Hi,
I have a webscript that have guest access enabled but it still requires me to authenticate when I try to access it on my production instance, though it work fine on my local.
Below is the desc file for the webscript
<webscript>
<shortname>doclist</shortname>
<description>Publicly available document list</description>
<url>/eu/xfel/make-public/doclist</url>
<format default="html">argument</format>
<authentication>guest</authentication>
<transaction allow="readonly">required</transaction>
</webscript>
I am hitting the webscript with the below url
the above one works
this one doesn't work. It ask me for authentication and I have to put in guest:guest as usernameassword
I have made sure that the content this webscript is trying to access has Consumer access for the Guest user and in the instance where I am having issue there is no customisation that disable the guest user access.
Please educate me why this is the happening.
Thanks
Hi
Maybe you got guest user disabled on production (check all susbsystems that may apply)
Btw, you can also set to none like that
<authentication>none</authentication>
If you really know what your doing and you need a non authenticated service
Authenticating web scripts | Alfresco Documentation
Regards
Hi Mikel,
Correction in above. I just checked and YES the guest user is disabled in the production instance but so in my local. I did a bit of googling and found out that by default the Guest user is disabled in Alfresco.
In my local I am running the same code as in my production but in my local I am not prompted with the authentication login. If I put username and password as guest/guest in my production I am able successfully authenticate and view the content that the webscript returns. So, I am writing down certain questions please help me in answering them.
1. Does guest need to authenticate by using guest/guest as username/password ?
2. I have read the documentation and if the authentication is set to none then the transaction is by default set to none but in my case I do need a readonly transaction ??
3. Also, setting the authentication to none anyone who can form the webscript url can get access to data that the webscript return. How can I avoid it ?
Maybe some context of what you're trying to achieve will help,
1. The guest has no authentication behind, it can be seen as the FTP annonimous
This is the default value for AlfrescoNtlm auth subsystem (tipically the one you're hitting locally)
alfresco.authentication.allowGuestLogin=true
On production this normally differs
2. It totally depends on your implementation code
3. Creating a ws as guest or none will make it public to the world, why can't you just use "user"?
Thanks Mikel for your reply.
I am trying to make a folder and its content in Alfresco accessible to outside world without authentication, for this purpose we have used an addon and with some modification created our own from it, so none and guest works for me.
The folder has an action that generates a unique URL and gives Consumer access to guest user on all the content inside that folder.
The unique URL generates a page which displays the all the content inside the folder which is fetched through the webscript. This webscript has guest authentication which as stated above works well on local but not on production and demand authentication on the same code.
I am not able to figure out the reason for this behaviour. Here is the link to the project .
I see,
Maybe there is something with the order of your authentication chain, what's the value for authentication.chain property on production?
I am using default authentication on the production as well as local instance.
OK, so only Alfresco internal users and allowGuest enabled on both environments
And do you have any http server / balancer or anything in between?
Yes,
We are using an apache web server.
Maybe apache is causing the auth promp
Can you try the service bypassing apache? maybe some curl from the production server console or so.
Ask for and offer help to other Alfresco Content Services Users and members of the Alfresco team.
Related links:
By using this site, you are agreeing to allow us to collect and use cookies as outlined in Alfresco’s Cookie Statement and Terms of Use (and you have a legitimate interest in Alfresco and our products, authorizing us to contact you in such methods). If you are not ok with these terms, please do not use this website.