B2B - Early login breaks OCC webservices

[nicolabeghin]

Describe the bug If BaseSite.requiresAuthentication (early login) is enabled,

the OCC webservices are broken and return UnknownResourceError - this happens for endpoints requiring authentication, even if authentication is provided (ref. Swagger below)

Tell us the version of Spartacus

• Library version: latest

Tell us the version of SAP Commerce Cloud

• 2211_02

To Reproduce Steps to reproduce the behavior:

1. Install recipe cx-for-spa
2. Enable early login for B2B site powertools-spa: BaseSite.requiresAuthentication=true
3. Access powertools-spa site
4. See error

Expected behavior B2B powertools-spa site should work when early login is enabled.

Desktop:

• OS: any
• Browser any
• Version any

Smartphone:

• Device: any
• OS: any
• Browser any
• Version any

Additional context OSS incident 139294 / 2023 has been raised

SAP note 0003254341 suggests to add annotation on top of standard to disable authentication or something similar (!!!) for this:

• Requires authentication must be disabled for {baseSiteId}, or
• annotation @SecurePortalUnauthenticatedAccess must be added to the endpoint: OOTB class de.hybris.platform.*webservices.something.controller.SomethingController from a *webservices extension must be overridden in order to configure its methods with SecurePortalUnauthenticatedAccess annotation

[nicolabeghin]

For anyone encountering this: with latest Commerce patches if BaseSite.requiresAuthentication=true OCC is not allowed anymore to be used by admin or Employee. B2BCustomer with b2bcustomergroup can.