Topic
6 replies Latest Post - ‏2012-11-07T03:58:48Z by SystemAdmin
SystemAdmin
SystemAdmin
2327 Posts
ACCEPTED ANSWER

Pinned topic How to skip authentication for public pages and adapters?

‏2012-11-05T11:41:50Z |
Hi All,

I am using Worklight 5.0.3 version.

In my application I have few pages public and few restricted (displayed only after user is authenticated).

For authentication I have configured '<common securityTest="mySecurityTest"/>' tag in application-descriptor.xml. With this my login functionality is working fine.

However, after configuring authentication mechanism all the resources (pages and adapters) are being classified as restricted and I am unable to provide exceptions for pages and adapters I wish to make public.

Can anyone please let me know how can I avoid authentication for resources I wish to make public?

Thanks,
Pushkar
  • SystemAdmin
    SystemAdmin
    2327 Posts
    ACCEPTED ANSWER

    Re: How to skip authentication for public pages and adapters?

    ‏2012-11-05T18:30:54Z  in response to SystemAdmin
    Hi,
    We have a whole section of tutorials and code-samples on authentication. Have you looked at those yet?
    https://www.ibm.com/developerworks/mobile/worklight/getting-started/index.html
    Thanks!
    -Dave
    • SystemAdmin
      SystemAdmin
      2327 Posts
      ACCEPTED ANSWER

      Re: How to skip authentication for public pages and adapters?

      ‏2012-11-06T04:35:15Z  in response to SystemAdmin
      Hi Dave,

      Yes, I have checked those tutorials, even gone through Authentication concepts in Worklight.

      But still, somehow I am unable to figure out how make it work.

      I understand before version 5.0.3, '<usage authenticationRequired="">' tag was provided which had options 'OnStartup', 'OnDemand' and 'Never'. This way developer had control over when to trigger authentication mechanism but in 5.0.3 it has been replaced with '<common>' and don't have any option except configuring Security Test.

      Also, if I try to send login request without configuring <common> tag, I am getting 401 (Unauthorized Exception).

      There is one more tag '<staticResources>' to restrict access to static resources. I tried this also, but again no luck :(.

      Thanks,
      Pushkar
      • ShmulikB
        ShmulikB
        20 Posts
        ACCEPTED ANSWER

        Re: How to skip authentication for public pages and adapters?

        ‏2012-11-06T06:59:39Z  in response to SystemAdmin
        Hi
        You can use authentication in 2 ways:
        1. Protect an environment.
        2. Protect an adapter procedure.

        when protecting an environment - all the resources for that environment will be authenticated.
        If you want to make a separation, you can create a security test and attach it only to those procedures (adapter procedures) that you want to be authenticated.

        You can find more information about authentication in our Getting Started page:
        https://www.ibm.com/developerworks/mobile/worklight/getting-started/
        Modules 20-23

        Regards,
        Shmulik
        • SystemAdmin
          SystemAdmin
          2327 Posts
          ACCEPTED ANSWER

          Re: How to skip authentication for public pages and adapters?

          ‏2012-11-06T09:58:22Z  in response to ShmulikB
          Hi Shmulik,

          Exactly, my point is same. I am able to protect whole environment. That way all the pages are protected (at the moment I have html pages only).

          However, I need to provide some exceptions here, I need to keep some pages public.

          Regarding Adapters, yes I can assign Security Tests to them, but my intention here is to protect some of html pages.

          Would be great if you can suggest any solution.

          Thanks,
          Pushkar
          • kai_huang2012
            kai_huang2012
            23 Posts
            ACCEPTED ANSWER

            Re: How to skip authentication for public pages and adapters?

            ‏2012-11-07T03:23:21Z  in response to SystemAdmin
            According to WL develop reference guide,
            if you use form-based authentication,WL will protect application as a whole,
            If your app only contains some HTML files, you can simplely write your own logic(javacript) to project the pages.
            • SystemAdmin
              SystemAdmin
              2327 Posts
              ACCEPTED ANSWER

              Re: How to skip authentication for public pages and adapters?

              ‏2012-11-07T03:58:48Z  in response to kai_huang2012
              Thanks for reply.

              I'll check for other options :)