Web Script Authentication question

Showing results for 
Search instead for 
Did you mean: 
Established Member II

Web Script Authentication question

I am following Jeff Pott's intro to web scripts,  and I have a simple Java service that simply logs to the logfile whatever I put in a message parameter.  My descriptor looks like this:

    <shortname>Post Logging message</shortname>
    <description>Writes a message to the log.</description>
    <format default="json">extension</format>
    <authentication runas="admin">guest</authentication>

Now when I call the endpoint I get a 401 not authorized.  If I add an authentication header,  it works fine.  I was under the impression that the authentication tag in the descriptor allows anonymous guest access.  Can someone explain this to me?

1 Reply

Re: Web Script Authentication question

The value specified in the authentication section states that at least guest-level access is required, but that anonymous guest access still requires explicit login as the guest user. A fully anonymous access would be the `none` authentication.

Note that allowing unauthenticated or guest level access to your logs is a recipe for DDoS attacks. Make sure you properly restrict which clients / hosts can actually call this endpoint via your web proxy / application gateway.