Disabling default security using @OAuthSecurity(enabled=false)

489 views Asked by At

The following link indicates that the security can be disabled using @OAuthSecurity(enabled=false) - see under "Security configuration of a JAX-RS resource"

Question:

  • Does it mean that the default security is disabled?

I have a scenario wherein a JavaScript Adapter (developed and being used in a previous version of the product) is auto-deployed on an upgraded server (from 6.1 to 7.0) - using in-place upgrade. This JS adapter had no security tests defined and as such was not protected.

Question:

  • When the adapter runs on 7.0 - does the out-of-the-box default security take effect? If so, how does one disable it?

Thanks, in anticipation.

1

There are 1 answers

1
Idan Adar On BEST ANSWER

Starting MFPF 7.0 there are two authentication models:

  • Classic: as you know it from pre-7.0 versions
  • OAuth-based

If your adapter is developed in the Classic way, it continues to work as before. If you want a procedure to have no security defined for it, not even the default internal one (when not setting a securityTest), use securityTest="wl_unprotected".

@OAuthSecurity(enabled=false) refers only to Java adapters whereas you are asking about an existing JavaScript adapter... or not?