Allow Unauthenticated or Guest Access to a Pega 7 Activity that Generates HTML Page

An Activity can be used in Pega 7 to process a HTML Rule using the Show-HTML method and to send the resulting page to a web browser.

Pega7.1.9 - Activity Processing HTML Rule using SHOW-HTML Method

For an example on how to create such an activity and HTML Rule, see the post:

  • The Activity is accessed through a URL such as the one shown below.
http://localhost:8080/prweb/PRServlet/?pyActivity=PGX-MyStore-Work.ViewHelloWorld
  • A login dialog appears and the user must provide valid Pega operator credentials to access the activity.

Pega7.1.9 - Access Activity Rule from Safari Web Browser via URL, Login Screen

  • After successful authentication, the Activiy is run and the HTML page is displayed in the browser:

Pega7.1.9 - Access Activity Rule from Safari Web Browser via URL, Hello World HTML Page

This post shows how a new RuleSet and Access Group can be used to provide access to the activity for unauthenticated or guest users. That is, there will be no login screen and the activity will be accessed as an unauthenticated guest user using the pega.BROWSER requestor type.

Summary

  1. Access Activity as Unauthenticated/Guest via URL with pzAuth Parameter
  2. Create a new Ruleset for Rules without Authentication
  3. Edit Access Group for Unauthenticated/Guest Users
  4. Save Rules into Ruleset for Unauthenticated Users
  5. Testing Access to the Activity Rule

Related Posts

  • To access the Activity as an unauthenticated guest user, the query string parameter pzAuth=guest is used, so that the URL is as shown below.
  • Ensure to send this request from a browser with no active Pega session (e.g. log out of Designer Studio).
http://localhost:8080/prweb/PRServlet/?pzAuth=guest&pyActivity=PGX-MyStore-Work.ViewHelloWorld
  • Without additional changes, the request will fail and Pega will return an error page, indicating that the request is Unauthenticated:

Pega7.1.9 - Activity Rule Access from Browser Error, Unauthenticated or not Available.

  • Requests from unauthenticated guest users will execute under the pega.BROWSER requestor type.
  • The Pega logs will indicate that the unauthenticated requestor does not have access to the specified activity rule.
Caused by: com.pega.pegarules.pub.generator.RuleNotFoundException: Failed to find a 
'RULE-OBJ-ACTIVITY' with the name 'VIEWHELLOWORLD' that applies to 'PGX-MyStore-Work'. 
There were 1 rules with this name in the rulebase, but none matched this request. 
The 1 rules named 'VIEWHELLOWORLD' defined in the rulebase are: 1 related to applies-to class 
'PGX-MyStore-Work', but were defined in rulesets which are not in your rulesetlist: 
'MyStore:01-01-01'.
  • The approach in this example is based on configuring a new RuleSet and using an access group for unauthenticated users to bypass Pega 7 login.

  • In Designer Studio, navigate to + > SysAdmin > RuleSet to create a new RuleSet.
  • Enter a name and version for the new rule set, here it is MyStoreUnauthenticated:01-01-01.

Pega7.1.9 - Designer Studio - Create new RuleSet Form

  • Click on Create and open.
  • Select Application Validation and set the Effective Start Date to today’s date or earlier.
  • Click on Save to continue.

Pega7.1.9 - Designer Studio - Edit RuleSet - Versions Tab

Add new Ruleset to Application Production Rulesets

  • Open your current application, here it is called MyStore.
  • On the Definition tab, expand the Advanced section and add the new RuleSet, here MyStoreUnauthenticated:01-01, to the list of Production RuleSets.

Pega7.1.9 - Designer Studio - Edit Application - Add Production Ruleset

  • Click on Save and continue.

  • Use the Records Explorer to view instances of Access Group.
  • Filter the list using your application name, here MyStore.

Pega7.1.9 - Designer Studio - Records Explorer - View Instances of Access Group

  • Pega 7 may have automatically created an access group ending in :Unauthenticated when creating the application.
  • If not, create a new access group using the +Create button.
  • Click on the row of that instance, here MyStore:Unauthenticated to edit the access group.

Pega7.1.9 - Designer Studio - Edit Access Group - Definition Tab

Pega7.1.9 - Designer Studio - Edit Access Group - Advanced Tab - Add Production RuleSet

Update the Requestor Type "pega.BROWSER"

  • Use the Records Explorer to view instances of SysAdmin > Requestor Type.

Pega7.1.9 Designer Studio - Records Explorer, View Requestor Types

  • Open the pega.BROWSER requestor type by clicking on the instance row.
  • This requestor type is configured to only have access as per access group PRPC:Unauthenticated.

