Single not authenticated service

Hi there,
how can i do a service who recibe request from not authenticated client? (this is the one not auth service). This service need auth the client. The authentication ocurrs on another platform and we recive only a token.

we tried to use

cuba.anonymousSessionId=a2b54669-1a81-5a9b-a317-31298dddadf3 = false

and too with @Authenticated on the service method

public Map<String, String> getUserAndPassword(String accessToken) {

Any code example would be appreciated.

Thanks for the help,

1 Like

Hi Pedro,

Create your own REST controller without authentication. Just follow the steps of the Creating Custom OAuth2 Protected Controllers guide but remove security:http XML element from the rest-dispatcher-spring.xml file described on step 2. Then you will be able to invoke your endpoint bypassing standard authentication.

In order to invoke a service as anonymous user, get the anonymous session in the controller as follows:

public class CustomerController {

    private AnonymousLoginProvider loginProvider;

    private CustomerService customerService;

    public String getAllCustomers() {
        UserSession session;
        try {
            AuthenticationDetails details = loginProvider.login(new AnonymousUserCredentials());
            session = details.getSession();
        } catch (LoginException e) {
            return e.getMessage();

        return AppContext.withSecurityContext(new SecurityContext(session), () -> {
            List<Customer> customers = customerService.getCustomers();
            return", "));

The @Authenticated annotation on the service method won’t help, it works only for invocations within the middle tier.