英文:
Issue with Anonymous access and 'Authorization' header on HCL Domino 12
问题
这是您要翻译的内容:
有一个具有匿名访问权限的数据库 "Editor"。匿名用户可以通过 "Authorization" 头访问其中一个 XPages REST API。请求头中将包含如下所示的 JWT 令牌。
我在服务器端读取此令牌并进行处理。最近,我们将服务器从 Domino 10 版本升级到 Domino 12.0.1 版本。当我们使用 "Authorization" 头时,此 API 不起作用,并显示登录屏幕。匿名访问对此页面不起作用。如果我们从请求中删除 "Authorization" 头,则匿名访问起作用。
我已经检查了 Domino 的配置,但无法找出为什么会出现登录屏幕。某些设置正在检查 "Authorization" 头并要求登录,尽管匿名访问是 "Editor"。
我希望能够在没有登录屏幕的情况下访问此 REST API,并且应该接受 "Authorization"。
英文:
There is a database which has anonymous access "Editor". Anonymous users can access one of the XPages REST API with "Authorization" header. This will have JWT token in the request header as mentioned below.
I read this Token on the server side and process.
Recently we have upgraded our servers to Domino 12.0.1 from Domino 10 version. This API is not working and giving the login screen when we have "Authorization" Header. The anonymous access is not working for this page. If we remove the "Authorization" header from request, then anonymous access works.
I have checked the Domino configuration and not able to figure out why login screen coming. Some setting is checking the "Authorization" header and asking for login even though the anonymous access is "Editor".
I want to access this REST Api without login screen and should accept the "Authorization".
答案1
得分: 4
Domino 12支持使用OIDC提供程序进行JTW身份验证。
这意味着Domino 12的HTTP堆栈会本地处理授权头,因此您(遗憾地)无法在自定义代码中访问授权头。
我建议您支持这个想法:https://domino-ideas.hcltechsw.com/ideas/DOMINO-I-2405。
英文:
Domino 12 has native support for JTW authentication using an OIDC provider.
This means that the Authorization header is natively handled by the Domino 12 HTTP stack so that you (unfortunately) can not access the Authorization header in your custom code.
I suggest that you vote for this idea: https://domino-ideas.hcltechsw.com/ideas/DOMINO-I-2405.
通过集体智慧和协作来改善编程学习和解决问题的方式。致力于成为全球开发者共同参与的知识库,让每个人都能够通过互相帮助和分享经验来进步。
评论