Pega7.1.9 Designer Studio - Edit Requestor Type, Change Access Group

  • Edit the requestor type and set the access group to the one created earlier, here MyStore:Unauthenticated.

  • Open the current access group for authors of the application. Here it is MyStore:Authors
  • Add the RuleSet for unauthenticated access (see section 2…) to the list of production RuleSets.

Pega7.1.9 Designer Studio - Edit Access Group - Advanced Tab - Add Production Ruleset

  • Save the changes and logout of the Designer Studio and then login again.
  • Open the Activity rule, here named ViewHelloWorld and click on Save As.

Pega7.1.9 Designer Studio - Activity Save As - Unauthenticated RuleSet

  • Select Production Rulesets for Context, the appropriate Apply to class and the previously created RuleSet for unauthenticated users, here Unauthenticated:01-01-01.

Pega7.1.9 Designer Studio - Activity Save As - Production Ruleset Unauthenticated RuleSet

  • Click on Create and open to continue and then on Check in to commit the changes.
  • Repeat the steps for the HTML Rule used in the Show-HTML step, here HelloWorldHTML.
  • Modify the HTML Rule as needed to customize it for unauthenticated guest users.

Pega7.1.9 Designer Studio - Edit HTML Rule - HelloWorldHTML

  • Save and Check in the changes.
  • Remove the ruleset for unauthenticated users from the list of production rulesets for the access group that is used to login when accessing the activity (…or create a new access group).

Pega7.1.9 Designer Studio - Edit HTML Rule - HelloWorldHTML

  • In a new browser session, access the activity as an unauthenticated user with pzAuth=guest:
http://localhost:8080/prweb/PRServlet/?pzAuth=guest&pyActivity=PGX-MyStore-Work.ViewHelloWorld

Pega7.1.9 Designer Studio - Access Activity as Unauthenticated Gues User from Browser

  • In a new browser session, access the activity as an authenticated guest user without the pzAuth parameter:
http://localhost:8080/prweb/PRServlet/?pyActivity=PGX-MyStore-Work.ViewHelloWorld
  • A login screen will appear. Enter the credentials of a Pega 7 operator ID that does not have access to the ruleset for unauthenticated users.

Pega7.1.9 Designer Studio - Access Activity as Authenticated User from Browser - Login Screen

  • The HTML Rule rule for authenticated users is applied and the page is rendered as shown below.

Pega7.1.9 Designer Studio - Access Activity as Authenticated from Browser

Using a Pega 7 Activity to Show HTML Page and Access the Activity from Web Browser

An Activity can be used in Pega 7 to process a HTML Rule and send the resulting content to a web browser. This is known in Pega as stream processing. The Activity is accessed with a HTTP request using a URL.

Summary

  1. Create new HTML Rule
  2. Create an Activity to Process HTML Rule using Show-HTML Method
  3. Access the Activity from a Web Browser

Related Posts

  • In the Pega 7 Designer Studio, click on +Create > Technical > HTML to create a new HTML Rule.

Pega7.1.9 Designer Studio Menu - Create HTML Rule

  • Enter a label for the new HTML Rule, select the context, apply to class and ruleset version.
  • Here, the name of the new rule is HelloWorldHTML. Then click on Create and open.

Pega7.1.9 Designer Studio - Create New HTML Rule

  • On the HTML tab of the HTML Rule, select "HTML" in the Generate for drop down.
  • Here, Browser Support is set to "All Supported Browsers" and Accessibility remains "No".
<html>
  <body>
    <span>Hello World!</span>
  </body>
</html>
  • Enter HTML code into the source text box, e.g. the above code shows a Hello World! message.

Pega7.1.9 Designer Studio - Edit HTML Rule, add Hello World in HTML source text box

  • Click on Save to save the changes to the HTML Rule.

  • In the Pega 7 Designer Studio, click on +Create > Technical > Activity to create a new Activity Rule.

Pega7.1.9 Designer Studio Menu - Create Activity Rule

  • Enter a label for the new Activity Rule, select the context, apply to class and ruleset version.
  • Here, the name of the new rule is ViewHelloWorld. Then click on Create and open.

Pega7.1.9 Designer Studio - Create New Activity Rule

  • On the Pages & Classes tab of the Activity rule, add a reference to the class that contains the HTML Rule. Here, that class is PGX-MyStore-Work.

Pega7.1.9 Designer Studio - Edit Activity Rule, Pages and Classes Tab

  • On the Steps tab of the Activity rule, add two steps as shown below.
  • The first step uses Page-New to create a new clipboard page of the class that contains the HTML Rule.
  • The second step uses Show-HTML and references HelloWorldHTML in the HTMLStream parameter.

