Hi Guys,
I’am using Integration Server 10.11 and update fix using core fix 6 version, and then create rest API using Rest Resource V2, and set acl execution to Anonymous, because i want handle authorization in service level, because i want to add payload response to any response status (200, 401, etc)
When tested API with blank authorization, can hit until service level, and got response from service level
but when filled authorization with wrong username & password, the response is like validation client authorization from Integration Server and not hit service level.
Thanks for reply,
i’am following your step, and it succeed without credential, but with wrong credential, the IS responsed 401[ISS.0084.9001] Invalid credentials, can’t the IS passed the wrong credential and validate within Flow Service?
Integration Server should not allow bad credentials. When credentials are sent, they will be first be authenticated, before checking the ACL of the service, this behavior seems correct.
You would have to bypass the Authorization header to do this i.e.
Pass the token or whatever via an alternative header attribute e.g. access-key
You will need to make the service anonymous and then use the service pub.flow:getTransportInfo to get hold of the headers.
As Nagendra indicated, be careful as you are bypassing the built-in security and will need to make sure that your code is water tight. What is your use case for doing this programatically ? it might be possible to combine both.
regards,
John.
