7

Can anyone please tell me how we can Restrict Access to Liferay api/jsonws page for normal users. api/jsonws page should be accessible only for admin users.

Do we have any option to do that in Liferay.

Can anyone please help me on this

Alex Man
  • 4,746
  • 17
  • 93
  • 178

2 Answers2

2

I guess this feature is not in Liferay 6.2 :( 

jsonws.web.service.api.discoverable=false

Reference : https://issues.liferay.com/browse/LPS-50668

Options which i am aware about you can do in 6.2

  1. ServletFilter Hook

Write your logic there //write specific pattern 

<servlet-filter>
      <servlet-filter-name>ServiceAccessPage</servlet-filter-name>
      <servlet-filter-impl>com.check.access.ServiceAccessPage</servlet-filter-impl>
       <init-param>
            <param-name>initparam</param-name>
             <param-value>Hi IP Address Filter</param-value>
              </init-param>
            </servlet-filter>
            <servlet-filter-mapping>
             <servlet-filter-name>ServiceAccessPage</servlet-filter-name>
                 <url-pattern>/api/jsonws</url-pattern>
                   <dispatcher>REQUEST</dispatcher>
                    <dispatcher>FORWARD</dispatcher>
            </servlet-filter-mapping>

inside ServiceAccessPage.java 

    public void doFilter(ServletRequest request, ServletResponse response,
        FilterChain chain) throws java.io.IOException, ServletException {
//get user & Redirect to session.setAttribute(WebKeys.LAST_PATH, redirectionFailPath);
         logger.info("DoFilter method being called");
       }
  1. Crete service action Pre Action.

[This will be called before every every action :(]

Get user from request, & Manage Landing page accordingly.

  1. Use EXT

write one property to turn off/on page & Override JSONWebServiceServlet

Parth Ghiya
  • 6,929
  • 2
  • 30
  • 37
2

you can custom auth.verifier for /api/jsonws/* by implementing AuthVerifier

and add these properties 

auth.verifier.YOURAUTHVERFIER.urls.includes=/api/jsonws/*

please refer to this sample project