Authorize jsonws service calls against liferay roles

Fórum

Uli Schulze-Eyssing, modificado 7 Anos atrás.

Authorize jsonws service calls against liferay roles

New Member Postagens: 3 Data de Entrada: 22/05/16 Postagens Recentes

Hi,
is there a way to autorize calls into an jsonws WebService against the roles of liferay users?
I use @JSONWebservice without using the ServiceBuilder. is is backed by an EJB. The Webservice is listed in the api and callable, but how can I restrict access?

Many thanks,
Uli

David H Nebinger, modificado 7 Anos atrás.

RE: Authorize jsonws service calls against liferay roles

Liferay Legend Postagens: 14918 Data de Entrada: 02/09/06 Postagens Recentes

Usually you build this into your XxxServiceImpl class. The methods that you expose here are part of the json api, so you just need to add appropriate permission checks.

Note that we typically do not want to use roles directly as the roles are pretty dynamic, but permissions are fixed.

So define permissions around the EJB access, grant those perms to roles, then use the standard PermissionChecker to determine if the user has the permission to access the EJB.