Content Management and Capture

 View Only
Expand all | Collapse all

ICN security role needed to have anonymous access for a servlet added to ICN

  • 1.  ICN security role needed to have anonymous access for a servlet added to ICN

    Posted Wed September 28, 2022 06:21 PM

    Hi,

    we have custom servlet added to ICN, and it has following security constraint added to have anonymous access, which means while accessing this custom servlet, it should not ask for authentication. The role we have added is Everyone as below. But it still asks for authentication. Is there any other role name that allows access without any sort of authentication?



    #IBMContentNavigator(ICN)
    #Support
    #SupportMigration


  • 2.  RE: ICN security role needed to have anonymous access for a servlet added to ICN

    Posted Wed September 28, 2022 06:22 PM

    <security-constraint>

    <web-resource-collection>

    <web-resource-name>fasoo</web-resource-name>

    <description>Define the container secured resource</description>

    <url-pattern>/fasooservlet/*</url-pattern>

    </web-resource-collection>

    <auth-constraint>

    <role-name>Everyone</role-name>

    </auth-constraint>

    <user-data-constraint>

    <description>User data constraints</description>

    <transport-guarantee>NONE</transport-guarantee>

    </user-data-constraint>

    </security-constraint>



    #IBMContentNavigator(ICN)
    #Support
    #SupportMigration


  • 3.  RE: ICN security role needed to have anonymous access for a servlet added to ICN

    Posted Thu September 29, 2022 01:39 PM

    What documentation did you use to create and implement the custom servlet? Is the above code within your servlet or a plugin within ICN?

    Are you trying to configure roles for use with a CPE backend repository? Where CPE is the authenticating repository configured for ICN?

    See: https://www.ibm.com/docs/en/content-navigator/3.0.x?topic=SSEUEX_3.0.8/com.ibm.usingeuc.doc/euche017.htm

    If so, leveraging these role distinctions to remove the requirement to authenticate to ICN (and the authenticating repo) is not a functional use case.

    Authentication is configured when ICN is deployed and that cannot be bypassed by any supported means:

    https://www.ibm.com/docs/en/content-navigator/3.0.x?topic=SSEUEX_3.0.8/com.ibm.installingeuc.doc/eucpl050.htm

    ICN will always require some level of authentication.



    #IBMContentNavigator(ICN)
    #Support
    #SupportMigration