Geek Answers Handbook

Liferay api / jsonws page should be accessible only to admin users

Can someone tell me how we can restrict access to the Liferay api / jsonws page to regular users. The api / jsonws page should be accessible only to admin users.

Do we have the opportunity to do this in Liferay.

Can anyone help me on this

+7
java rest web-services liferay-6
source share
2 answers

I assume this function is not in Liferay 6.2 :(

jsonws.web.service.api.discoverable=false

Link: https://issues.liferay.com/browse/LPS-50668

The parameters that I know about you can be made in 6.2

  • ServletFilter Hook

Write your logic there // write a specific template

 <servlet-filter> <servlet-filter-name>ServiceAccessPage</servlet-filter-name> <servlet-filter-impl>com.check.access.ServiceAccessPage</servlet-filter-impl> <init-param> <param-name>initparam</param-name> <param-value>Hi IP Address Filter</param-value> </init-param> </servlet-filter> <servlet-filter-mapping> <servlet-filter-name>ServiceAccessPage</servlet-filter-name> <url-pattern>/api/jsonws</url-pattern> <dispatcher>REQUEST</dispatcher> <dispatcher>FORWARD</dispatcher> </servlet-filter-mapping>

inside ServiceAccessPage.java

  public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws java.io.IOException, ServletException { //get user & Redirect to session.setAttribute(WebKeys.LAST_PATH, redirectionFailPath); logger.info("DoFilter method being called"); }
  1. Crete Pre Action service action.

[This will be called before each action: (]

Get the user from the request and create the Landing page accordingly.

  1. Use EXT

write one property to disable / per page and override JSONWebServiceServlet

+2
source share

you can configure auth.verifier for / api / jsonws / * by running AuthVerifier

and add these properties

 auth.verifier.YOURAUTHVERFIER.urls.includes=/api/jsonws/*

refer to this sample project

+2
source share

More articles:


All Articles