Polymer REST: allow both anonymous and OAuth endpoints

Hello,

Using Polymer UI, I would like some REST endpoints allow anonymous access and also having others requiring the OAuth token. How can this be done? I have created a user registration page which requires the anonymous access.

Thanks!

Hello,

Any possible workaround on this issue?

Thanks.

Hello,

Any update on this issue?

Thanks.

Hi,
if you want to specify an anonymous access to some cuba middleware service while other services are protected, then it’s not possible yet. We have an issue for that: https://youtrack.cuba-platform.com/issue/PL-8965

However, you can always create your custom Spring MVC controller. Maybe this sample will help you: GitHub - gorbunkov/sample-rest-controllers: Sample project that demonstrates working with custom REST controllers

Hi Max @gorbunkov,

I have solved it using the solution from this thread:

REST API anonymous access only for a registration user API

Essentially you can add allowAnonymous="true":

The main classes are the following:

https://github.com/pfurini/cuba-component-forgot-password/blob/master/modules/web/src/it/nexbit/cuba/restapi/RestServicesConfiguration.java

https://github.com/pfurini/cuba-component-forgot-password/blob/master/modules/web/src/it/nexbit/cuba/restapi/auth/NexbitAnonymousAuthenticationFilter.java

Maybe could you review above as a possible addition to CUBA? So far it works fine, save for this minor issue:

allowAnonymous does not work for POST requests

Last but not the least, a huge THANKS to @pfurini for this workaround!