Re: public rest API

2020-09-26 Thread Hans Bakker 

Hi Girish,

i did a quit check using flutter test this morning and it looks like it 
is working fine.


for people interested in using flutter(http://flutter.dev) with ofbiz:
    the test: 
https://github.com/growerp/growerp/blob/master/test/services/ofbiz_testManual.dart
    if you want to run you need to install the growerp plugin into 
ofbiz: https://github.com/growerp/growerp-ofbiz


Thank you Girish for this enhancement and keep up the good work!

Regards,

Hans Bakker
http://www.antwebsystems.com

On 9/26/20 4:05 PM, Girish Vasmatkar wrote:

Hello Hans

With the latest commi1361c3c 
 on 
trunk, the system now honours the "auth" attribute defined on service 
and accordingly bypasses authorization for such services.


Best,
Girish


On Thu, Sep 10, 2020 at 5:46 PM Hans Bakker 
mailto:h.bak...@antwebsystems.com>> wrote:


Thank you Girish,

look forward to your updates of this excellent and much needed
addition to OFBiz.

Regars

Hans
www.antwebsystems.com 

On 9/10/20 3:27 PM, Girish Vasmatkar wrote:

Thanks Hans, I will plan to include this change for the
exportable services as well.

There is also OFBIZ-11995, where more RESTFul resources can be
declared (development is undergoing) and bound to services where
I had planned to include declarative authentication.
*
*
Best Regards,
Girish Vasmatkar
HotWax Systems




On Thu, Sep 10, 2020 at 12:08 PM Hans Bakker
mailto:h.bak...@antwebsystems.com>>
wrote:

Hi Girish,

how about ecommerce? you want to show the products without
logging in,
actually all information on the ecommerce frontend?

so yes, really required.

regards,

Hans


On 9/10/20 12:37 PM, Girish Vasmatkar wrote:
> Every REST endpoint, as it is implemented now, is secured
by default. I had
> not thought of a scenario where internal OFBiz services
will need to be
> invoked without authentication (externally)
>
> Yes, the services themselves can be specified to NOT
require auth but I had
> always thought that was applicable within internal
execution. I may be
> wrong here, so please correct me.
>
> auth and login-required are not taken into account yet, but
can certainly
> be, if some exportable services should be exposed as public
APIs.
>
> Best Regards,
> Girish Vasmatkar
> HotWax Systems
>
>
>
> On Thu, Sep 10, 2020 at 5:55 AM Hans Bakker
mailto:h.bak...@antwebsystems.com>>
> wrote:
>
>> Hi, Girish,
>>
>> thanks again for your last reply it defenity helped,
however i have
>> another question.
>>
>> I need to access certain services publicly without a token.
>>
>> I have put auth="false" on the service definition and
>> login-required="false" on the simple-method implementation
>>
>> still i get a 401 response.
>>
>> any suggestions?
>>
>> Regards,
>>
>> Hans
>>
>>

Re: public rest API

2020-09-26 Thread Chandan Khandelwal 
Hi Girish,

I have gone through the implementation and tested it on API client with
HTTP bearer token authentication and worked for me for both auth=
true/false (bypass authorization).

Kind Regards,
Chandan Khandelwal



On Sat, Sep 26, 2020 at 2:35 PM Girish Vasmatkar <
girish.vasmat...@hotwaxsystems.com> wrote:

> Hello Hans
>
> With the latest commi1361c3c
> <
> https://github.com/apache/ofbiz-plugins/commit/1361c3cdaf7d6756cc9abdc6c37450ef3d46f921
> >
> on
> trunk, the system now honours the "auth" attribute defined on service and
> accordingly bypasses authorization for such services.
>
> Best,
> Girish
>
>
> On Thu, Sep 10, 2020 at 5:46 PM Hans Bakker 
> wrote:
>
> > Thank you Girish,
> >
> > look forward to your updates of this excellent and much needed addition
> to
> > OFBiz.
> >
> > Regars
> >
> > Hans
> > www.antwebsystems.com
> > On 9/10/20 3:27 PM, Girish Vasmatkar wrote:
> >
> > Thanks Hans, I will plan to include this change for the exportable
> > services as well.
> >
> > There is also OFBIZ-11995, where more RESTFul resources can be declared
> > (development is undergoing) and bound to services where I had planned to
> > include declarative authentication.
> >
> > Best Regards,
> > Girish Vasmatkar
> > HotWax Systems
> >
> >
> >
> >
> > On Thu, Sep 10, 2020 at 12:08 PM Hans Bakker  >
> > wrote:
> >
> >> Hi Girish,
> >>
> >> how about ecommerce? you want to show the products without logging in,
> >> actually all information on the ecommerce frontend?
> >>
> >> so yes, really required.
> >>
> >> regards,
> >>
> >> Hans
> >>
> >>
> >> On 9/10/20 12:37 PM, Girish Vasmatkar wrote:
> >> > Every REST endpoint, as it is implemented now, is secured by default.
> I
> >> had
> >> > not thought of a scenario where internal OFBiz services will need to
> be
> >> > invoked without authentication (externally)
> >> >
> >> > Yes, the services themselves can be specified to NOT require auth but
> I
> >> had
> >> > always thought that was applicable within internal execution. I may be
> >> > wrong here, so please correct me.
> >> >
> >> > auth and login-required are not taken into account yet, but can
> >> certainly
> >> > be, if some exportable services should be exposed as public APIs.
> >> >
> >> > Best Regards,
> >> > Girish Vasmatkar
> >> > HotWax Systems
> >> >
> >> >
> >> >
> >> > On Thu, Sep 10, 2020 at 5:55 AM Hans Bakker <
> h.bak...@antwebsystems.com
> >> >
> >> > wrote:
> >> >
> >> >> Hi, Girish,
> >> >>
> >> >> thanks again for your last reply it defenity helped, however i have
> >> >> another question.
> >> >>
> >> >> I need to access certain services publicly without a token.
> >> >>
> >> >> I have put auth="false" on the service definition and
> >> >> login-required="false" on the simple-method implementation
> >> >>
> >> >> still i get a 401 response.
> >> >>
> >> >> any suggestions?
> >> >>
> >> >> Regards,
> >> >>
> >> >> Hans
> >> >>
> >> >>
> >>
> >
>

