Authorize jsonws service calls against liferay roles

留言板

Uli Schulze-Eyssing，修改在7 年前。

Authorize jsonws service calls against liferay roles

New Member 帖子: 3 加入日期: 16-5-22 最近的帖子

Hi,
is there a way to autorize calls into an jsonws WebService against the roles of liferay users?
I use @JSONWebservice without using the ServiceBuilder. is is backed by an EJB. The Webservice is listed in the api and callable, but how can I restrict access?

Many thanks,
Uli

David H Nebinger，修改在7 年前。

RE: Authorize jsonws service calls against liferay roles

Liferay Legend 帖子: 14916 加入日期: 06-9-2 最近的帖子

Usually you build this into your XxxServiceImpl class. The methods that you expose here are part of the json api, so you just need to add appropriate permission checks.

Note that we typically do not want to use roles directly as the roles are pretty dynamic, but permissions are fixed.

So define permissions around the EJB access, grant those perms to roles, then use the standard PermissionChecker to determine if the user has the permission to access the EJB.