public rest API
Locked
 
|
Hi, Girish,
thanks again for your last reply it defenity helped, however i have another question. I need to access certain services publicly without a token. I have put auth="false" on the service definition and login-required="false" on the simple-method implementation still i get a 401 response. any suggestions? Regards, Hans |
|
|
Every REST endpoint, as it is implemented now, is secured by default. I had
not thought of a scenario where internal OFBiz services will need to be invoked without authentication (externally) Yes, the services themselves can be specified to NOT require auth but I had always thought that was applicable within internal execution. I may be wrong here, so please correct me. auth and login-required are not taken into account yet, but can certainly be, if some exportable services should be exposed as public APIs. Best Regards, Girish Vasmatkar HotWax Systems On Thu, Sep 10, 2020 at 5:55 AM Hans Bakker <[hidden email]> wrote: > Hi, Girish, > > thanks again for your last reply it defenity helped, however i have > another question. > > I need to access certain services publicly without a token. > > I have put auth="false" on the service definition and > login-required="false" on the simple-method implementation > > still i get a 401 response. > > any suggestions? > > Regards, > > Hans > > |
|
|
Hi Girish,
how about ecommerce? you want to show the products without logging in, actually all information on the ecommerce frontend? so yes, really required..... regards, Hans On 9/10/20 12:37 PM, Girish Vasmatkar wrote: > Every REST endpoint, as it is implemented now, is secured by default. I had > not thought of a scenario where internal OFBiz services will need to be > invoked without authentication (externally) > > Yes, the services themselves can be specified to NOT require auth but I had > always thought that was applicable within internal execution. I may be > wrong here, so please correct me. > > auth and login-required are not taken into account yet, but can certainly > be, if some exportable services should be exposed as public APIs. > > Best Regards, > Girish Vasmatkar > HotWax Systems > > > > On Thu, Sep 10, 2020 at 5:55 AM Hans Bakker <[hidden email]> > wrote: > >> Hi, Girish, >> >> thanks again for your last reply it defenity helped, however i have >> another question. >> >> I need to access certain services publicly without a token. >> >> I have put auth="false" on the service definition and >> login-required="false" on the simple-method implementation >> >> still i get a 401 response. >> >> any suggestions? >> >> Regards, >> >> Hans >> >> |
|
|
Thanks Hans, I will plan to include this change for the exportable services
as well. There is also OFBIZ-11995, where more RESTFul resources can be declared (development is undergoing) and bound to services where I had planned to include declarative authentication. Best Regards, Girish Vasmatkar HotWax Systems On Thu, Sep 10, 2020 at 12:08 PM Hans Bakker <[hidden email]> wrote: > Hi Girish, > > how about ecommerce? you want to show the products without logging in, > actually all information on the ecommerce frontend? > > so yes, really required..... > > regards, > > Hans > > > On 9/10/20 12:37 PM, Girish Vasmatkar wrote: > > Every REST endpoint, as it is implemented now, is secured by default. I > had > > not thought of a scenario where internal OFBiz services will need to be > > invoked without authentication (externally) > > > > Yes, the services themselves can be specified to NOT require auth but I > had > > always thought that was applicable within internal execution. I may be > > wrong here, so please correct me. > > > > auth and login-required are not taken into account yet, but can certainly > > be, if some exportable services should be exposed as public APIs. > > > > Best Regards, > > Girish Vasmatkar > > HotWax Systems > > > > > > > > On Thu, Sep 10, 2020 at 5:55 AM Hans Bakker <[hidden email]> > > wrote: > > > >> Hi, Girish, > >> > >> thanks again for your last reply it defenity helped, however i have > >> another question. > >> > >> I need to access certain services publicly without a token. > >> > >> I have put auth="false" on the service definition and > >> login-required="false" on the simple-method implementation > >> > >> still i get a 401 response. > >> > >> any suggestions? > >> > >> Regards, > >> > >> Hans > >> > >> > |
|
|
Thank you Girish,
