掲示板

  1. ホーム
  2. Development
  3. Liferay 6.2: Allow public access to one JSON API method

Liferay 6.2: Allow public access to one JSON API method

9年前 に Gaurav Sharma によって更新されました。

Liferay 6.2: Allow public access to one JSON API method

New Member 投稿: 13 参加年月日: 15/02/23 最新の投稿
I'm trying to provide public access to the URL 

http://localhost:8080/api/jsonws/journalarticle/get-article-by-url-title/group-id/10182/url-title/events


When I try accessing this URL without being logged in to Liferay, I get the following error:

{"exception":"Authenticated access required"}


I've tried setting the following in portal-ext.properties:

json.service.public.methods=*
jsonws.web.service.public.methods=*


I've also tried setting the values to get* with no luck. I need to access this API through an AngularJs application that is hosted on a different domain, so I also need to set up CORS access if possible.
thumbnail
9年前 に Miroslav Ligas によって更新されました。

RE: Liferay 6.2: Allow public access to one JSON API method

Regular Member 投稿: 152 参加年月日: 14/07/29 最新の投稿
Liferay by default does not allow unauthenticated access to the API. You should be able to switch it of probably by json.service.auth.token.enabled=false for development purpose only!. Never disable it in production or make sure you are going to secure the interface with other means.

You can also use Basic Authentication to access the interface.
e.g. https://test:test@localhost:8080/api/jsonws/journalarticle/get-article-by-url-title/group-id/10182/url-title/events
9年前 に Gaurav Sharma によって更新されました。

RE: Liferay 6.2: Allow public access to one JSON API method

New Member 投稿: 13 参加年月日: 15/02/23 最新の投稿
Thanks Miroslav but setting 
json.service.auth.token.enabled=false
fails to work. I still get the same exception i.e. 
{"exception":"Authenticated access required"}
.

I'm trying to call this API using AngularJs so I don't think basic auth is the way to go. My username password would be out in the open in plain text. What is the recommended way to authenticate is such a situation (i.e. single page apps) without asking a user to provide a username and password?

Also, any idea how I can set up CORS since my JS application is on a separate domain.
thumbnail
9年前 に Miroslav Ligas によって更新されました。

RE: Liferay 6.2: Allow public access to one JSON API method

Regular Member 投稿: 152 参加年月日: 14/07/29 最新の投稿
Unfortunately there is currently no other way then Basic Auth in Liferay out of the box.
You could create your on REST interface on top of Liferay services and deploy it on the server where you can implement a custom auth mechanism. Other possibility would be to create a interface that will generate you the Liferay auth token.

Concerning the CORS that may be a little bit difficult. Usually you would put a upstream server like Apache to proxy the request then you will get all calls on the same domain. There are other hack how to achieve the CORS but you would need to Google for them a little bit.
8年前 に Angelos Varvitsiotis によって更新されました。

RE: Liferay 6.2: Allow public access to one JSON API method

New Member 投稿: 6 参加年月日: 11/07/26 最新の投稿
I believe that you would also need to set this in portal-ext.propertis:

request.header.auth.hosts.allowed=localhost,SERVER_IP

Liferay (at least 6.2 that I checked) refuses basic authentication from hosts not in that list.

Please let me know if this helps.

Angelos
7年前 に Account Removed によって更新されました。

RE: Liferay 6.2: Allow public access to one JSON API method

New Member 投稿: 9 参加年月日: 15/02/19 最新の投稿
if the security matters are not critical, the one more option to try could be the one described here: https://web.liferay.com/community/forums/-/message_boards/view_message/16031513#_19_message_27934805