This issue may still be exist, but we've chosen not to pursue a solution with ofbiz.
Thanks. -Preston On Wed, Jan 7, 2015 at 2:38 PM, Jacques Le Roux [via OFBiz] < [email protected]> wrote: > Are you still interested and is this still true now? > > Jacques > > Le 21/10/2014 02:47, pprice a écrit : > > > We've been playing with the Practice application that can be downloaded > from > > here > > < > https://cwiki.apache.org/confluence/display/OFBIZ/OFBiz+Tutorial+-+A+Beginners+Development+Guide> > > > and we noticed that if you perform the request to create a user from > > non-authenticated client, the Person record is still created. > > > > The relevant entry from the controller.xml looks like: > > > > > > The check is honored in that the request returns the HTML for the login > > page, but the createPracticePerson service is still invoked and the > Person > > record is created. I am still new to ofbiz, but this is not what I would > > expect to happen, please help me understand what incorrect assumptions I > am > > making and how to secure an AJAX request like this. > > > > Thanks! > > > > > > > > -- > > View this message in context: > http://ofbiz.135035.n4.nabble.com/AJAX-is-unsecure-auth-true-not-honored-on-controller-tp4657131.html > > Sent from the OFBiz - User mailing list archive at Nabble.com. > > > > > ------------------------------ > If you reply to this email, your message will be added to the discussion > below: > > http://ofbiz.135035.n4.nabble.com/AJAX-is-unsecure-auth-true-not-honored-on-controller-tp4657131p4660963.html > To unsubscribe from AJAX is unsecure. auth="true" not honored on > controller., click here > <http://ofbiz.135035.n4.nabble.com/template/NamlServlet.jtp?macro=unsubscribe_by_code&node=4657131&code=cHByaWNlQGNodXJjaGZvcmdlLmNvbXw0NjU3MTMxfDExODg5NDM5ODQ=> > . > NAML > <http://ofbiz.135035.n4.nabble.com/template/NamlServlet.jtp?macro=macro_viewer&id=instant_html%21nabble%3Aemail.naml&base=nabble.naml.namespaces.BasicNamespace-nabble.view.web.template.NabbleNamespace-nabble.view.web.template.NodeNamespace&breadcrumbs=notify_subscribers%21nabble%3Aemail.naml-instant_emails%21nabble%3Aemail.naml-send_instant_email%21nabble%3Aemail.naml> > -- Preston M. Price KidCheck www.kidcheck.com Facebook <https://www.facebook.com/pages/KidCheck-Secure-Check-in-for-Childcare-Professionals/69377190574> / Twitter <https://twitter.com/KidCheck> -- This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify KidCheck at [email protected]. Please note that any views or opinions presented in this email are solely those of the author and do not necessarily represent those of KidCheck. E-mail transmission cannot be guaranteed to be secure or error-free as information could be intercepted, corrupted, lost, destroyed, arrive late or incomplete. Finally, the recipient should check this email and any attachments for the presence of viruses. KidCheck accepts no liability for any damage caused by any virus transmitted by this email. -- View this message in context: http://ofbiz.135035.n4.nabble.com/AJAX-is-unsecure-auth-true-not-honored-on-controller-tp4657131p4661014.html Sent from the OFBiz - User mailing list archive at Nabble.com.
