Doorgaan naar hoofdcontent

Cordys BOP4: Anonymous access to webservices

Introduction

With the setup using Cordys security an exposed BPM process as a webservice needs authentication. However it is possible to grant "anonymous" access to the service.
This blog item shows how this is done.

Authentication

Within the Cordys framework there are several ways to handle authentication:
  1. WebServer - The authentication at the web server (Apache, IIS) (NTLM, Active Directory, or LDAP) and authorisation at the service group.
  2. WS-Security - The authentication/authorisation takes place in the service group.
  3. Anonymous - No authentication is done and authorisation in the service group.

Anonymous user

Identity is usually placed in the SOAP header, but for anonymous access this is not needed. The webserver should be configured to allow anonymous access though.
Cordys uses the system defined user anonymous when anonymous access is used. The soap request will be executed when the anonymous user is granted.
The ACL (Access Control Level) of a service can be set at the service group level or individual service.

1 - Go to System Resource Manager
2 - Select service group
3 - Right-mous click and select Security
  
4 - Click Add
5 - Select anonymous user and click OK

Now you are able to use the service without authentication.
Labels:

Reacties

  1. Anoniem1 september 2024 om 17:12

    Thank You and I have a nifty give: What House Renovations Need Council Approval dream house renovation

    BeantwoordenVerwijderen

Een reactie posten

Populaire posts van deze blog

Microservices mindmap

"The tree" - See also   my photo page When you are fairly new within the Microservices land, there are a lot of terms fired at you. So also for my own understanding i have made a mindmap. I think it has a good status now, so that i can share it with you. As always feedback is very welcome ! You can download the mindmap here .
48 reacties
Meer lezen

OSB 10gR3 and SWA and MTOM

This blog is about using soap with attachments and the use of MTOM within the OSB (10gR3). A service is created that accepts a soap with attachment (DocumentService) and translates it to a service that accepts a binary element. MTOM is used for performance reasons for the second. Some notes: * For the use of attachments you need RPC-style document instead of the usual document-style. This due to the fact that the document-style limits a message to a single . * A service can not have both SWA and MTOM within OSB. First a WSDL is setup for the DocumentService: The $attachments variable holds the attachments and the body holds the attachment data. Also other data is stored within the attachment element (see h...
12 reacties
Meer lezen

Cloud to Cloud Application Integration

A lot of applications have integration possibilities, so do cloud applications. The question I got from a customer is whether to have a point-to-point integration with Cloud applications or to go through their ESB solution. This blog describes some considerations. Context The customer has a HRM application in which job vacancies are managed. Furthermore that system also handles the full applicant process flow. They also have another cloud application that handles the job vacancies. This application posts the jobs to social sites and other channels to promote the vacancies. Furthermore this application has some intelligence for job seekers to advice some new vacancies based on previous visits or profiles. The job vacancies need to be sent to the Vacancies application and applicant information needs to be sent to the HRM application, when a job seeker actually applies for a job. Furthermore status information about the job application is als...
11 reacties
Meer lezen