2 Replies Latest reply on Nov 9, 2010 10:29 AM by Kurt Stam

    GuestCredentials, is this a good use case for them?

    Kurt Stam Master

      Hi guys,

       

      I have some background interaction from my WebApp to MS. I'm using the user 'admin' for this at the moment and I have been reading: chapter 9. Would it make sense to use the GuestCredentials for this sort of background user stuff? I mean this user is unrelated to the user that logs into my app, and I don't really want to store a password for this user in my app.

       

      Thx,

       

      --Kurt

        • 1. Re: GuestCredentials, is this a good use case for them?
          Brian Carothers Apprentice

          Depending on your security needs, that might work.

           

          As long as you don't add the "connect" role to your anonymous access credentials, then remote users still wouldn't be able to get REST or WebDAV access to your server.  However, any other application running on the same app server that could access your repository (e.g., through JNDI) _could_ take advantage of that anonymous access.

          • 2. Re: GuestCredentials, is this a good use case for them?
            Kurt Stam Master

            Thx Brian,

             

            Actually I know the code paths for these 'background' users. So when I go to create a jcr session I can use GuestCredentials for them only. So if you try to connect any other way you would never get there, and you sure would need a valid username/pw. I just want to make sure I'm not relying on 'demo-code' here (as the docs suggest), and that every JCR implementation will honor this behavior.

             

            --Kurt