Foros de discusión
Access to API's without p_auth
Peter Helgren, modificado hace 6 años.
Access to API's without p_auth
Regular Member Mensajes: 124 Fecha de incorporación: 14/11/13 Mensajes recientes
Before proceeding: Yes, I know that the p_auth token is a CSRF protection mechanism. I am thankful it is there! But I have several API's that I access without the need for authentication. These are a few "marketing" portlets that present data from our database to the public (i.e. guest) BEFORE they create an account and sign in. I currently am using the MVCResourceCommand to access these resources from the portlet and would like to do it without authentication. Is there a way to do that without modifying the portal-ext.properties? Optimally, it would be great if I could be pretty granular with which methods can be invoked without a p_auth token, but if I have to create individual portlets, I can do so. Most important is just being able to access the exposed API without a token.
I have seen suggestions like: @AccessControlled(guestAccessEnabled=true) (didn't work ....may have implemented incorrectly.) and:
(didn't work ....may have implemented incorrectly.)
Ideas?
I have seen suggestions like: @AccessControlled(guestAccessEnabled=true) (didn't work ....may have implemented incorrectly.) and:
//Ignore code
/**
* To by-pass authentication token for non-logged in user.
* Error: Invalid authentication token
* @return
*/
protected boolean isCheckMethodOnProcessAction() {
return CHECK_METHOD_ON_PROCESS_ACTION;
}
private static final boolean CHECK_METHOD_ON_PROCESS_ACTION = false;
(didn't work ....may have implemented incorrectly.)
Ideas?
Tomas Polesovsky, modificado hace 6 años.
RE: Access to API's without p_auth
Liferay Master Mensajes: 676 Fecha de incorporación: 13/02/09 Mensajes recientes
Hi,
if you are on 7.0 you can use Service Access Policy and whitelist the API in "System Default" policy.
if you are on 7.0 you can use Service Access Policy and whitelist the API in "System Default" policy.