Re: public rest API

2020-09-26 Thread Girish Vasmatkar 
Hello Hans

With the latest commi1361c3c

on
trunk, the system now honours the "auth" attribute defined on service and
accordingly bypasses authorization for such services.

Best,
Girish


On Thu, Sep 10, 2020 at 5:46 PM Hans Bakker 
wrote:

> Thank you Girish,
>
> look forward to your updates of this excellent and much needed addition to
> OFBiz.
>
> Regars
>
> Hans
> www.antwebsystems.com
> On 9/10/20 3:27 PM, Girish Vasmatkar wrote:
>
> Thanks Hans, I will plan to include this change for the exportable
> services as well.
>
> There is also OFBIZ-11995, where more RESTFul resources can be declared
> (development is undergoing) and bound to services where I had planned to
> include declarative authentication.
>
> Best Regards,
> Girish Vasmatkar
> HotWax Systems
>
>
>
>
> On Thu, Sep 10, 2020 at 12:08 PM Hans Bakker 
> wrote:
>
>> Hi Girish,
>>
>> how about ecommerce? you want to show the products without logging in,
>> actually all information on the ecommerce frontend?
>>
>> so yes, really required.
>>
>> regards,
>>
>> Hans
>>
>>
>> On 9/10/20 12:37 PM, Girish Vasmatkar wrote:
>> > Every REST endpoint, as it is implemented now, is secured by default. I
>> had
>> > not thought of a scenario where internal OFBiz services will need to be
>> > invoked without authentication (externally)
>> >
>> > Yes, the services themselves can be specified to NOT require auth but I
>> had
>> > always thought that was applicable within internal execution. I may be
>> > wrong here, so please correct me.
>> >
>> > auth and login-required are not taken into account yet, but can
>> certainly
>> > be, if some exportable services should be exposed as public APIs.
>> >
>> > Best Regards,
>> > Girish Vasmatkar
>> > HotWax Systems
>> >
>> >
>> >
>> > On Thu, Sep 10, 2020 at 5:55 AM Hans Bakker > >
>> > wrote:
>> >
>> >> Hi, Girish,
>> >>
>> >> thanks again for your last reply it defenity helped, however i have
>> >> another question.
>> >>
>> >> I need to access certain services publicly without a token.
>> >>
>> >> I have put auth="false" on the service definition and
>> >> login-required="false" on the simple-method implementation
>> >>
>> >> still i get a 401 response.
>> >>
>> >> any suggestions?
>> >>
>> >> Regards,
>> >>
>> >> Hans
>> >>
>> >>
>>
>

Re: public rest API

2020-09-10 Thread Hans Bakker 

Thank you Girish,

look forward to your updates of this excellent and much needed addition 
to OFBiz.


Regars

Hans
www.antwebsystems.com

On 9/10/20 3:27 PM, Girish Vasmatkar wrote:
Thanks Hans, I will plan to include this change for the exportable 
services as well.


There is also OFBIZ-11995, where more RESTFul resources can be 
declared (development is undergoing) and bound to services where I had 
planned to include declarative authentication.

