Hyland Community
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Web Script Authentication question

mangar
Star Contributor
Star Contributor

‎06-06-2021 10:04 PM

I am following Jeff Pott's intro to web scripts,  and I have a simple Java service that simply logs to the logfile whatever I put in a message parameter.  My descriptor looks like this:

<webscript>
    <shortname>Post Logging message</shortname>
    <description>Writes a message to the log.</description>
    <url>/someco/logging/log</url>
    <format default="json">extension</format>
    <authentication runas="admin">guest</authentication>
    <transaction>required</transaction>
</webscript>

Now when I call the endpoint I get a 401 not authorized.  If I add an authentication header,  it works fine.  I was under the impression that the authentication tag in the descriptor allows anonymous guest access.  Can someone explain this to me?

Labels:
0 Kudos
1 REPLY 1

afaust
Legendary Innovator
Legendary Innovator

‎06-09-2021 05:11 AM

The value specified in the authentication section states that at least guest-level access is required, but that anonymous guest access still requires explicit login as the guest user. A fully anonymous access would be the `none` authentication.

Note that allowing unauthenticated or guest level access to your logs is a recipe for DDoS attacks. Make sure you properly restrict which clients / hosts can actually call this endpoint via your web proxy / application gateway.

Getting started

Explore our Alfresco products with the links below. Use labels to filter content by product module.

Copyright © 2024 Khoros, LLC