I am using Webmethods4.6. I created bunch of dsp pages for tracking the messages. I want the users to be able to open the pages without login screen and passing the username and password as parameters with http request.
Any help in this regard is appreciated.
What is the real intention of bypassing the Login screens? If you hardcode it in your pages, is same as making those pages associated with anonymous ACL. Anybody who knows the URL can get access. To do anonymous way, associate all of your DSP pages with Anonymous ACL and service that it calls also.
If this violates your security model, then this is not the way to go. Take a closer look at the security.
You should secure the dsp’s with a .access file. Remember that the .access file only works for a given directory and does not work recursively. The administrator manual provides the overview for this.
You can set up the pages to accept a username and password, but it is not secure and would not pass any kind of security audit.
What you did not specify is if the access is granted behind a firewall and not open to public domain. You should take this into consideration. If it is open on the DMZ, then you need to crank down security and inconvenience your users to maintain security standards. If it is behind the firewall, then typically, the risk is much less.
Thanks for the quick response.
I added the .access file with Anonymous access to the folder that has the dsps. I also added Anonymous ACLs for the Services that are invoked by DSPs. I am still not able to bypass the login screen.
These DSPs does not have any firewall issues and is meant for internal users.
Did you reload the package containing the DSP pages? The ACLs are loaded during the loading of packages. After adding .access file you can either reload the package or restart the IS.
I reloaded the package and also restarted the Service but still not able to bypass the login screen.
I don’t know where I am doing wrong.
In the .access file I entered the value
and placed this file in the Package’s pub folder.
Is this the right way of doing this.
You need to specify each and every DSP filename and then put Anonymous in front of it. I don’t think * works.
Try that for few DSPs and if it works add all the pages. If you large no. of files, then I would do something like “dir > temp.access” and get all the filenames. Then copy paste it into your “.access” file with ACLs.
I also have the same requirement. I have a login page and I should bypass the login dialog box provided by wM. I have mentioned login.htm Anonymous in the .access file. But still it is asking for username and pwd. Jagadish can you tell me how did you solve that?
There is a similar thread on this topic that may help:
I’m experiencing an opposite problem in my IS 4.6. I created an .access in the WmRoot/pub specifying different ACLs:
I restarted IS but it doesn’t denies access for any user accessing adapters or users pages !
My ACL configuration is like:
AdminUser ACL allows GRPUserAdmin and denies GRPAdmin
AdminLocal ACL allows GRPAdmin and denies GRPUserAdmin
Users from GRPUserAdmin can see AdminLocal’s pages and vice-versa!
Did someone else seen something loke this ???
Fabio, did you get this solved? I think it is an interesting problem and one which we can all benefit from.
I am already thinking of how I can apply .access files to restrict access to certain packages’ pub/ directories for my testing team.
I am having one problem related to passing parameters with DSPs in wM6.0.1. I am invoking a service using the %invoke% tag and that service is returning me an XML string. Now when i try to pass this string to another service using:
<A href= “pathname?param=%value XMLstring%”>link</A> then this is not passing the XML string as a parameter rather it is pasting the value of the XML string at that place. What is the problem? Passing the parameters in the same way is possible if the parameter in place of an XML String is a normal string.
I’m new to webMethods but I would like to know if I can replace the username/passwrd authentication mechanism with my own. Is there a way I can put a plugin or something that will replace the current mechanism?
Basically you can play with index.dsp file stored in WMRoot standard package,but its not adviced to customize any wm standard mechanisms and is all at your own risk