAS password around via XML-RPC? But they never contributed
>> this back to Roller.
> does this mean you would suggest not to use MetaWeblog/XML-RPC at all?
> But what else can I offer our users now?
> Our blog server already enforces SSL for the protected areas so it is
> possible to make the MetaWeblog/XML-RPC communication secure. The only
> thing I would have to fix are the non-SSL links offered by the
> autodiscovery rsd file.
> -Henning

Dipl.-Inform. Henning Brune

Universit├Ąt Bielefeld
Projekt BIS
Postfach 10 01 31
D-33501 Bielefeld

Die neue Homepage des BIS Projektes:

View raw message