Ask Questions and Find Answers
Important:
Ask is now read-only. You can review any existing questions and answers, but not add anything new.
But - don't panic! While ask is no more, we've replaced it with discuss - the new Liferay Discussion Forum! Read more here here or just visit the site here:
discuss.liferay.com
Invoke JAXRS Whiteboard endpoints using Portal Session with liferay 7.3
I created a JAX-RS application using blade.The application class is configured with these properties.
When I'm logged in as admin and try to invoke these API via javascript I always get a 403 response error. The JSESSIONID is sent over the Cookie header to the API so I'm expecting the API to respond instead of refusing all the requests.I tried different approaches (CXF endpoints, Service Access Policy, API Authentication, AuthVerifierFilterTracker.config) but none of them worked.
How can I configure the module so that logged in users can invoke the API? Using Liferay Liferay Community Edition Portal 7.3.0 CE GA1.
Related questions:
https://liferay.dev/forums/-/message_boards/message/119533528
https://liferay.dev/forums/-/message_boards/message/117823352
[code]@Component(
property = {
JaxrsWhiteboardConstants.JAX_RS_APPLICATION_BASE + "=/issue-admin-rest-api/project",
JaxrsWhiteboardConstants.JAX_RS_NAME + "=Project.Configuration",
"auth.verifier.guest.allowed=false",
"oauth2.scopechecker.type=none"
},
service = Application.class
)
public class AdminRestAPIApplication extends Application {}When I'm logged in as admin and try to invoke these API via javascript I always get a 403 response error. The JSESSIONID is sent over the Cookie header to the API so I'm expecting the API to respond instead of refusing all the requests.I tried different approaches (CXF endpoints, Service Access Policy, API Authentication, AuthVerifierFilterTracker.config) but none of them worked.
How can I configure the module so that logged in users can invoke the API? Using Liferay Liferay Community Edition Portal 7.3.0 CE GA1.
Related questions:
https://liferay.dev/forums/-/message_boards/message/119533528
https://liferay.dev/forums/-/message_boards/message/117823352
I was trying to invoke the JAX-RS endpoint using jquery. Jquery doesn't send the x-csrf-token and I always got a 403 in response.
There are 2 possible solutions:
1. Use `Liferay.Util.fetch` method instead of jquery `get`.
2. Disable the csrf token check on the jaxrs component and keep using jquery.
@Component(
property = {
JaxrsWhiteboardConstants.JAX_RS_APPLICATION_BASE + "=/greetings",
JaxrsWhiteboardConstants.JAX_RS_NAME + "=Greetings.Rest",
"oauth2.scopechecker.type=none",
"auth.verifier.auth.verifier.PortalSessionAuthVerifier.check.csrf.token=false"
},
service = Application.class
)
Copyright © 2025 Liferay, Inc
• Privacy Policy
Powered by Liferay™