Hello Hans With the latest commi1361c3c <https://github.com/apache/ofbiz-plugins/commit/1361c3cdaf7d6756cc9abdc6c37450ef3d46f921> on trunk, the system now honours the "auth" attribute defined on service and accordingly bypasses authorization for such services.
Best, Girish On Thu, Sep 10, 2020 at 5:46 PM Hans Bakker <h.bak...@antwebsystems.com> wrote: > Thank you Girish, > > look forward to your updates of this excellent and much needed addition to > OFBiz. > > Regars > > Hans > www.antwebsystems.com > On 9/10/20 3:27 PM, Girish Vasmatkar wrote: > > Thanks Hans, I will plan to include this change for the exportable > services as well. > > There is also OFBIZ-11995, where more RESTFul resources can be declared > (development is undergoing) and bound to services where I had planned to > include declarative authentication. > > Best Regards, > Girish Vasmatkar > HotWax Systems > > > > > On Thu, Sep 10, 2020 at 12:08 PM Hans Bakker <h.bak...@antwebsystems.com> > wrote: > >> Hi Girish, >> >> how about ecommerce? you want to show the products without logging in, >> actually all information on the ecommerce frontend? >> >> so yes, really required..... >> >> regards, >> >> Hans >> >> >> On 9/10/20 12:37 PM, Girish Vasmatkar wrote: >> > Every REST endpoint, as it is implemented now, is secured by default. I >> had >> > not thought of a scenario where internal OFBiz services will need to be >> > invoked without authentication (externally) >> > >> > Yes, the services themselves can be specified to NOT require auth but I >> had >> > always thought that was applicable within internal execution. I may be >> > wrong here, so please correct me. >> > >> > auth and login-required are not taken into account yet, but can >> certainly >> > be, if some exportable services should be exposed as public APIs. >> > >> > Best Regards, >> > Girish Vasmatkar >> > HotWax Systems >> > >> > >> > >> > On Thu, Sep 10, 2020 at 5:55 AM Hans Bakker <h.bak...@antwebsystems.com >> > >> > wrote: >> > >> >> Hi, Girish, >> >> >> >> thanks again for your last reply it defenity helped, however i have >> >> another question. >> >> >> >> I need to access certain services publicly without a token. >> >> >> >> I have put auth="false" on the service definition and >> >> login-required="false" on the simple-method implementation >> >> >> >> still i get a 401 response. >> >> >> >> any suggestions? >> >> >> >> Regards, >> >> >> >> Hans >> >> >> >> >> >