掲示板
Authorize jsonws service calls against liferay roles
7年前 に Uli Schulze-Eyssing によって更新されました。
Authorize jsonws service calls against liferay roles
New Member 投稿: 3 参加年月日: 16/05/22 最新の投稿
Hi,
is there a way to autorize calls into an jsonws WebService against the roles of liferay users?
I use @JSONWebservice without using the ServiceBuilder. is is backed by an EJB. The Webservice is listed in the api and callable, but how can I restrict access?
Many thanks,
Uli
is there a way to autorize calls into an jsonws WebService against the roles of liferay users?
I use @JSONWebservice without using the ServiceBuilder. is is backed by an EJB. The Webservice is listed in the api and callable, but how can I restrict access?
Many thanks,
Uli
7年前 に David H Nebinger によって更新されました。
RE: Authorize jsonws service calls against liferay roles
Liferay Legend 投稿: 14915 参加年月日: 06/09/02 最新の投稿
Usually you build this into your XxxServiceImpl class. The methods that you expose here are part of the json api, so you just need to add appropriate permission checks.
Note that we typically do not want to use roles directly as the roles are pretty dynamic, but permissions are fixed.
So define permissions around the EJB access, grant those perms to roles, then use the standard PermissionChecker to determine if the user has the permission to access the EJB.
Note that we typically do not want to use roles directly as the roles are pretty dynamic, but permissions are fixed.
So define permissions around the EJB access, grant those perms to roles, then use the standard PermissionChecker to determine if the user has the permission to access the EJB.