Hello Hans

With the latest commi1361c3c
<https://github.com/apache/ofbiz-plugins/commit/1361c3cdaf7d6756cc9abdc6c37450ef3d46f921>
on
trunk, the system now honours the "auth" attribute defined on service and
accordingly bypasses authorization for such services.

Best,
Girish


On Thu, Sep 10, 2020 at 5:46 PM Hans Bakker <h.bak...@antwebsystems.com>
wrote:

> Thank you Girish,
>
> look forward to your updates of this excellent and much needed addition to
> OFBiz.
>
> Regars
>
> Hans
> www.antwebsystems.com
> On 9/10/20 3:27 PM, Girish Vasmatkar wrote:
>
> Thanks Hans, I will plan to include this change for the exportable
> services as well.
>
> There is also OFBIZ-11995, where more RESTFul resources can be declared
> (development is undergoing) and bound to services where I had planned to
> include declarative authentication.
>
> Best Regards,
> Girish Vasmatkar
> HotWax Systems
>
>
>
>
> On Thu, Sep 10, 2020 at 12:08 PM Hans Bakker <h.bak...@antwebsystems.com>
> wrote:
>
>> Hi Girish,
>>
>> how about ecommerce? you want to show the products without logging in,
>> actually all information on the ecommerce frontend?
>>
>> so yes, really required.....
>>
>> regards,
>>
>> Hans
>>
>>
>> On 9/10/20 12:37 PM, Girish Vasmatkar wrote:
>> > Every REST endpoint, as it is implemented now, is secured by default. I
>> had
>> > not thought of a scenario where internal OFBiz services will need to be
>> > invoked without authentication (externally)
>> >
>> > Yes, the services themselves can be specified to NOT require auth but I
>> had
>> > always thought that was applicable within internal execution. I may be
>> > wrong here, so please correct me.
>> >
>> > auth and login-required are not taken into account yet, but can
>> certainly
>> > be, if some exportable services should be exposed as public APIs.
>> >
>> > Best Regards,
>> > Girish Vasmatkar
>> > HotWax Systems
>> >
>> >
>> >
>> > On Thu, Sep 10, 2020 at 5:55 AM Hans Bakker <h.bak...@antwebsystems.com
>> >
>> > wrote:
>> >
>> >> Hi, Girish,
>> >>
>> >> thanks again for your last reply it defenity helped, however i have
>> >> another question.
>> >>
>> >> I need to access certain services publicly without a token.
>> >>
>> >> I have put auth="false" on the service definition and
>> >> login-required="false" on the simple-method implementation
>> >>
>> >> still i get a 401 response.
>> >>
>> >> any suggestions?
>> >>
>> >> Regards,
>> >>
>> >> Hans
>> >>
>> >>
>>
>

Reply via email to