Forums de discussion

  1. Accueil
  2. Development
  3. Unauthenticated user can't invoke remote service ?

Unauthenticated user can't invoke remote service ?

Ying Wang, modifié il y a 8 années.

Unauthenticated user can't invoke remote service ?

Junior Member Publications: 36 Date d'inscription: 16/05/14 Publications récentes
I used service build to automatically create remote service code. Then I use following code to invoke the remote webservice on my jsp page


Liferay.Service(
			'/demos-service-portlet.districts/remote-districts-by-city-id',
			{
				cityId: cityId
			},
			function(obj) {
				......
			}
	);


If a guest user access the page, it will throw out an "java.lang.SecurityException". If I firstly login and then access the jsp page, everything is right.
I am just confused that does guest user can't use remote service?
thumbnail
Meera Prince, modifié il y a 8 années.

RE: Unauthenticated user can't invoke remote service ?

Liferay Legend Publications: 1111 Date d'inscription: 08/02/11 Publications récentes
hi

http://www.liferaysavvy.com/2015/03/liferay-json-web-services-authenticated.html

http://www.liferaysavvy.com/2014/05/consuming-liferay-json-web-services.html

<%@ include file="init.jsp"%>
<script src="http://ajax.googleapis.com/ajax/libs/jquery/1.10.2/jquery.min.js"></script>
<script>
$(document).on('ready',function(){
            var username ="test@liferay.com";
            var password ="test"; 
            function make_base_auth(user, password) {
              var tok = user + ':' + password;
              var hash = btoa(tok);
              return "Basic " + hash;
            }
                $.ajax({
                  url: 'http://localhost:8080/LiferayJSONWebservices-portlet/api/jsonws/employee/get-employee/employee-id/1',
                  dataType: "json",
                  type: "get",
                  success: function(data){
                          alert(data.employeeName);
                  },
                  beforeSend: function(xhr){
                          xhr.setRequestHeader('Authorization',make_base_auth(username, password));
                                    },
                                    complete: function(){
                                    },
                  error: function(){
                  }
                });
              
 });
</script>


Regards,
Meera Prince
thumbnail
Tomas Polesovsky, modifié il y a 8 années.

RE: Unauthenticated user can't invoke remote service ?

Liferay Master Publications: 676 Date d'inscription: 13/02/09 Publications récentes
Meera Prince:

<script>
            var username ="test@liferay.com";
            var password ="test"; </code></pre><br /></blockquote><br /><br /><span style="font-size: 32px;"><strong>Don&#39;t do this, ever!</strong></span><br /><br />It&#39;s security antipattern, anybody can open the source code of the page, get the credentials and then log into portal!!!<br /><br />If you use Service Builder and want a method public, please annotate the method with <span style="font-family: Courier New">@AccessControlled(guestAccessEnabled=true)</span><br /><br />In Liferay 7 it should be possible to configure it via UI in runtime, unluckily for &lt;=6.2 it&#39;s possible only in compile time.</script>
thumbnail
Meera Prince, modifié il y a 8 années.

RE: Unauthenticated user can't invoke remote service ?

Liferay Legend Publications: 1111 Date d'inscription: 08/02/11 Publications récentes
Ok thank you Tomas Polesovsky.
Yes you are right in js we cannot keep credentials. another we can use http client to invoke services from portlet action class.

Regards,
Meera Prince