Foren

  1. Startseite
  2. Development
  3. Liferay 6.2: Allow public access to one JSON API method

Liferay 6.2: Allow public access to one JSON API method

Gaurav Sharma, geändert vor 9 Jahren.

Liferay 6.2: Allow public access to one JSON API method

New Member Beiträge: 13 Beitrittsdatum: 23.02.15 Neueste Beiträge
I'm trying to provide public access to the URL 

http://localhost:8080/api/jsonws/journalarticle/get-article-by-url-title/group-id/10182/url-title/events


When I try accessing this URL without being logged in to Liferay, I get the following error:

{"exception":"Authenticated access required"}


I've tried setting the following in portal-ext.properties:

json.service.public.methods=*
jsonws.web.service.public.methods=*


I've also tried setting the values to get* with no luck. I need to access this API through an AngularJs application that is hosted on a different domain, so I also need to set up CORS access if possible.
thumbnail
Miroslav Ligas, geändert vor 9 Jahren.

RE: Liferay 6.2: Allow public access to one JSON API method

Regular Member Beiträge: 152 Beitrittsdatum: 29.07.14 Neueste Beiträge
Liferay by default does not allow unauthenticated access to the API. You should be able to switch it of probably by json.service.auth.token.enabled=false for development purpose only!. Never disable it in production or make sure you are going to secure the interface with other means.

You can also use Basic Authentication to access the interface.
e.g. https://test:test@localhost:8080/api/jsonws/journalarticle/get-article-by-url-title/group-id/10182/url-title/events
Gaurav Sharma, geändert vor 9 Jahren.

RE: Liferay 6.2: Allow public access to one JSON API method

New Member Beiträge: 13 Beitrittsdatum: 23.02.15 Neueste Beiträge
Thanks Miroslav but setting 
json.service.auth.token.enabled=false
fails to work. I still get the same exception i.e. 
{"exception":"Authenticated access required"}
.

I'm trying to call this API using AngularJs so I don't think basic auth is the way to go. My username password would be out in the open in plain text. What is the recommended way to authenticate is such a situation (i.e. single page apps) without asking a user to provide a username and password?

Also, any idea how I can set up CORS since my JS application is on a separate domain.
thumbnail
Miroslav Ligas, geändert vor 9 Jahren.

RE: Liferay 6.2: Allow public access to one JSON API method

Regular Member Beiträge: 152 Beitrittsdatum: 29.07.14 Neueste Beiträge
Unfortunately there is currently no other way then Basic Auth in Liferay out of the box.
You could create your on REST interface on top of Liferay services and deploy it on the server where you can implement a custom auth mechanism. Other possibility would be to create a interface that will generate you the Liferay auth token.

Concerning the CORS that may be a little bit difficult. Usually you would put a upstream server like Apache to proxy the request then you will get all calls on the same domain. There are other hack how to achieve the CORS but you would need to Google for them a little bit.
Angelos Varvitsiotis, geändert vor 8 Jahren.

RE: Liferay 6.2: Allow public access to one JSON API method

New Member Beiträge: 6 Beitrittsdatum: 26.07.11 Neueste Beiträge
I believe that you would also need to set this in portal-ext.propertis:

request.header.auth.hosts.allowed=localhost,SERVER_IP

Liferay (at least 6.2 that I checked) refuses basic authentication from hosts not in that list.

Please let me know if this helps.

Angelos
Account Removed, geändert vor 7 Jahren.

RE: Liferay 6.2: Allow public access to one JSON API method

New Member Beiträge: 9 Beitrittsdatum: 19.02.15 Neueste Beiträge
if the security matters are not critical, the one more option to try could be the one described here: https://web.liferay.com/community/forums/-/message_boards/view_message/16031513#_19_message_27934805