Alfresco webscripts is one of the powerful tools for integrating alfresco repository with other systems (portal, CMS or web applications).
Now whenever we are integrating two different systems we always come across security concerns. Because on one side where we need to expose repository to other system, on the other side we also need to make sure those set of webscripts are secure enough to be protected from unauthorized access.
We can define different levels of security on alfresco webscript description file.
- Guest Access
Alfresco webscript access is available to any alfresco user with minimal guest user access.
To define Guest access we need to specify following tag within description file. Normally we require this in intranet sites where back-end contents are managed by alfresco.
< Authentication> guest</Authentication>
- Admin Access
If we want to give webscript access to only those users who have admin credential (part of alfresco administrator group). We need to specify following line in webscript descriptor file. Normally this is the case when we want alfresco contents to be very secure and there is only single point of interaction between alfresco and external application
< Authentication> admin</Authentication>
- No Authorization required
If we want to make webscript public accessible to everyone, which is normally require incase of public sites. We need to specify following line in webscript descriptor file.
< Authentication> none</Authentication>
Summary: This knowledge is very essential in case you are integrating alfresco using webscript. I will explain different ways of consuming alfresco webscripts in upcoming posts.