Pega7.1.9 Designer Studio - Edit Activity Rule, Steps Tab

  • Check the option "Allow direct invocation from the client or a service" on the Security tab of the Activity rule.
  • The option "Require authentication to run" is left unchecked.
  • Leave the Usage dropdown unchanged so that it is set to "Activity".

Pega7.1.9 Designer Studio - Edit Activity Rule, Security Tab

  • Click on Save to save the changes.
  • The activity can now be run by clicking on Actions > Run.
  • On the pop-up Run Activity window, click on Run to execute the activity.

Pega7.1.9 Designer Studio - Run Activity Rule

  • The HTML page, generated by the activity, is shown in a new window:

Pega7.1.9 Designer Studio - Run Activity Rule, Output

  • In Google Chrome, right-click on the page and select View Page Source.

Pega7.1.9 Designer Studio - Run Activity Rule, Output, View Page Source

  • Here, the HTML code is not modified and retains all white spaces and line breaks.
  • The option "Omit extra spaces?" on the HTML Rule form can be used to remove white spaces and line breaks to reduce the size of the generated HTML code.

Pega7.1.9 Designer Studio - Edit HTML Rule, Omit Extra White Spaces

  • The HTML code is now reduced to one line and consecutive white spaces are replaced with a single white space.

Pega7.1.9 - Run Activity Rule, Omit Extra White Spaces

  • The activity can be accessed from an external browser or other HTTP client via a URL.
  • The target activity is referenced in the pyActivity query string parameter using the class- and activity name, here PGX-MyStore-Work.ViewHelloWorld, so that the URL in this example is:
http://localhost:8080/prweb/PRServlet/?pyActivity=PGX-MyStore-Work.ViewHelloWorld
  • If the activity is accessed from the same browser that is used to work in the Designer Studio, the current user’s session will be used to invoke the activity:

Pega7.1.9 - Access Activity Rule from Chrome Web Browser via URL

  • If the activity is accessed from a different browser, where no active session is present, a login screen will be shown:

Pega7.1.9 - Access Activity Rule from Safari Web Browser via URL, Login Screen

  • Use valid Pega operator credentials for authentication when calling the activity (…even when the option "Require authentication to run" is NOT checked, authentication to Pega is needed).

Pega7.1.9 - Access Activity Rule from Safari Web Browser via URL, Active Session

Allow Direct Invocation from the Client or a Service

  • If the option "Allow direct invocation from the client or a service" is NOT checked on the Security tab of the activity:

Pega7.1.9 Designer Studio - Activity Security, Allow direct invocation from the client or a service

  • It is not accessible by an external client and Pega will send an error page:

Pega7.1.9 - Access Activity Rule from Safari Web Browser via URL, Error Page

  • The Pega logs will show a more descriptive error message:
2017-10-31 14:06:35,741 [http-nio-8080-exec-2] [  STANDARD] [          ] [    MyStore:01.01.01]
(internal.mgmt.Executable) ERROR localhost|0:0:0:0:0:0:0:1 [email protected] - 
This activity may not be called directly from input: 
RULE-OBJ-ACTIVITY PGX-MYSTORE-WORK VIEWHELLOWORLD #20171030T210946.682 GMT

Require Authentication to Run Activity

  • If the option "Require authentication to run" is NOT checked, Guest users can run the activity (…if they meet other security and access criteria) using the URL parameter pzAuth:
http://localhost:8080/prweb/PRServlet/?pzAuth=guest&pyActivity=PGX-MyStore-Work.ViewHelloWorld
  • By default, guest users –unauthenticated requestors– can only access rules in the rulesets provided by the access group PRPC:Unauthenticated.
  • This activity is not included in that ruleset and therefore an error page is shown for guest users and an error appears in the Pega 7 logs::
2017-10-31 14:07:04,171 [http-nio-8080-exec-4] [  STANDARD] [          ] [    MyStore:01.01.01] 
(internal.mgmt.Executable) ERROR localhost|0:0:0:0:0:0:0:1 [email protected] - 
This activity may not be called directly from input:
RULE-OBJ-ACTIVITY PGX-MYSTORE-WORK VIEWHELLOWORLD #20171030T210946.682 GMT 
com.pega.pegarules.pub.PRRuntimeException: 
Error: You lack access required to execute PGX-MyStore-Work.ViewHelloWorld
  • For details on how to make the activity accessible to guest users and how to setup different HTML rules for authenticated users and guest users, see the post: