https://connect.hyland.com/t5/alfresco-archive/webscript-authentication/m-p/247706#M200836 <HTML><HEAD></HEAD><BODY><SPAN>I developed a Java-backed webscript referenced by a third-party viewer. The webscript takes a filepath as the parameter and what it does is pull the file specified in the parameter, stamps an image watermark on the file, and returns the modified stream back to the viewer. I currently set the authentication to "auth" but the problem is, the viewer (a Java applet) prompts me for the userid and password (HTTP Basic Auth). I tried changing authentication to "none" but I get an error message saying that I was not authenticated. (The behavior actually makes sense).</SPAN><BR /><BR /><SPAN>How do I get around this?</SPAN><BR /><BR /><SPAN>The only option I could think of is Authenticate from within the Java code – the problem with this is the approach opens up a security risk because users can just do a "view source" on the view page and see the parameters I pass to the script.</SPAN></BODY></HTML> Fri, 23 Mar 2012 14:00:29 GMT jett 2012-03-23T14:00:29Z https://connect.hyland.com/t5/alfresco-archive/webscript-authentication/m-p/247706#M200836 I developed a Java-backed webscript referenced by a third-party viewer. The webscript takes a filepath as the parameter and what it does is pull the file specified in the parameter, stamps an image watermark on the file, and returns the modified stream back to the viewer. I currently set the authent Fri, 23 Mar 2012 14:00:29 GMT https://connect.hyland.com/t5/alfresco-archive/webscript-authentication/m-p/247706#M200836 jett 2012-03-23T14:00:29Z https://connect.hyland.com/t5/alfresco-archive/webscript-authentication/m-p/247707#M200837 <HTML><HEAD></HEAD><BODY><SPAN>Hello,</SPAN><BR /><BR /><SPAN>You might want to have a look at the runas property then.</SPAN><BR /><A href="http://docs.alfresco.com/4.0/index.jsp?topic=%2Fcom.alfresco.enterprise.doc%2Freferences%2Fapi-ws-runas.html" rel="nofollow noopener noreferrer">http://docs.alfresco.com/4.0/index.jsp?topic=%2Fcom.alfresco.enterprise.doc%2Freferences%2Fapi-ws-runas.html</A><BR /><SPAN>I've never used it myself but my understanding of it is that you could have a webscript without authentication to run with admin rights.</SPAN><BR /><BR /><SPAN>But then you need to be very careful not to let any injection hole in your code because it would execute with admin rights.</SPAN></BODY></HTML> Fri, 23 Mar 2012 15:24:05 GMT https://connect.hyland.com/t5/alfresco-archive/webscript-authentication/m-p/247707#M200837 scouil 2012-03-23T15:24:05Z https://connect.hyland.com/t5/alfresco-archive/webscript-authentication/m-p/247708#M200838 <HTML><HEAD></HEAD><BODY><SPAN>Thank you. Will give it a shot.</SPAN></BODY></HTML> Tue, 27 Mar 2012 08:21:50 GMT https://connect.hyland.com/t5/alfresco-archive/webscript-authentication/m-p/247708#M200838 jett 2012-03-27T08:21:50Z