Hi Girish, I have gone through the implementation and tested it on API client with HTTP bearer token authentication and worked for me for both auth= true/false (bypass authorization).
Kind Regards, Chandan Khandelwal On Sat, Sep 26, 2020 at 2:35 PM Girish Vasmatkar < [email protected]> wrote: > Hello Hans > > With the latest commi1361c3c > < > https://github.com/apache/ofbiz-plugins/commit/1361c3cdaf7d6756cc9abdc6c37450ef3d46f921 > > > on > trunk, the system now honours the "auth" attribute defined on service and > accordingly bypasses authorization for such services. > > Best, > Girish > > > On Thu, Sep 10, 2020 at 5:46 PM Hans Bakker <[email protected]> > wrote: > > > Thank you Girish, > > > > look forward to your updates of this excellent and much needed addition > to > > OFBiz. > > > > Regars > > > > Hans > > www.antwebsystems.com > > On 9/10/20 3:27 PM, Girish Vasmatkar wrote: > > > > Thanks Hans, I will plan to include this change for the exportable > > services as well. > > > > There is also OFBIZ-11995, where more RESTFul resources can be declared > > (development is undergoing) and bound to services where I had planned to > > include declarative authentication. > > > > Best Regards, > > Girish Vasmatkar > > HotWax Systems > > > > > > > > > > On Thu, Sep 10, 2020 at 12:08 PM Hans Bakker <[email protected] > > > > wrote: > > > >> Hi Girish, > >> > >> how about ecommerce? you want to show the products without logging in, > >> actually all information on the ecommerce frontend? > >> > >> so yes, really required..... > >> > >> regards, > >> > >> Hans > >> > >> > >> On 9/10/20 12:37 PM, Girish Vasmatkar wrote: > >> > Every REST endpoint, as it is implemented now, is secured by default. > I > >> had > >> > not thought of a scenario where internal OFBiz services will need to > be > >> > invoked without authentication (externally) > >> > > >> > Yes, the services themselves can be specified to NOT require auth but > I > >> had > >> > always thought that was applicable within internal execution. I may be > >> > wrong here, so please correct me. > >> > > >> > auth and login-required are not taken into account yet, but can > >> certainly > >> > be, if some exportable services should be exposed as public APIs. > >> > > >> > Best Regards, > >> > Girish Vasmatkar > >> > HotWax Systems > >> > > >> > > >> > > >> > On Thu, Sep 10, 2020 at 5:55 AM Hans Bakker < > [email protected] > >> > > >> > wrote: > >> > > >> >> Hi, Girish, > >> >> > >> >> thanks again for your last reply it defenity helped, however i have > >> >> another question. > >> >> > >> >> I need to access certain services publicly without a token. > >> >> > >> >> I have put auth="false" on the service definition and > >> >> login-required="false" on the simple-method implementation > >> >> > >> >> still i get a 401 response. > >> >> > >> >> any suggestions? > >> >> > >> >> Regards, > >> >> > >> >> Hans > >> >> > >> >> > >> > > >
