How to disallow guest user to access custom web service?

Foren

Abhishek Jain, geändert vor 6 Jahren.

How to disallow guest user to access custom web service?

Regular Member Beiträge: 226 Beitrittsdatum: 20.08.16 Neueste Beiträge

I have made a custom web service and I want that the guest user could not access the service methods through api/jsonws. For that, I tried with the
@AccessControlled(guestAccessEnabled = false) annotation over the service method. But it didn't help as I am still able to access the service method. the second thing which I tried is making a new policy in the service access policy, kept enabled to "No", kept default to "No" and put desired class name in the service class and the method in the policy. But then too when I log out, I am able to access the service method. Please help, any help would be appreciated.

Abhishek Jain, geändert vor 6 Jahren.

RE: How to disallow guest user to access custom web service?

Regular Member Beiträge: 226 Beitrittsdatum: 20.08.16 Neueste Beiträge

Any idea ,anyone?

Stephen Kostas, geändert vor 6 Jahren.

RE: How to disallow guest user to access custom web service?

New Member Beiträge: 20 Beitrittsdatum: 02.11.09 Neueste Beiträge

Hey, I'm not 100% sure, but it may be related to needing to configure permissions for the method. So you would need to define a resource action, and then define permissions for that resource. The remote service will run the same check on resource permissions as a local service would. If you don't have your resources permissions defined and configured, this section of the Developing a Web Application might be useful for putting all of that together - https://dev.liferay.com/develop/tutorials/-/knowledge_base/7-0/using-resources-and-permissions