Topic
  • 6 replies
  • Latest Post - ‏2012-11-07T03:58:48Z by SystemAdmin
SystemAdmin
SystemAdmin
2327 Posts

Pinned topic How to skip authentication for public pages and adapters?

‏2012-11-05T11:41:50Z |
Hi All,

I am using Worklight 5.0.3 version.

In my application I have few pages public and few restricted (displayed only after user is authenticated).

For authentication I have configured '<common securityTest="mySecurityTest"/>' tag in application-descriptor.xml. With this my login functionality is working fine.

However, after configuring authentication mechanism all the resources (pages and adapters) are being classified as restricted and I am unable to provide exceptions for pages and adapters I wish to make public.

Can anyone please let me know how can I avoid authentication for resources I wish to make public?

Thanks,
Pushkar
  • SystemAdmin
    SystemAdmin
    2327 Posts

    Re: How to skip authentication for public pages and adapters?

    ‏2012-11-05T18:30:54Z  
    Hi,
    We have a whole section of tutorials and code-samples on authentication. Have you looked at those yet?
    https://www.ibm.com/developerworks/mobile/worklight/getting-started/index.html
    Thanks!
    -Dave
  • SystemAdmin
    SystemAdmin
    2327 Posts

    Re: How to skip authentication for public pages and adapters?

    ‏2012-11-06T04:35:15Z  
    Hi,
    We have a whole section of tutorials and code-samples on authentication. Have you looked at those yet?
    https://www.ibm.com/developerworks/mobile/worklight/getting-started/index.html
    Thanks!
    -Dave
    Hi Dave,

    Yes, I have checked those tutorials, even gone through Authentication concepts in Worklight.

    But still, somehow I am unable to figure out how make it work.

    I understand before version 5.0.3, '<usage authenticationRequired="">' tag was provided which had options 'OnStartup', 'OnDemand' and 'Never'. This way developer had control over when to trigger authentication mechanism but in 5.0.3 it has been replaced with '<common>' and don't have any option except configuring Security Test.

    Also, if I try to send login request without configuring <common> tag, I am getting 401 (Unauthorized Exception).

    There is one more tag '<staticResources>' to restrict access to static resources. I tried this also, but again no luck :(.

    Thanks,
    Pushkar
  • ShmulikB
    ShmulikB
    20 Posts

    Re: How to skip authentication for public pages and adapters?

    ‏2012-11-06T06:59:39Z  
    Hi Dave,

    Yes, I have checked those tutorials, even gone through Authentication concepts in Worklight.

    But still, somehow I am unable to figure out how make it work.

    I understand before version 5.0.3, '<usage authenticationRequired="">' tag was provided which had options 'OnStartup', 'OnDemand' and 'Never'. This way developer had control over when to trigger authentication mechanism but in 5.0.3 it has been replaced with '<common>' and don't have any option except configuring Security Test.

    Also, if I try to send login request without configuring <common> tag, I am getting 401 (Unauthorized Exception).

    There is one more tag '<staticResources>' to restrict access to static resources. I tried this also, but again no luck :(.

    Thanks,
    Pushkar
    Hi
    You can use authentication in 2 ways:
    1. Protect an environment.
    2. Protect an adapter procedure.

    when protecting an environment - all the resources for that environment will be authenticated.
    If you want to make a separation, you can create a security test and attach it only to those procedures (adapter procedures) that you want to be authenticated.

    You can find more information about authentication in our Getting Started page:
    https://www.ibm.com/developerworks/mobile/worklight/getting-started/
    Modules 20-23

    Regards,
    Shmulik
  • SystemAdmin
    SystemAdmin
    2327 Posts

    Re: How to skip authentication for public pages and adapters?

    ‏2012-11-06T09:58:22Z  
    • ShmulikB
    • ‏2012-11-06T06:59:39Z
    Hi
    You can use authentication in 2 ways:
    1. Protect an environment.
    2. Protect an adapter procedure.

    when protecting an environment - all the resources for that environment will be authenticated.
    If you want to make a separation, you can create a security test and attach it only to those procedures (adapter procedures) that you want to be authenticated.

    You can find more information about authentication in our Getting Started page:
    https://www.ibm.com/developerworks/mobile/worklight/getting-started/
    Modules 20-23

    Regards,
    Shmulik
    Hi Shmulik,

    Exactly, my point is same. I am able to protect whole environment. That way all the pages are protected (at the moment I have html pages only).

    However, I need to provide some exceptions here, I need to keep some pages public.

    Regarding Adapters, yes I can assign Security Tests to them, but my intention here is to protect some of html pages.

    Would be great if you can suggest any solution.

    Thanks,
    Pushkar
  • kai_huang2012
    kai_huang2012
    23 Posts

    Re: How to skip authentication for public pages and adapters?

    ‏2012-11-07T03:23:21Z  
    Hi Shmulik,

    Exactly, my point is same. I am able to protect whole environment. That way all the pages are protected (at the moment I have html pages only).

    However, I need to provide some exceptions here, I need to keep some pages public.

    Regarding Adapters, yes I can assign Security Tests to them, but my intention here is to protect some of html pages.

    Would be great if you can suggest any solution.

    Thanks,
    Pushkar
    According to WL develop reference guide,
    if you use form-based authentication,WL will protect application as a whole,
    If your app only contains some HTML files, you can simplely write your own logic(javacript) to project the pages.
  • SystemAdmin
    SystemAdmin
    2327 Posts

    Re: How to skip authentication for public pages and adapters?

    ‏2012-11-07T03:58:48Z  
    According to WL develop reference guide,
    if you use form-based authentication,WL will protect application as a whole,
    If your app only contains some HTML files, you can simplely write your own logic(javacript) to project the pages.
    Thanks for reply.

    I'll check for other options :)