禁用REST安全性和身份验证-Websphere Commerce

Question

I want to access Subscription's REST,

For instance ;

/store/{storeId}/subscription?q=byBuyerIdAndSubscriptionType

Ref: https://www-01.ibm.com/support/knowledgecenter/SSZLC2_7.0.0/com.ibm.commerce.starterstores.doc/code/rsm_subscription_fep8.htm?lang=en

but if I explicitly pass member_id of the buyer of subscription to the REST call on some other user's login, it gives me authentication error and doesn't return anything.

User 2581 does not have the authority to perform action "Display" on resource "com.ibm.commerce.subscription.facade.server.authorization.SubscriptionTypeProtectableProxy" for command "Display".

What should I do to byPass this authentication and get desired data?

Answer 1

You could try giving this line in your wc-rest-security.xml file.

<partialAuthentication resource="store/{storeId}/" method="GET" enabled="false"/>

You could also be specific and mention

store/{storeId}/subscription

instead of

store/{storeId}/

I haven't verified the above line, but I am pretty sure the solution to your issue lies in configuring the wc-rest-security.xml file. Link to the IBM Documentation on this : https://www-01.ibm.com/support/knowledgecenter/SSZLC2_8.0.0/com.ibm.commerce.webservices.doc/tasks/twvrestpartialauth.htm

Answer 2

You shouldn't. For obvious reasons.

You should not allow access to other users' subscription data. If what you're trying to accomplish is to allow specific users access to other users' data (eg a CSR), then you need to solve this through access control policies and appropriate user roles.