How to create an authentication free aikau webscript in Share

Question

I have the need to create a page in the Alfresco Share context that should be accessible without authentication. When using the page framework it seems pretty straight forward since you can add <authentication>none</authentication> to the page definition.

When using aikau the page definitions is gone and I'm left with the get.desc.xml-webscript file which does to my knowledge does not support the authentication element. Anyone having an idea?

Answer 1

It looks like you are accessing your webscript through the auth-page url:

http://<ip>:<port>/<context>/page/ap/ws/<webscript>

Please note that ap in the URL stands for the authenticated page defined under the directory:

/<project-name>/src/main/webapp/WEB-INF/surf-config/pages/auth-page.xml

This section :

   <config evaluator="string-compare" condition="UriTemplate">
        <uri-templates>
           <uri-template id="remote-node-page">/{pageid}/p/{pagename}/{store_type}/{store_id}/{id}</uri-template>
           <uri-template id="remote-site-page">/site/{site}/{pageid}/p/{pagename}</uri-template>
           <uri-template id="remote-page">/{pageid}/p/{pagename}</uri-template>
           <uri-template id="sitepage">/site/{site}/{pageid}/ws/{webscript}</uri-template>
           <uri-template id="userpage">/user/{userid}/{pageid}/ws/{webscript}</uri-template>
           <uri-template id="page">/{pageid}/ws/{webscript}</uri-template> <!-- this template matches your URI which means the resolution of which page/webscript would be accessed will rely fully on it -->
        </uri-templates>
   </config>

of your

   /<project-name>/src/main/webapp/WEB-INF/surf.xml

Defines page/webscript resolution policy based on URI-templates. For further infos on how to set/exploit page uri templates please visit this tutorial

The auth-page has authentication set USER as shown here which would result in asking for authentication before even trying to resolve the webscript

So if you want to access some aikau page in un-authenticated mode (as a guest user) you should be using the noauth-page like this:

http://<ip>:<port>/<context>/page/na/ws/<webscript>

FYI: You do not have to set your webscript authentication at all as it defaults to none when the authentication tag is not present

Answer 2

It's worth being aware that you can create your own template pages for Aikau. You aren't limited to the pages that are defined in either Share or clients created via the Aikau Maven Archetype (see https://github.com/Alfresco/Aikau/blob/master/tutorial/chapters/Tutorial1.md).

In Share for example you have 4 templates available out-of-the-box:

• dp (Dynamic Page - what you should use in most cases)
• hdp (Hybrid Dynamic Page - where the header and footer and rendered above and below the page)
• rp (Remote Page - accesses a page stored on the Alfresco Repository)
• hrp (Hybrid Remote Page) - accesses a remote page stored on the Alfresco Repository and renders it between the standard header and footer.

In clients created by the Aikau Maven Archetype you have: - na (Not Authenticated) - renders a page but doesn't require a user to be authenticated - ap (Aikau Page) - renders a page for authenticated users.

Aikau pages make use of URI templates to reduce the amount of Surf objects that are required to build a page - however you always have the option of building your own pages.

See the examples in the archetype project for reference, the no-authentication page is defined here

Both this page and the standard authenticated page both re-use the standard template type which ultimately maps to the standard page FreeMarker template

However, if you want to build your own pages and templates you can - you're not limited to using what is provided by default.