The security of a service can be either enabled or disabled.
When disabled, a service operation can be invoked without specifying
a user name and password. That is, when setting connection properties
that are required to invoke LiveCycle operations, you do
not need to specify a user name and corresponding password. (See
Setting connection properties
).
When the security of a service is enabled, the user who is invoking
a service operation must be authenticated and authorized to invoke
the service. Otherwise, the service container denies the invocation
request. (See
Disabling Service Security
.)
A service can originate from a process created by using Workbench.
By default, the way that each service (that is part of the process)
is invoked depends on whether the process is a short-lived process
or a long-lived process. For a short-lived process, the user’s context
is used to invoke each service that is part of the process (this
is known as the
execution context
). For a long-lived process,
a system context is used to invoke each service that is part of
the process. For information about long-lived and short-lived processes,
see
Understanding LiveCycle Processes
.
Using the LiveCycle Java API, you can specify the execution
context in which each service (that is part of a process) is invoked.
This execution context is used regardless of whether the process
is a long-lived process or a short-lived process. Three types of
execution context exists:
-
Run-As Invoker:
The context of the invoker is
used as the execution context for each service that is part of a
process.
-
Run-As System:
The system context is used as the execution
context for each service that is part of a process. This setting
is the current default setting for long-lived processes.
-
Run-As Named User:
A specific AEM forms user
is specified in the configuration. When invoked, all actions performed
by the process are performed as if by that user rather than by the
user that initially invoked the process.
LiveCycle checks the execution context for authorization
on a service operation before an invocation request proceeds. LiveCycle also checks the execution context of a service and changes
it to the execution context that is set before proceeding with an
invocation request.
LiveCycle performs the following tasks in response to
an invocation request:
-
Checks whether security is disabled for the service,
sets the execution context (if set), and lets the invocation request
proceed.
-
Checks whether the service operation has anonymous access
enabled (from the component.xml file).
-
Checks whether the execution context is authorized to invoke
the service.
If the execution context for a service is not set, the default
behavior is used. For a short-lived process, the identifier of the
user who invokes the process is used. For a long-lived process,
the system context is used.