>Do you bind AnonymousAuthenticationHandler ? I have my own authentication handler and I don't want to allow anonymous (as a general rule). I guess I can add a check in there for "method=system.listMethods" and return anonymous but it seems clumsy to me.
Jordan Zimmerman Principal Software Architect 831.647.4712 831.214.2990 (cell) [email protected] SHOP*COMTM Shop Smart, Save Big(tm) www.shop.com -----Original Message----- From: Louis Ryan [mailto:[email protected]] Sent: Wednesday, May 06, 2009 4:24 PM To: [email protected] Subject: Re: /rpc?method=system.listMethods Do you bind AnonymousAuthenticationHandler ? On Wed, May 6, 2009 at 4:20 PM, Jordan Zimmerman <[email protected]> wrote: > >It doesn't pass a > >security token as its not really trying to auth on behalf of any given > >user, and in truth system.listMethods should require no auth. > > The problem is that the AuthenticationServletFilter gets called and, in > turn, calls getSecurityTokenFromRequest(). Without the "st" my container > code can't generate the token. > > Jordan Zimmerman > Principal Software Architect > 831.647.4712 > 831.214.2990 (cell) > [email protected] > > SHOP*COMTM > Shop Smart, Save Big(tm) > www.shop.com > > This message (including any attachments) is intended only for > the use of the individual or entity to which it is addressed and > may contain information that is non-public, proprietary, > privileged, confidential, and exempt from disclosure under > applicable law or may constitute as attorney work product. > If you are not the intended recipient, you are hereby notified > that any use, dissemination, distribution, or copying of this > communication is strictly prohibited. If you have received this > communication in error, notify us immediately by telephone and > (i) destroy this message if a facsimile or (ii) delete this > message > immediately if this is an electronic communication. > > Thank you. > This message (including any attachments) is intended only for the use of the individual or entity to which it is addressed and may contain information that is non-public, proprietary, privileged, confidential, and exempt from disclosure under applicable law or may constitute as attorney work product. If you are not the intended recipient, you are hereby notified that any use, dissemination, distribution, or copying of this communication is strictly prohibited. If you have received this communication in error, notify us immediately by telephone and (i) destroy this message if a facsimile or (ii) delete this message immediately if this is an electronic communication. Thank you.
