Unsecured RSS Feeds
Hey folks!
We have some people internally who really want to use Outlook to see all work item changes.
I don't think email notifications will work because:
1) I don't think there's a way to automagically subscribe them to all work items (and all new work items) and
2) I don't think there's an email notification setting for "all work items regardless of my relationship with them"
So I figured the easiest way would be to simply subscribe them to an RSS feed of work item changes.
Here I ran into the problem of Outlook not being able to handling authenticated feeds. I found a Jazz technote (http://jazz.net/library/technote/75) by Ritchie that seems to give me 2 options:
a) Switch from Form-based to Basic auth or
b) Unsecure just the RSS URLs
I don't want to try 'a' because we are stuck with Tomcat for the time being and Basic auth would not be performant. So I want to make just the RSS feeds non-secure.
Per the technote, I first added the following security contstraint to the web.xml in the jazz web app:
<opens>
<security>
<web>
<web>unsecure_feeds</web>
<url>/events/*</url>
</web>
</security>
I then restarted Jazz (making sure that the web.xml change was not overwritten for any reason) and tried the following URL:
http://build:9080/jazz/events?itemType=WorkItem
However, this does not work - I am still redirected to the Form auth page and required to login.
So my question is, is this approach still valid in 2.0? And if so, what am I missing?
Thanks!
Jason
We have some people internally who really want to use Outlook to see all work item changes.
I don't think email notifications will work because:
1) I don't think there's a way to automagically subscribe them to all work items (and all new work items) and
2) I don't think there's an email notification setting for "all work items regardless of my relationship with them"
So I figured the easiest way would be to simply subscribe them to an RSS feed of work item changes.
Here I ran into the problem of Outlook not being able to handling authenticated feeds. I found a Jazz technote (http://jazz.net/library/technote/75) by Ritchie that seems to give me 2 options:
a) Switch from Form-based to Basic auth or
b) Unsecure just the RSS URLs
I don't want to try 'a' because we are stuck with Tomcat for the time being and Basic auth would not be performant. So I want to make just the RSS feeds non-secure.
Per the technote, I first added the following security contstraint to the web.xml in the jazz web app:
<opens>
<security>
<web>
<web>unsecure_feeds</web>
<url>/events/*</url>
</web>
</security>
I then restarted Jazz (making sure that the web.xml change was not overwritten for any reason) and tried the following URL:
http://build:9080/jazz/events?itemType=WorkItem
However, this does not work - I am still redirected to the Form auth page and required to login.
So my question is, is this approach still valid in 2.0? And if so, what am I missing?
Thanks!
Jason
Accepted answer
12 other answers
ryanman wrote:
Right. Sorry, I can not help further as I am not an expert configuring
Tomcat. I suggest talking to someone from Repo or even Curtis himself
that seems to have more knowledge in this area. I don't think this is
something special for RTC but plain Tomcat configuration.
--
Benjamin Pasero
Work Item & UI Commons Team
At this point my unanswered question is:
In what tomcat file do I put these proxypass settings?
We are using plain tomcat (the default server.zip).
No apache.
No ldap.
Thanks
Right. Sorry, I can not help further as I am not an expert configuring
Tomcat. I suggest talking to someone from Repo or even Curtis himself
that seems to have more knowledge in this area. I don't think this is
something special for RTC but plain Tomcat configuration.
--
Benjamin Pasero
Work Item & UI Commons Team
page 2of 1 pagesof 2 pages