I am using Worklight 5.0.3 version.
In my application I have few pages public and few restricted (displayed only after user is authenticated).
For authentication I have configured '<common securityTest="mySecurityTest"/>' tag in application-descriptor.xml. With this my login functionality is working fine.
However, after configuring authentication mechanism all the resources (pages and adapters) are being classified as restricted and I am unable to provide exceptions for pages and adapters I wish to make public.
Can anyone please let me know how can I avoid authentication for resources I wish to make public?
NOTICE: developerWorks Community will be offline May 29-30, 2015 while we upgrade to the latest version of IBM Connections. For more information, read our upgrade FAQ.
This topic has been locked.
6 replies Latest Post - 2012-11-07T03:58:48Z by SystemAdmin
Pinned topic How to skip authentication for public pages and adapters?
Answered question This question has been answered.
Unanswered question This question has not been answered yet.
Re: How to skip authentication for public pages and adapters?2012-11-05T18:30:54Z in response to SystemAdminHi,
We have a whole section of tutorials and code-samples on authentication. Have you looked at those yet?
Re: How to skip authentication for public pages and adapters?2012-11-06T04:35:15Z in response to SystemAdminHi Dave,
Yes, I have checked those tutorials, even gone through Authentication concepts in Worklight.
But still, somehow I am unable to figure out how make it work.
I understand before version 5.0.3, '<usage authenticationRequired="">' tag was provided which had options 'OnStartup', 'OnDemand' and 'Never'. This way developer had control over when to trigger authentication mechanism but in 5.0.3 it has been replaced with '<common>' and don't have any option except configuring Security Test.
Also, if I try to send login request without configuring <common> tag, I am getting 401 (Unauthorized Exception).
There is one more tag '<staticResources>' to restrict access to static resources. I tried this also, but again no luck :(.
ShmulikB 270005FKGM20 PostsACCEPTED ANSWER
Re: How to skip authentication for public pages and adapters?2012-11-06T06:59:39Z in response to SystemAdminHi
You can use authentication in 2 ways:
1. Protect an environment.
2. Protect an adapter procedure.
when protecting an environment - all the resources for that environment will be authenticated.
If you want to make a separation, you can create a security test and attach it only to those procedures (adapter procedures) that you want to be authenticated.
You can find more information about authentication in our Getting Started page:
Re: How to skip authentication for public pages and adapters?2012-11-06T09:58:22Z in response to ShmulikBHi Shmulik,
Exactly, my point is same. I am able to protect whole environment. That way all the pages are protected (at the moment I have html pages only).
However, I need to provide some exceptions here, I need to keep some pages public.
Regarding Adapters, yes I can assign Security Tests to them, but my intention here is to protect some of html pages.
Would be great if you can suggest any solution.
kai_huang2012 270005GB8Y23 PostsACCEPTED ANSWER
Re: How to skip authentication for public pages and adapters?2012-11-07T03:23:21Z in response to SystemAdminAccording to WL develop reference guide,
if you use form-based authentication,WL will protect application as a whole,
If your app only contains some HTML files, you can simplely write your own logic(javacript) to project the pages.