REST webservices require a SAP entry that allows access to the JAX-RS
resource implementation class (and methods). If you
leave the SAP entry as default=false, then it will only apply to
authenticated users.
A good way to find out exactly which class (and method) to add tot he
SAP entry is to set the following portal property:
access.control.sanitize.security.exception=false
Then just make a request to the service and it will reveal it. p.s.
We do not recommend setting this for production environments, hence it
is "true" by default.
If you would like finer access control then portal can dynamically
apply such SAP entries based on granted OAuth 2 scopes. For that you
need to give the SAP entry's name a prefix of "OAUTH2_".
Such SAP entries will appear on the "Scopes" tab when adding
OAuth 2 applications. Meaning that in order for a service equest to be
successful, it has to come with an access token which is granted that scope.
I hope that answers your questions, but please let me know if not.
Best regards,
Stian
