How to disallow guest user to access custom web service?

Foros de discusión

Abhishek Jain, modificado hace 6 años.

How to disallow guest user to access custom web service?

Regular Member Mensajes: 226 Fecha de incorporación: 20/08/16 Mensajes recientes

I have made a custom web service and I want that the guest user could not access the service methods through api/jsonws. For that, I tried with the
@AccessControlled(guestAccessEnabled = false) annotation over the service method. But it didn't help as I am still able to access the service method. the second thing which I tried is making a new policy in the service access policy, kept enabled to "No", kept default to "No" and put desired class name in the service class and the method in the policy. But then too when I log out, I am able to access the service method. Please help, any help would be appreciated.

Abhishek Jain, modificado hace 6 años.

RE: How to disallow guest user to access custom web service?

Regular Member Mensajes: 226 Fecha de incorporación: 20/08/16 Mensajes recientes

Any idea ,anyone?

Stephen Kostas, modificado hace 6 años.

RE: How to disallow guest user to access custom web service?

New Member Mensajes: 20 Fecha de incorporación: 2/11/09 Mensajes recientes

Hey, I'm not 100% sure, but it may be related to needing to configure permissions for the method. So you would need to define a resource action, and then define permissions for that resource. The remote service will run the same check on resource permissions as a local service would. If you don't have your resources permissions defined and configured, this section of the Developing a Web Application might be useful for putting all of that together - https://dev.liferay.com/develop/tutorials/-/knowledge_base/7-0/using-resources-and-permissions