1. Home
  2. Portal
  3. RE: LIFERAY JAVASCRIPT APIS

RE: LIFERAY JAVASCRIPT APIS

thumbnail
Arun Das, modified 6 Years ago.
LIFERAY JAVASCRIPT APIS
Regular Member Posts: 166 Join Date: 7/23/12 Recent Posts

Hi,

From Google chrome console, you can access Liferay JavaScript object (screenshots below)

 

 

From here it says, "The Liferay JavaScript object exposes methods, objects, and properties that you can use to access Liferay Portal-specific information" 

I was wondering, if we could disable it or change it from public access. If yes, how to disable this and if we disable it, will it break any functionality? 

 

Hope someone could shed some light.

 

Regards,

Arun

thumbnail
David H Nebinger, modified 6 Years ago.
RE: LIFERAY JAVASCRIPT APIS
Liferay Legend Posts: 14933 Join Date: 9/2/06 Recent Posts

You should not change the Liferay javascript unless you really, really, really know what you're doing.

And if you really, really, really think you know what you are doing, scrap that thought and go back to not changing the Liferay javascript.

thumbnail
Arun Das, modified 6 Years ago.
RE: LIFERAY JAVASCRIPT APIS
Regular Member Posts: 166 Join Date: 7/23/12 Recent Posts

Hi David,

I was debugging something else and found this by accident and I’m not planning to change anything from that JavaScript. I was just wondering if there is any way to hide it from global access. Something like, you can make json web services discoverable on api page using a property 

jsonws.web.service.api.discoverable=true

and set this to false to hide it from api page. 

 

 

Regards,

Arun

thumbnail
David H Nebinger, modified 6 Years ago.
RE: LIFERAY JAVASCRIPT APIS
Liferay Legend Posts: 14933 Join Date: 9/2/06 Recent Posts

getUserId() does not invoke the back end. It is a javascript-only object that has been populated during page rendering. If that's the only method you're concerned about "hiding", there is no reason to pursue it because it is not able to be hidden.

Discoverability just hides it from the /api/jsonws listing, but it does not make the method protected or anything. Knowing what I know about Liferay, I can invoke services against your instance whether /api/jsonws is working or not.

thumbnail
Arun Das, modified 6 Years ago.
RE: LIFERAY JAVASCRIPT APIS
Regular Member Posts: 166 Join Date: 7/23/12 Recent Posts
David H Nebinger:

getUserId() does not invoke the back end. It is a javascript-only object that has been populated during page rendering. If that's the only method you're concerned about "hiding", there is no reason to pursue it because it is not able

No, thats was just an example.

 

Discoverability just hides it from the /api/jsonws listing, but it does not make the method protected or anything. Knowing what I know about Liferay, I can invoke services against your instance whether /api/jsonws is working or not.

Yes, that was the basic idea for this too, just hide.

 

Thanks and anyways, the answer is no then.

 

Regards,

Arun