DSP and access file

Guest · July 20, 2004, 7:25pm

Hi

I have written a dsp (which is a form) that posts input to a service and writes out the response to the webpage.I set the service ACL to anonymous but each time I open the dsp page it asks for a userid/pwd.I understand from previous posts I need to create a .access file for the dsp and reload the package once this file is created - to give permissions for everyone to see this webpage.My question is I am not very clear what the .access file should be named. If my package is XYZ and my dsp is called testxyz.dsp , should it be called XYZ.access. Does it matter what its called ? Also its contents should be :

testxyz.dsp Everybody
Is this right?Because this isnt working for me.

Any suggestions of what I missing will be appreciated.

Thanks
SG.

tbond.5941 · July 20, 2004, 8:00pm

The .access file should be named . . . .

.access

You can copy one from one of the system packages if you need a starting point.

Guest · July 20, 2004, 8:00pm

The file needs to be named “.access” and it should be in the same directory as your DSP file. If you really want everyone to be able to access your page, you should put this in the file:

testxyz.dsp Anonymous

Typically allowing access to everyone isn’t a good security practice, though.

You can see an example .access file in the WmRoot package - look in the pub folder.

saurabhm · July 20, 2004, 8:32pm

Read Pages 148-149 in the “webMethods Integration Server Administrator’s Guide Version 6.1”

This applies to v4.x too.

In case, you don’t have access to the guide; here it is for your reference.

[i]
Assigning ACLs to Files the Server Can Serve
The server can serve files that reside in the pub directory for a package or a subdirectory
of the pub directory.

You control access to files by placing a .access file in the directory that contains files you
want to protect. You can use an operating system tool of your choice to edit the .access file.
If the directory contains subdirectories, they will not inherit the protection, so you must
provide a .access file in each directory. For each file in the directory that you want to
protect, place a line in the .access file to identify the file and the ACL you want to use to
protect the file.

For example, assume you have a directory that contains three files (adminpage.dsp,
home.dsp, and index.htm). You want to protect the adminpage.dsp file with the
Administrators ACL so that only administrators can access this file. You want to protect
the home.dsp file with the Developers ACL so only developers can access this file. You
also want to assign the Default ACL to the index.htm file so all users can access it. To
accomplish this, you would place the following records in the .access file:

adminpage.dsp Administrators
home.dsp Developers
index.htm Default

Rules for Using .access Files
When making entries in .access files, observe the following rules:
a) Specify the file name only, such as adminpage.dsp followed by the ACL name. If you
specify a relative path, the file will not be protected. For example, suppose file
home.dsp is in subdirectory docs in directory pub (pub\docs\home.dsp). If you add
the following entry to the .access file on directory pub, the file will not be protected:
docs\home.dsp Developers
Instead, add the following entry to the .access file on directory pub\docs:
home.dsp Developers
b) The case in which you enter the name depends on how your file system handles case.
Suppose you have a file named index.dsp. If you use a case-insensitive system such as
Windows, you can enter the file name in any case. Therefore Index.dsp, INDEX.DSP,
and so on are all acceptable. However, if you use a case-sensitive system such as Unix,
you must enter index.dsp.

Important! The Integration Server loads .access files when a package is loaded; therefore, if
you want the changes you make to take effect immediately, reload the package.

[/i]

You can find the same information in the IS Admin Guides v4.x

Guest · July 20, 2004, 11:14pm

Thanks for all your posts - that worked. I know this is not a good security practice but this is a throw away kind of page and we didnt want to create userids/pwd for the team to use for this page - hence the need for this.

Sasi_KSV · May 13, 2018, 9:49pm

Hi All,

Good Day…!!!

I want to make a dsp page xyz.dsp Anonymous (the page should be accessed to everyone and it should not ask any credentials).

For this I created package.access file and content of this file as below,

xyz.dsp Anonymous

both xyz.dsp and package.access file are in same location

…/IntegrationServer/instances/default/packages/package/pub/xyz.dsp
…/IntegrationServer/instances/default/packages/package/pub/package.dsp

and reloaded the package . But it is still not working for me .

wM version :9.10

Can anyone please help on this .

I named .access file with my package name…Am correct ?

Regards,
Sasi

Holger_von_Thomsen · May 14, 2018, 4:35pm

Hi Sasi,

please have a look at the DSP_and_Output_Template_Developers_Guide for details.

The Access file should only be named “.access” under your Package/pub-folder.
Name the DSP what ever you want.

Content of the .access file seems to be correct so far.

Regards,
Holger