I was working with Jeff Potts' book "Alfresco Developer Guide" and found that one of the WebScript examples needed to be updated for 4.0.
When accessing an MVC-style WebScript in 4.0, you need to specify the <authentication> element in the WebScript descriptor. There is a sample WebScript in the "Adding Controller Logic" of Jeff Potts' book "Alfresco Developer Guide" that uses a controller component -- helloworld.get.js -- to set a variable, model.foo. The descriptor provided will return the following error in the browser and Tomcat logs with a stack trace.
A valid SecureContext was not provided in the RequestContext
This is despite being logged in as admin. The descriptor provided in the book defines only shortname, description, and url.
Adjusting the descriptor to include an <authentication> element fixed this.
<webscript>
<shortname>Hello World</shortname>
<description>Hello world web script</description>
<url>/helloworld?name={nameArgument}</url>
<authentication>user</authentication>
</webscript>
Note that the first example in the chapter, "Step-by-Step: Hello World Web Script", works without the <authentication> element. Based on some trial-and-error, it looks like WebScripts that involve a controller component (separate JavaScript file) will need this element present. Otherwise, the misleading security exception will result.
thanks this tip was useful. it worked as you said, tho its missing in official alfresco docs
ReplyDelete