Cordys BOP4: Anonymous access to webservices


With the setup using Cordys security an exposed BPM process as a webservice needs authentication. However it is possible to grant "anonymous" access to the service.
This blog item shows how this is done.


Within the Cordys framework there are several ways to handle authentication:
  1. WebServer - The authentication at the web server (Apache, IIS) (NTLM, Active Directory, or LDAP) and authorisation at the service group.
  2. WS-Security - The authentication/authorisation takes place in the service group.
  3. Anonymous - No authentication is done and authorisation in the service group.

Anonymous user

Identity is usually placed in the SOAP header, but for anonymous access this is not needed. The webserver should be configured to allow anonymous access though.
Cordys uses the system defined user anonymous when anonymous access is used. The soap request will be executed when the anonymous user is granted.
The ACL (Access Control Level) of a service can be set at the service group level or individual service.

1 - Go to System Resource Manager
2 - Select service group
3 - Right-mous click and select Security
4 - Click Add
5 - Select anonymous user and click OK

Now you are able to use the service without authentication.

No comments:

Post a Comment