cancel
Showing results for 
Search instead for 
Did you mean: 

Webscript with guest access requiring authentication

hiten_rastogi1
Star Contributor
Star Contributor

Hi,

I have a webscript that have guest access enabled but it still requires me to authenticate when I try to access it on my production instance, though it work fine on my local.

Below is the desc file for the webscript

<webscript>
    <shortname>doclist</shortname>
    <description>Publicly available document list</description>
    <url>/eu/xfel/make-public/doclist</url>
    <format default="html">argument</format>
    <authentication>guest</authentication>
    <transaction allow="readonly">required</transaction>
</webscript>

I am hitting the webscript with the below url

http://localhost:8080/alfresco/s/eu/xfel/make-public/doclist?nodeRef=workspace://SpacesStore/jt0fcff... 

the above one works

https://abc.net/alfresco/s/eu/xfel/make-public/doclist?nodeRef=workspace://SpacesStore/fw0fcffa-f5c8... 

this one doesn't work. It ask me for authentication and I have to put in guest:guest as usernameSmiley Tongueassword

I have made sure that the content this webscript is trying to access has Consumer access for the Guest user and in the instance where I am having issue there is no customisation that disable the guest user access.

Please educate me why this is the happening.

Thanks

12 REPLIES 12

mikel_asla
Star Contributor
Star Contributor

Hi

Maybe you got guest user disabled on production (check all susbsystems that may apply)

Btw, you can also set to none like that

  <authentication>none</authentication>

If you really know what your doing and you need a non authenticated service

Authenticating web scripts | Alfresco Documentation 

Regards

 

Hi Mikel,

Correction in above. I just checked and YES the guest user is disabled in the production instance but so in my local. I did a bit of googling and found out that by default the Guest user is disabled in Alfresco.

In my local I am running the same code as in my production but in my local I am not prompted with the authentication login. If I put username and password as guest/guest in my production I am able successfully authenticate and view the content that the webscript returns. So, I am writing down certain questions please help me in answering them.

1. Does guest need to authenticate by using guest/guest as username/password ?

2. I have read the documentation and if the authentication is set to none then the transaction is by default set to none but in my case I do need a readonly transaction ??

3. Also, setting the authentication to none anyone who can form the webscript url can get access to data that the webscript return. How can I avoid it ?

Maybe some context of what you're trying to achieve will help, 

1. The guest has no authentication behind, it can be seen as the FTP annonimous

This is the default value for AlfrescoNtlm auth subsystem (tipically the one you're hitting locally)

alfresco.authentication.allowGuestLogin=true

alfresco-repository/alfresco-authentication.properties at master · Alfresco/alfresco-repository · Gi... 

On production this normally differs

2. It totally depends on your implementation code

3. Creating a ws as guest or none will make it public to the world, why can't you just use "user"?

Thanks Mikel for your reply.

I am trying to make a folder and its content in Alfresco accessible to outside world without authentication, for this purpose we have used an addon and with some modification created our own from it, so none and guest works for me.

The folder has an action that generates a unique URL and gives Consumer access to guest user on all the content inside that folder.

The unique URL generates a page which displays the all the content inside the folder which is fetched through the webscript. This webscript has guest authentication which as stated above works well on local but not on production and demand authentication on the same code.

I am not able to figure out the reason for this behaviour. Here is the link to the project .

I see, 

Maybe there is something with the order of your authentication chain, what's the value for authentication.chain property on production?

I am using default authentication on the production as well as local instance.

mikel_asla
Star Contributor
Star Contributor

OK, so only Alfresco internal users and allowGuest enabled on both environments

And do you have any http server / balancer or anything in between?

Yes,

We are using an apache web server.

Maybe apache is causing the auth promp

Can you try the service bypassing apache? maybe some curl from the production server console or so.