1. Home
  2. Portal
  3. RE: Liferay 7.2 CE GA2: use specific jsonws methods via properties

RE: Liferay 7.2 CE GA2: use specific jsonws methods via properties

thumbnail
Alessandro Candini, modified 5 Years ago.
Liferay 7.2 CE GA2: use specific jsonws methods via properties
Regular Member Posts: 130 Join Date: 10/17/15 Recent Posts
I'm trying to limit the access to JSON web services only to the ones I use in my code.
For example, I use /bookmarks.bookmarksentry/subscribe-entry, and to get it work I used the following properties:

json.web.service.enabled=true
jsonws.web.service.strict.http.method=false
jsonws.web.service.api.discoverable=true
jsonws.servlet.hosts.allowed=
jsonws.web.service.paths.includes=BookmarksEntry*

This way it works, but I would like to be more specific: what have I to write inside the includes property in order to use only subscribe-entry and not, for example, unsubscribe-entry?
I didn't find any pattern working with this need and I've tried a lot:

jsonws.web.service.paths.includes=BookmarksEntry.subscribeEntry,\
  BookmarksEntry.subscribeEntry*,\
  BookmarksEntry*subscribeEntry*,\
  /bookmarks.bookmarksentry/subscribe-entry,\
  /bookmarks.bookmarksentry/subscribe-entry*,\
  /bookmarksentry/subscribe-entry

If I try to change BookmarksEntry* with something more specific, I always get the same error:

ERROR [ajp-nio-8009-exec-8][JSONWebServiceServiceAction:114] No JSON web service action with path /bookmarks.bookmarksentry/subscribe-entry and method null for bookmarks

Any suggestions?
Thank you.
thumbnail
Dominik Marks, modified 5 Years ago.
RE: Liferay 7.2 CE GA2: use specific jsonws methods via properties
Regular Member Posts: 149 Join Date: 8/29/12 Recent Posts
In my opinion to have more fine graned control of which services can be called you should have a look at Service Access Policies:

https://help.liferay.com/hc/en-us/articles/360028711272-Service-Access-Policies

Those will allow you to define the allowed services down to the method names of concrete classes. You can write your custom logic when a specific SAP is applied, e.g. based on IP adresses, secrets in the request or similar.
thumbnail
Alessandro Candini, modified 5 Years ago.
RE: Liferay 7.2 CE GA2: use specific jsonws methods via properties (Answer)
Regular Member Posts: 130 Join Date: 10/17/15 Recent Posts
Thank you Dominik, but what I would like to do is to operate only on jsonws services disabling them all but the ones I use in my code: these jsonws properties fits my use case better.

Finally I've found a working pattern! To disable jsonws completetly, but the subscribe-entry of bookmarks, the correct pattern is the following:

jsonws.web.service.paths.includes=BookmarksEntry.bookmarksentry/subscribe-entry


If you go to /api/jsonws page, you can see that the only method allowed is bookmarksentry.subscribe-entry.