Access denied to com.liferay.portal.kernel.service.UserService#getUserById https://liferay.dev/c/message_boards/find_thread?p_l_id=119785294&threadId=110743490 2026-04-04T07:32:25Z 2026-04-04T07:32:25Z Javier Gamarra https://liferay.dev/c/message_boards/find_message?p_l_id=119785294&messageId=110744627 2018-08-20T20:04:22Z 2018-08-20T20:04:22Z

<p>Depends on your needs... if the APIs can be public, changing the access policy (there are several options to restrict access) is the easiest way. But if you want more complex needs, creating a user is more flexible (you can disable it in the event of a security issue, implement some sort of rate limiting...). It's also way more cumbersome (detect which permissions you need, take care of the user, embed it...).</p>

Javier Gamarra 2018-08-20T20:04:22Z John Cressman https://liferay.dev/c/message_boards/find_message?p_l_id=119785294&messageId=110744604 2018-08-20T20:00:03Z 2018-08-20T20:00:03Z

<p>What is the preferred way for creating mobile applications that call the Liferay APIs?  In the tutorial, there is no mention of creating a user that I see.</p> <p> </p> <p>John</p>

John Cressman 2018-08-20T20:00:03Z Javier Gamarra https://liferay.dev/c/message_boards/find_message?p_l_id=119785294&messageId=110744583 2018-08-20T19:52:09Z 2018-08-20T19:52:09Z

<p>Liferay default JSON-WS services are private by default (you need an authenticated user to access them, either using BASIC, DIGEST, OAUTH...). You can make them public with the service access policy as you already discovered :)<br /> <br /> The error you are receiving right now is because you are trying to access the default user (a hidden user called default) that can not be queried, it's used only for security reasons. You can access it if you enable some permissions but it doesn't make much sense because it's not a &quot;normal&quot; user. If you query other user you should access the information without issues.</p> <p> </p> <p>About the service access policy issue you have 2 approaches, change the policy to enable unauthenticated queries or use a user for accessing the API with only the permissions you want.</p>

Javier Gamarra 2018-08-20T19:52:09Z John Cressman https://liferay.dev/c/message_boards/find_message?p_l_id=119785294&messageId=110744550 2018-08-20T19:07:14Z 2018-08-20T19:07:14Z

<p>After much searching and researching, it I tried adding the com.liferay.portal.kernal.service.UserService#getUserByScreenName to the System_Default in Configuration-&gt;Service Access Policy and no longer get the Access denied to com.liferay.portal.kernal.service.UserService#getUserByScreenName error.</p> <p>Instead, I now get: User 20119 must have the VIEW permission to com.liferay.portal.kernel.model.User 20155.</p> <p>Looking in users, I do see that Test user (the one I try to log in with) is 20155, however I cannot find 20119.  In fact, TEST is the ONLY user right now.</p> <p>So it looks like there is definitely some permissioning issues going on.  I don't remember seeing any of this addressed in the tutorial I watched.  Is this addressed some place else? </p> <p>Anyone else have this issue?</p>

John Cressman 2018-08-20T19:07:14Z John Cressman https://liferay.dev/c/message_boards/find_message?p_l_id=119785294&messageId=110743548 2018-08-20T17:23:49Z 2018-08-20T17:23:49Z

<p>I am calling that from within the Android App, as per the tutorial.  I'm not using a web browser any sort.  I'm not calling it as any particular user - as far as I can tell - it's using:</p> <p>In the layout:</p> <p> </p> <pre> &lt;com.liferay.mobile.screens.auth.login.LoginScreenlet android:id=&quot;@+id/login_screenlet&quot; android:layout_width=&quot;match_parent&quot; android:layout_height=&quot;wrap_content&quot; liferay:basicAuthMethod=&quot;screen_name&quot; liferay:credentialsStorage=&quot;auto&quot; liferay:layoutId=&quot;@layout/login_westeros&quot; /&gt;</pre> <p> </p> <p>And in the java:</p> <pre> protected void onCreate(Bundle savedInstanceState) { super.onCreate(savedInstanceState); setContentView(R.layout.activity_main); LoginScreenlet loginScreenlet = (LoginScreenlet) findViewById(R.id.login_screenlet); loginScreenlet.setListener(this); } @Override public void onLoginSuccess(User user) { startActivity(new Intent(MainActivity.this, ActivityOne.class)); } @Override public void onLoginFailure(Exception e) { Toast.makeText( MainActivity.this, &quot;!!! LOGIN FAILURE !!!&quot;, Toast.LENGTH_SHORT).show(); }</pre> <p>THat's all straight from the tutorial.</p>

John Cressman 2018-08-20T17:23:49Z Christoph Rabel https://liferay.dev/c/message_boards/find_message?p_l_id=119785294&messageId=110743522 2018-08-20T17:16:44Z 2018-08-20T17:16:44Z

<p>Where do you call that? Are you sure that your current user has the permission to call that function?</p> <p>When you authenticate with that user, can you call getUserById from the browser (go to /api/jsonws and try to call that method).</p>

Christoph Rabel 2018-08-20T17:16:44Z John Cressman https://liferay.dev/c/message_boards/find_message?p_l_id=119785294&messageId=110743489 2018-08-20T16:59:36Z 2018-08-20T16:59:36Z

<p>I am going through the Liferay University tutorial and have built a simple Android Studio app that should login to my local instance of Liferay.</p> <p>First, it looked like a 7.1 vs 7.0 issue, but now I have 7.0 DXP installed and running.  I am point to the correct company_id and group_id's.</p> <p>Now, I actually see something in the catalina console when I try to login.  The login fails, but on the catalina console I get the following error:</p> <p> </p> <p> <b>Access denied to com.liferay.portal.kernel.service.UserService#getUserById</b></p> <p> </p> <p>How do I get around this?  This has been a very frustrating experience as following the tutorial line by line, my results are not what the instructor sees.</p> <p> </p> <p> </p>

John Cressman 2018-08-20T16:59:36Z