RE: Applying Service Access Policy to Custom rest Service - Liferay DXP 7.3

2022-04-26T16:42:59Z

REST webservices require a SAP entry that allows access to the JAX-RS resource implementation class (and methods). If you leave the SAP entry as default=false, then it will only apply to authenticated users.

A good way to find out exactly which class (and method) to add tot he SAP entry is to set the following portal property:

access.control.sanitize.security.exception=false

Then just make a request to the service and it will reveal it. p.s. We do not recommend setting this for production environments, hence it is "true" by default.

If you would like finer access control then portal can dynamically apply such SAP entries based on granted OAuth 2 scopes. For that you need to give the SAP entry's name a prefix of "OAUTH2_". Such SAP entries will appear on the "Scopes" tab when adding OAuth 2 applications. Meaning that in order for a service equest to be successful, it has to come with an access token which is granted that scope.

I hope that answers your questions, but please let me know if not.

Best regards,

Stian

Applying Service Access Policy to Custom rest Service - Liferay DXP 7.3

2022-04-23T04:13:30Z

Hi ,

I have created Liferay Custom Rest webservice and SAP(Service Access policy) but how can i apply this particular SAP to the Custom rest webservice to chack the Resource access?

Can it be used for only unauthenticated services to expose particular methods?

If SAP can be used for authenticated rest services how can we apply this SAP to services?

Thanks,

Mahesh.