DSP invoke of a WmRoot service

I am trying to display the time a package was published using a DSP page. This DSP page is being called form a web page on a seperate server, and the users who would access this information would not have a wM server account. Here is what I do…

-Created a service that calls wmRoot.server.packageInfo and WmRoot.server.packageList.
-Output of this service is name value pairs (package/time)
-DSP page invokes this service and displays the output
-Both the service AND the dsp page were set to anynomous
-If the dsp page is NOT set to anynomous, then I get the wM server admin popup box (and see correct results in the dsp).

How can I make this service and dsp completely anynomous so any user can access this? I have tried just about everything…any help would be great…

I’m not sure how you went about setting your DSP page to anonymous, but normally, this is done not by the developer tool (like the service) but through a .access file in the location of the DSP page. The format of the .access file is:

pagename.dsp ACL-group


index.dsp Everybody

should allow everybody to access the page. Make sure you reload your package for the .access file to get reloaded after you edit it. Also, you can’t specify paths to the files, instead, you have to have a .access file in the same directory as the file you are trying to assign the rights to.

Yes…I set the .access file for the dsp.

One thing related to ACL, .access file only create ACL binding to dsp pages. If you are invoking some service within your dsp page with the %invoke% tag, then you have to create the anonymous access to that service also. Otherwise, it will ask for a login prompt, no matter you have .access file.


Yes, the service I am calling is also set to Anonymous. But the services within that service being called are accessing server level information (see original post). Access to wM root services can not be changed. So let me outline the problem again…

Created a DSP page, set the access to anonymous. Within the DSP page, I am invoking service “MyPackage:myService”. That serivce is calling wmRoot.server.packageInfo and WmRoot.server.packageList to get name/value pairs of package/published time.

If I run the service in the developer, the output is displayed correctly (in the results window). If I set the DSP back to Administrators, I am prompted for a u/p and enter it, the output is displayed correctly in the DSP page. If I put hard coded data at the end of the flow, I can see it in my DSP page.

There has to be a problem with making server information visable to the public domain that I am not aware of. I can run ‘sizeOfList’ on the package list and display that as output on my dsp page, just not the data itself.

Another interesting finding…

I call WmRoot.wm.server.admin:getServerHost to get the server name. When I put that value in my dsp, I see the output (serverHost). However, I still can not view the package information from packageInfo

Are you still getting the login prompt when you access the dsp page, as you have said that you are accessing the root information and can’t set ACL there.
I think, as u said, you can not view the package information from packageInfo, must be because root level information cannot be displayed as anonymous.

Let me know if you find more information regarding the issue.

If my service is set to anonymous, and the dsp is set to anonymous, then there is no login prompt and the information is not displayed. If I remove the .access file from the dsp, then I will get a login prompt and the information is displayed on the dsp (after login).

I call the wmRoot service to get the server name, and this information can be displayed on the dsp in either scenario above. I can also do a sizeOfList and count the number of packages and return it to the dsp in both scenarios.

Its very strange…but would love to add this functionality to see what package versions (uspublished date) were added to each individual server.

I got the same problem, but I am not accessing the root service, instead I am invoking a custom build service. But, the same problem occurs (getting login prompt).
I saw one strange thing. If by setting anonymous access in .access file and also setting anonymouys access to the service, I still got the login prompt (It should not). Now, if I cancel 2 or 3 times the login prompt button, partial dsp page displays with no images and even some fields are missing too.

Did u try to cancel the login prompt and see what happens.

I found a solution…I called the wmRoot service
wm.server.access:setDefaultAccess at the beginning of my service and set the access to “Allow”.

I know this is not the best solution since I am using two wM root services, but whatever works at this point I guess.

uh…don’t use that service…it set the global access, not the service access. So basically anyone could log on to the server admin screen.

But you see what I am trying to do…log on to the server AFTER the dsp (within the service) in order to disguise the process.

I think it would be much better if you created wrapper Flow services that did the invoke of the internal wm.server services. You can then specifically control the ACLs on your services without directly opening up the internal services.

This would also give you single points of exposure should the internal services change.

To call a service from outside of IS (wheer outside can mean from a browser URL, a DSP, a Java client, SOAP, etc):

  1. The caller needs the appropriate ACL.
  2. The service must be callable via the listener that you are calling in on. For instance HTTP listeners have a AccessManager, which limits external access to a specific list of services.
  3. In the case of HTTP there is an addition PortManager, which will limit the IP and/or HOST(s) that can be clients.


I think I see what you mean with the wrapper…I will create a service which calls only the packageList service, and another than calls just the packageInfo service. Then have my original service call these ‘wrapped’ services instead. Ill try it out and see what happens…as soon as I fix all the ACL lists from the previous mistake (see service I called above…its called by an administrator dsp page that doesn’t even exist in wM 6…now I see why).

Unfortunately, the wrapper services did not work either…thanks.

Sorry if I am getting confused as to how far you have gotten.

In your DSP make add some onerror sections in the %invoke% sections like so:

    %invoke myFolder:myService% 
  Service %value serviceName% published as '%value encode(xml) registryKey%'</td> 
      <td>%value encode(xml) errorMessage%</td> 

There are a few more keys that include the stackTrace that should be returned if there is an error. You can display those in your DSP to help debugging.

This will verify the DSP is calling the service(s) successfully.

Since you have the .access set correctly and the DSP seems to be running. Also the services (wrappers and straight on) can be run from Developer.

Then try invoking the services directly from a Browser.

This will verify the ACLs and such are good for outside access.


I typed the output as you had listed and got the results “Service published as . .” Basically nothing happened. I can not display the information from a browser window (straight invoke) or from the DSP. Any other information, just not package information.

All the services are set to anonymous, so is the DSP page:
Wrapper service that calls wm.server.packageInfo = Anonymous
Wrapper service that calls wm.server.packageList = Anonymous
Service that is invoked by the DSP page = Anyonmous
.access file located in the pub directory of the DSP page =
pkginfo.dsp Anonymous

  • Anonymous

I can get essentially every piece of information from the server outside of package information. I can display a count of the packages, the server that they reside on, basically everything. However, no matter how many ways I try to do a “pass-through” i am unable to display a simple table of package name/package time unless I break the server and remove log-in information, or I log in as an administrator.

I recently started trying to use the setResponse service, and actually could display the package name if I put it in the response string. But I wasn’t able to create a template within the response string in order to retreive multiple name/value pairs.

I encourage you to set up a simple service using the wmroot serivices wm.server.packages.packageInfo and packageList and try to display it in a simple table with an output template. Make sure you completely log out of the server when testing since the information is sometimes cashed.


It shows how to format the username and password when passing the information:

Well…that doesnt work either. I tried it with both the dsp page, and with the service invoke and neither gave me the information from the server that I need.

I have my DSP as anonymous. The DSP has only the following information:

<META HTTP-EQUIV=Refresh CONTENT=“0; URL=http://user:password@server:port/invoke/package:service”>

I tried setting the access of the service to ‘Default’ or ‘Administrator’, to request the u/p from the url and that just prompts me with the login window. Obviously, if I enter the login information the page diaplays correctly.

Use the url, http://Username:Password@hostname:port/yourPackage/yourDsp. No need to use the meta tag in your dsp page.

and it will not ask you for username/password and show you the required details. I checked that at my end and it worked.