Invoke JAXRS Whiteboard endpoints using Portal Session with liferay 7.3Invoke JAXRS Whiteboard endpoints using Portal Session with liferay 7.3https://liferay.dev/c/message_boards/find_thread?p_l_id=119785294&threadId=1200978762026-04-05T10:34:06Z2026-04-05T10:34:06ZRE: Invoke JAXRS Whiteboard endpoints using Portal Session with liferay 7.3Enrico Costanzihttps://liferay.dev/c/message_boards/find_message?p_l_id=119785294&messageId=1204830142020-12-01T12:13:53Z2020-12-01T11:34:23Z<p>I was trying to invoke the JAX-RS endpoint using jquery. Jquery
doesn't send the x-csrf-token and I always got a 403 in response. </p>
<p>There are 2 possible solutions:</p>
<p>1. Use `Liferay.Util.fetch` method instead of jquery `get`.</p>
<p>2. Disable the csrf token check on the jaxrs component and keep using jquery. </p>
<pre>@Component(
property = {
JaxrsWhiteboardConstants.JAX_RS_APPLICATION_BASE + "=/greetings",
JaxrsWhiteboardConstants.JAX_RS_NAME + "=Greetings.Rest",
"oauth2.scopechecker.type=none",
"auth.verifier.auth.verifier.PortalSessionAuthVerifier.check.csrf.token=false"
},
service = Application.class
)</pre>Enrico Costanzi2020-12-01T11:34:23ZInvoke JAXRS Whiteboard endpoints using Portal Session with liferay 7.3Enrico Costanzihttps://liferay.dev/c/message_boards/find_message?p_l_id=119785294&messageId=1200978752020-10-15T09:14:54Z2020-10-15T09:14:54Z<html><head></head><body>I created a JAX-RS application using blade.The application class is configured with these properties.<br><br><pre><code>[code]@Component(
property = {
JaxrsWhiteboardConstants.JAX_RS_APPLICATION_BASE + "=/issue-admin-rest-api/project",
JaxrsWhiteboardConstants.JAX_RS_NAME + "=Project.Configuration",
"auth.verifier.guest.allowed=false",
"oauth2.scopechecker.type=none"
},
service = Application.class
)
public class AdminRestAPIApplication extends Application {</code></pre><pre><code>}</code></pre>The <a href="https://help.liferay.com/hc/en-us/articles/360031902292-JAX-RS">documentation</a> states: "When you deploy a JAX-RS application, an <a href="https://help.liferay.com/hc/en-us/articles/360029031751-Authentication-Verifiers">Auth Verifier</a> filter is registered for it." and then says how to disable basic auth keeping only portal session and oauth2. <br><br>When I'm logged in as admin and try to invoke these API via javascript I always get a 403 response error. The JSESSIONID is sent over the Cookie header to the API so I'm expecting the API to respond instead of refusing all the requests.I tried different approaches (CXF endpoints, Service Access Policy, API Authentication, AuthVerifierFilterTracker.config) but none of them worked. <br><br>How can I configure the module so that logged in users can invoke the API? Using Liferay Liferay Community Edition Portal 7.3.0 CE GA1.<br><br>Related questions: <br><a href="https://liferay.dev/forums/-/message_boards/message/119533528">https://liferay.dev/forums/-/message_boards/message/119533528</a> <br><a href="https://liferay.dev/forums/-/message_boards/message/117823352">https://liferay.dev/forums/-/message_boards/message/117823352</a></body></html>Enrico Costanzi2020-10-15T09:14:54Z