look forward to your updates of this excellent and much needed addition to OFBiz. Regars Hans www.antwebsystems.com On 9/10/20 3:27 PM, Girish Vasmatkar wrote: > Thanks Hans, I will plan to include this change for the exportable > services as well. > > There is also OFBIZ-11995, where more RESTFul resources can be > declared (development is undergoing) and bound to services where I had > planned to include declarative authentication. > * > * > Best Regards, > Girish Vasmatkar > HotWax Systems > > > > > On Thu, Sep 10, 2020 at 12:08 PM Hans Bakker > <[hidden email] <mailto:[hidden email]>> wrote: > > Hi Girish, > > how about ecommerce? you want to show the products without logging > in, > actually all information on the ecommerce frontend? > > so yes, really required..... > > regards, > > Hans > > > On 9/10/20 12:37 PM, Girish Vasmatkar wrote: > > Every REST endpoint, as it is implemented now, is secured by > default. I had > > not thought of a scenario where internal OFBiz services will > need to be > > invoked without authentication (externally) > > > > Yes, the services themselves can be specified to NOT require > auth but I had > > always thought that was applicable within internal execution. I > may be > > wrong here, so please correct me. > > > > auth and login-required are not taken into account yet, but can > certainly > > be, if some exportable services should be exposed as public APIs. > > > > Best Regards, > > Girish Vasmatkar > > HotWax Systems > > > > > > > > On Thu, Sep 10, 2020 at 5:55 AM Hans Bakker > <[hidden email] <mailto:[hidden email]>> > > wrote: > > > >> Hi, Girish, > >> > >> thanks again for your last reply it defenity helped, however i have > >> another question. > >> > >> I need to access certain services publicly without a token. > >> > >> I have put auth="false" on the service definition and > >> login-required="false" on the simple-method implementation > >> > >> still i get a 401 response. > >> > >> any suggestions? > >> > >> Regards, > >> > >> Hans > >> > >> > |
|
|
Hello Hans
With the latest commi1361c3c <https://github.com/apache/ofbiz-plugins/commit/1361c3cdaf7d6756cc9abdc6c37450ef3d46f921> on trunk, the system now honours the "auth" attribute defined on service and accordingly bypasses authorization for such services. Best, Girish On Thu, Sep 10, 2020 at 5:46 PM Hans Bakker <[hidden email]> wrote: > Thank you Girish, > > look forward to your updates of this excellent and much needed addition to > OFBiz. > > Regars > > Hans > www.antwebsystems.com > On 9/10/20 3:27 PM, Girish Vasmatkar wrote: > > Thanks Hans, I will plan to include this change for the exportable > services as well. > > There is also OFBIZ-11995, where more RESTFul resources can be declared > (development is undergoing) and bound to services where I had planned to > include declarative authentication. > > Best Regards, > Girish Vasmatkar > HotWax Systems > > > > > On Thu, Sep 10, 2020 at 12:08 PM Hans Bakker <[hidden email]> > wrote: > >> Hi Girish, >> >> how about ecommerce? you want to show the products without logging in, >> actually all information on the ecommerce frontend? >> >> so yes, really required..... >> >> regards, >> >> Hans >> >> >> On 9/10/20 12:37 PM, Girish Vasmatkar wrote: >> > Every REST endpoint, as it is implemented now, is secured by default. I >> had >> > not thought of a scenario where internal OFBiz services will need to be >> > invoked without authentication (externally) >> > >> > Yes, the services themselves can be specified to NOT require auth but I >> had >> > always thought that was applicable within internal execution. I may be >> > wrong here, so please correct me. >> > >> > auth and login-required are not taken into account yet, but can >> certainly >> > be, if some exportable services should be exposed as public APIs. >> > >> > Best Regards, >> > Girish Vasmatkar >> > HotWax Systems >> > >> > >> > >> > On Thu, Sep 10, 2020 at 5:55 AM Hans Bakker <[hidden email] >> > >> > wrote: >> > >> >> Hi, Girish, >> >> >> >> thanks again for your last reply it defenity helped, however i have >> >> another question. >> >> >> >> I need to access certain services publicly without a token. >> >> >> >> I have put auth="false" on the service definition and >> >> login-required="false" on the simple-method implementation >> >> >> >> still i get a 401 response. >> >> >> >> any suggestions? >> >> >> >> Regards, >> >> >> >> Hans >> >> >> >> >> > |
|
|
Hi Girish,
I have gone through the implementation and tested it on API client with HTTP bearer token authentication and worked for me for both auth= true/false (bypass authorization). Kind Regards, Chandan Khandelwal On Sat, Sep 26, 2020 at 2:35 PM Girish Vasmatkar < [hidden email]> wrote: > Hello Hans > > With the latest commi1361c3c > < > https://github.com/apache/ofbiz-plugins/commit/1361c3cdaf7d6756cc9abdc6c37450ef3d46f921 > > > on > trunk, the system now honours the "auth" attribute defined on service and > accordingly bypasses authorization for such services. > > Best, > Girish > > > On Thu, Sep 10, 2020 at 5:46 PM Hans Bakker <[hidden email]> > wrote: > > > Thank you Girish, > > > > look forward to your updates of this excellent and much needed addition > to > > OFBiz. > > > > Regars > > > > Hans > > www.antwebsystems.com > > On 9/10/20 3:27 PM, Girish Vasmatkar wrote: > > > > Thanks Hans, I will plan to include this change for the exportable > > services as well. > > > > There is also OFBIZ-11995, where more RESTFul resources can be declared > > (development is undergoing) and bound to services where I had planned to > > include declarative authentication. > > > > Best Regards, > > Girish Vasmatkar > > HotWax Systems > > > > > > > > > > On Thu, Sep 10, 2020 at 12:08 PM Hans Bakker <[hidden email] > > > > wrote: > > > >> Hi Girish, > >> > >> how about ecommerce? you want to show the products without logging in, > >> actually all information on the ecommerce frontend? > >> > >> so yes, really required..... > >> > >> regards, > >> > >> Hans > >> > >> > >> On 9/10/20 12:37 PM, Girish Vasmatkar wrote: > >> > Every REST endpoint, as it is implemented now, is secured by default. > I > >> had > >> > not thought of a scenario where internal OFBiz services will need to > be > >> > invoked without authentication (externally) > >> > > >> > Yes, the services themselves can be specified to NOT require auth but > I > >> had > >> > always thought that was applicable within internal execution. I may be > >> > wrong here, so please correct me. > >> > > >> > auth and login-required are not taken into account yet, but can > >> certainly > >> > be, if some exportable services should be exposed as public APIs. > >> > > >> > Best Regards, > >> > Girish Vasmatkar > >> > HotWax Systems > >> > > >> > > >> > > >> > On Thu, Sep 10, 2020 at 5:55 AM Hans Bakker < > [hidden email] > >> > > >> > wrote: > >> > > >> >> Hi, Girish, > >> >> > >> >> thanks again for your last reply it defenity helped, however i have > >> >> another question. > >> >> > >> >> I need to access certain services publicly without a token. > >> >> > >> >> I have put auth="false" on the service definition and > >> >> login-required="false" on the simple-method implementation > >> >> > >> >> still i get a 401 response. > >> >> > >> >> any suggestions? > >> >> > >> >> Regards, > >> >> > >> >> Hans > >> >> > >> >> > >> > > > |
|
|
In reply to this post by grv
Hi Girish,
i did a quit check using flutter test this morning and it looks like it is working fine. for people interested in using flutter(http://flutter.dev) with ofbiz: the test: https://github.com/growerp/growerp/blob/master/test/services/ofbiz_testManual.dart if you want to run you need to install the growerp plugin into ofbiz: https://github.com/growerp/growerp-ofbiz Thank you Girish for this enhancement and keep up the good work! Regards, Hans Bakker http://www.antwebsystems.com On 9/26/20 4:05 PM, Girish Vasmatkar wrote: > Hello Hans > > With the latest commi1361c3c > <https://github.com/apache/ofbiz-plugins/commit/1361c3cdaf7d6756cc9abdc6c37450ef3d46f921> on > trunk, the system now honours the "auth" attribute defined on service > and accordingly bypasses authorization for such services. > > Best, > Girish > > > On Thu, Sep 10, 2020 at 5:46 PM Hans Bakker > <[hidden email] <mailto:[hidden email]>> wrote: > > Thank you Girish, > > look forward to your updates of this excellent and much needed > addition to OFBiz. > > Regars > > Hans > www.antwebsystems.com <http://www.antwebsystems.com> > > On 9/10/20 3:27 PM, Girish Vasmatkar wrote: >> Thanks Hans, I will plan to include this change for the >> exportable services as well. >> >> There is also OFBIZ-11995, where more RESTFul resources can be >> declared (development is undergoing) and bound to services where >> I had planned to include declarative authentication. >> * >> * >> Best Regards, >> Girish Vasmatkar >> HotWax Systems >> >> >> >> >> On Thu, Sep 10, 2020 at 12:08 PM Hans Bakker >> <[hidden email] <mailto:[hidden email]>> >> wrote: >> >> Hi Girish, >> >> how about ecommerce? you want to show the products without >> logging in, >> actually all information on the ecommerce frontend? >> >> so yes, really required..... >> >> regards, >> >> Hans >> >> >> On 9/10/20 12:37 PM, Girish Vasmatkar wrote: >> > Every REST endpoint, as it is implemented now, is secured >> by default. I had >> > not thought of a scenario where internal OFBiz services >> will need to be >> > invoked without authentication (externally) >> > >> > Yes, the services themselves can be specified to NOT >> require auth but I had >> > always thought that was applicable within internal >> execution. I may be >> > wrong here, so please correct me. >> > >> > auth and login-required are not taken into account yet, but >> can certainly >> > be, if some exportable services should be exposed as public >> APIs. >> > >> > Best Regards, >> > Girish Vasmatkar >> > HotWax Systems >> > >> > >> > >> > On Thu, Sep 10, 2020 at 5:55 AM Hans Bakker >> <[hidden email] <mailto:[hidden email]>> >> > wrote: >> > >> >> Hi, Girish, >> >> >> >> thanks again for your last reply it defenity helped, >> however i have >> >> another question. >> >> >> >> I need to access certain services publicly without a token. >> >> >> >> I have put auth="false" on the service definition and >> >> login-required="false" on the simple-method implementation >> >> >> >> still i get a 401 response. >> >> >> >> any suggestions? >> >> >> >> Regards, >> >> >> >> Hans >> >> >> >> >> |
«
Return to OFBiz - Dev
|
1 view|%1 views
| Free forum by Nabble | Edit this page |