Single not authenticated service

Support
#1

Hi there,
how can i do a service who recibe request from not authenticated client? (this is the one not auth service). This service need auth the client. The authentication ocurrs on another platform and we recive only a token.

we tried to use

cuba.anonymousSessionId=a2b54669-1a81-5a9b-a317-31298dddadf3
cuba.rest.anonymousEnabled = false

and too with @Authenticated on the service method

@Override
@Authenticated
@Transactional
public Map<String, String> getUserAndPassword(String accessToken) {
...
}

Any code example would be appreciated.

Thanks for the help,
-Pedro

1 Like
#2

Hi Pedro,

Create your own REST controller without authentication. Just follow the steps of the Creating Custom OAuth2 Protected Controllers guide but remove security:http XML element from the rest-dispatcher-spring.xml file described on step 2. Then you will be able to invoke your endpoint bypassing standard authentication.

In order to invoke a service as anonymous user, get the anonymous session in the controller as follows:

@RestController
@RequestMapping("/customers")
public class CustomerController {

    @Inject
    private AnonymousLoginProvider loginProvider;

    @Inject
    private CustomerService customerService;

    @GetMapping("/all")
    public String getAllCustomers() {
        UserSession session;
        try {
            AuthenticationDetails details = loginProvider.login(new AnonymousUserCredentials());
            session = details.getSession();
        } catch (LoginException e) {
            return e.getMessage();
        }

        return AppContext.withSecurityContext(new SecurityContext(session), () -> {
            List<Customer> customers = customerService.getCustomers();
            return customers.stream().map(Customer::getName).collect(Collectors.joining(", "));
        });
    }
}

The @Authenticated annotation on the service method won’t help, it works only for invocations within the middle tier.

Regards,
Konstantin