Ask Questions and Find Answers
Important:
Ask is now read-only. You can review any existing questions and answers, but not add anything new.
But - don't panic! While ask is no more, we've replaced it with discuss - the new Liferay Discussion Forum! Read more here here or just visit the site here:
discuss.liferay.com
RE: Invoking Liferay JSON web service remotely.
The service builder created a simple remote and local services. I want to invoke the remote service from the postman and customize the authentication process, for ex: using an auth pipeline. How to do that? When invoking the remote service, I need to pass-in an auth token and I need to validate it against an external User store.
Vishnu S Kumar:
I need to validate it against an external User store.
Just so you know, all users in Liferay must be real Liferay users. You can't auth a user in a 3rd party system and not have them exist as a Liferay user. So first thing you need to do is figure out how to handle user import into Liferay.
For authentication, take a look at the Token Based Authentication support already part of Liferay. It can use a cookie or a header for authentication purposes, but not a param. Params are not normally part of an incoming request because those are typically tied to the method being invoked, so these are two separate concerns.
You could, of course, completely fake it. Make the API a guest API so no authentication to invoke at all. Then your token can be part of the request because internally you'd need to complete your external auth lookup. From Liferay's perspective though, all of this would be guest access so no way to audit or anything using typical Liferay mechanisms.
Thanks, David. Please correct me if I'm doing it wrong.
To enable the Token-based SSO, I followed the Liferay docs and configured it inside the system-settings -> foundation -> token-based SSO. I configured it to use the request header with the name TEST_TOKEN.
To make the guest API, I configured the service and method under SYNC_DEFAULT in the service access policies.
Now, If I call the JSON web service from the postman, using the TEST_TOKEN header, it is supposed the reach at the AutoLogin pipeline class right. But It's not working instead it's calling the API without any security. Is this the correct way to make the guest API?
To enable the Token-based SSO, I followed the Liferay docs and configured it inside the system-settings -> foundation -> token-based SSO. I configured it to use the request header with the name TEST_TOKEN.
To make the guest API, I configured the service and method under SYNC_DEFAULT in the service access policies.
Now, If I call the JSON web service from the postman, using the TEST_TOKEN header, it is supposed the reach at the AutoLogin pipeline class right. But It's not working instead it's calling the API without any security. Is this the correct way to make the guest API?
Copyright © 2025 Liferay, Inc
• Privacy Policy
Powered by Liferay™