*
*
Best Regards,
Girish Vasmatkar
HotWax Systems




On Thu, Sep 10, 2020 at 12:08 PM Hans Bakker 
mailto:h.bak...@antwebsystems.com>> wrote:


Hi Girish,

how about ecommerce? you want to show the products without logging
in,
actually all information on the ecommerce frontend?

so yes, really required.

regards,

Hans


On 9/10/20 12:37 PM, Girish Vasmatkar wrote:
> Every REST endpoint, as it is implemented now, is secured by
default. I had
> not thought of a scenario where internal OFBiz services will
need to be
> invoked without authentication (externally)
>
> Yes, the services themselves can be specified to NOT require
auth but I had
> always thought that was applicable within internal execution. I
may be
> wrong here, so please correct me.
>
> auth and login-required are not taken into account yet, but can
certainly
> be, if some exportable services should be exposed as public APIs.
>
> Best Regards,
> Girish Vasmatkar
> HotWax Systems
>
>
>
> On Thu, Sep 10, 2020 at 5:55 AM Hans Bakker
mailto:h.bak...@antwebsystems.com>>
> wrote:
>
>> Hi, Girish,
>>
>> thanks again for your last reply it defenity helped, however i have
>> another question.
>>
>> I need to access certain services publicly without a token.
>>
>> I have put auth="false" on the service definition and
>> login-required="false" on the simple-method implementation
>>
>> still i get a 401 response.
>>
>> any suggestions?
>>
>> Regards,
>>
>> Hans
>>
>>

Re: public rest API

2020-09-10 Thread Girish Vasmatkar 
Thanks Hans, I will plan to include this change for the exportable services
as well.

There is also OFBIZ-11995, where more RESTFul resources can be declared
(development is undergoing) and bound to services where I had planned to
include declarative authentication.

Best Regards,
Girish Vasmatkar
HotWax Systems




On Thu, Sep 10, 2020 at 12:08 PM Hans Bakker 
wrote:

> Hi Girish,
>
> how about ecommerce? you want to show the products without logging in,
> actually all information on the ecommerce frontend?
>
> so yes, really required.
>
> regards,
>
> Hans
>
>
> On 9/10/20 12:37 PM, Girish Vasmatkar wrote:
> > Every REST endpoint, as it is implemented now, is secured by default. I
> had
> > not thought of a scenario where internal OFBiz services will need to be
> > invoked without authentication (externally)
> >
> > Yes, the services themselves can be specified to NOT require auth but I
> had
> > always thought that was applicable within internal execution. I may be
> > wrong here, so please correct me.
> >
> > auth and login-required are not taken into account yet, but can certainly
> > be, if some exportable services should be exposed as public APIs.
> >
> > Best Regards,
> > Girish Vasmatkar
> > HotWax Systems
> >
> >
> >
> > On Thu, Sep 10, 2020 at 5:55 AM Hans Bakker 
> > wrote:
> >
> >> Hi, Girish,
> >>
> >> thanks again for your last reply it defenity helped, however i have
> >> another question.
> >>
> >> I need to access certain services publicly without a token.
> >>
> >> I have put auth="false" on the service definition and
> >> login-required="false" on the simple-method implementation
> >>
> >> still i get a 401 response.
> >>
> >> any suggestions?
> >>
> >> Regards,
> >>
> >> Hans
> >>
> >>
>

Re: public rest API

2020-09-10 Thread Hans Bakker 

Hi Girish,

how about ecommerce? you want to show the products without logging in, 
actually all information on the ecommerce frontend?


so yes, really required.

regards,

Hans


On 9/10/20 12:37 PM, Girish Vasmatkar wrote:

Every REST endpoint, as it is implemented now, is secured by default. I had
not thought of a scenario where internal OFBiz services will need to be
invoked without authentication (externally)

Yes, the services themselves can be specified to NOT require auth but I had
always thought that was applicable within internal execution. I may be
wrong here, so please correct me.

auth and login-required are not taken into account yet, but can certainly
be, if some exportable services should be exposed as public APIs.

Best Regards,
Girish Vasmatkar
HotWax Systems



On Thu, Sep 10, 2020 at 5:55 AM Hans Bakker 
wrote:


Hi, Girish,

thanks again for your last reply it defenity helped, however i have
another question.

I need to access certain services publicly without a token.

I have put auth="false" on the service definition and
login-required="false" on the simple-method implementation

still i get a 401 response.

any suggestions?

Regards,

Hans

Re: public rest API

2020-09-09 Thread Girish Vasmatkar 
Every REST endpoint, as it is implemented now, is secured by default. I had
not thought of a scenario where internal OFBiz services will need to be
invoked without authentication (externally)

Yes, the services themselves can be specified to NOT require auth but I had
always thought that was applicable within internal execution. I may be
wrong here, so please correct me.

auth and login-required are not taken into account yet, but can certainly
be, if some exportable services should be exposed as public APIs.

Best Regards,
Girish Vasmatkar
HotWax Systems



On Thu, Sep 10, 2020 at 5:55 AM Hans Bakker 
wrote:

> Hi, Girish,
>
> thanks again for your last reply it defenity helped, however i have
> another question.
>
> I need to access certain services publicly without a token.
>
> I have put auth="false" on the service definition and
> login-required="false" on the simple-method implementation
>
> still i get a 401 response.
>
> any suggestions?
>
> Regards,
>
> Hans
>
>