You are viewing a plain text version of this content. The canonical link for it is here.

Posted to user@ofbiz.apache.org by Rishi Agr <ri...@gmail.com> on 2022/02/22 11:56:08 UTC

Rest API bypassing certain APIs from authentication

Hi, I am implementing an API that needs to be processed without
authentication. This API will be publicly accessible. I have tried to set
the rest and services definition with auth="false" but it has not helped.
Below is a small code
rest.xml
<resource description="Some desc" displayName="SomeName" auth="false"
publish="true"
            name="Some name" path="/rest/test">

services.xml
<service name="seomMethod" engine="java"
             location="com.test.MyService" invoke="seomMethod" auth="false">

Can someone let me know what am I missing or doing wrong?

Re: Rest API bypassing certain APIs from authentication

Posted by Rishi Agr <ri...@gmail.com>.

Hi Michael,

I added the configuration of auth="false" for the specific operation
instead of the resource. This worked. Thank you

On Tue, Feb 22, 2022, 14:47 Michael Brohl <mi...@ecomify.de> wrote:

> Hi Rishi,
>
> how is your operation inside the resource being configured?
>
> If ommitted, auth defaults to true there.
>
> Best regards,
>
> Michael Brohl
>
> ecomify GmbH - www.ecomify.de
>
>
> Am 22.02.22 um 12:56 schrieb Rishi Agr:
> > Hi, I am implementing an API that needs to be processed without
> > authentication. This API will be publicly accessible. I have tried to set
> > the rest and services definition with auth="false" but it has not helped.
> > Below is a small code
> > rest.xml
> > <resource description="Some desc" displayName="SomeName" auth="false"
> > publish="true"
> >              name="Some name" path="/rest/test">
> >
> > services.xml
> > <service name="seomMethod" engine="java"
> >               location="com.test.MyService" invoke="seomMethod"
> auth="false">
> >
> > Can someone let me know what am I missing or doing wrong?
> >
>

Re: Rest API bypassing certain APIs from authentication

Posted by Michael Brohl <mi...@ecomify.de>.

Hi Rishi,

how is your operation inside the resource being configured?

If ommitted, auth defaults to true there.

Best regards,

Michael Brohl

ecomify GmbH - www.ecomify.de


Am 22.02.22 um 12:56 schrieb Rishi Agr:
> Hi, I am implementing an API that needs to be processed without
> authentication. This API will be publicly accessible. I have tried to set
> the rest and services definition with auth="false" but it has not helped.
> Below is a small code
> rest.xml
> <resource description="Some desc" displayName="SomeName" auth="false"
> publish="true"
>              name="Some name" path="/rest/test">
>
> services.xml
> <service name="seomMethod" engine="java"
>               location="com.test.MyService" invoke="seomMethod" auth="false">
>
> Can someone let me know what am I missing or doing wrong?
>