Liferay 7.2 CE GA2: use specific jsonws methods via propertiesLiferay 7.2 CE GA2: use specific jsonws methods via propertieshttps://liferay.dev/en/c/message_boards/find_thread?p_l_id=119785333&threadId=1190575002024-03-29T06:36:49Z2024-03-29T06:36:49ZRE: Liferay 7.2 CE GA2: use specific jsonws methods via propertiesAlessandro Candinihttps://liferay.dev/en/c/message_boards/find_message?p_l_id=119785333&messageId=1190694862020-04-29T13:07:54Z2020-04-29T13:07:54Z<html><head></head><body>Thank you Dominik, but what I would like to do is to operate only on jsonws services <strong>disabling them all but the ones I use in my code</strong>: these jsonws properties fits my use case better.<br><br><u>Finally I've found a working pattern!</u> To disable jsonws completetly, but the subscribe-entry of bookmarks, the correct pattern is the following:<br><br><pre><code>jsonws.web.service.paths.includes=BookmarksEntry.bookmarksentry/subscribe-entry</code></pre><br><br>If you go to /api/jsonws page, you can see that the only method allowed is bookmarksentry.subscribe-entry.</body></html>Alessandro Candini2020-04-29T13:07:54ZRE: Liferay 7.2 CE GA2: use specific jsonws methods via propertiesDominik Markshttps://liferay.dev/en/c/message_boards/find_message?p_l_id=119785333&messageId=1190667222020-04-29T08:50:37Z2020-04-29T08:50:37ZIn my opinion to have more fine graned control of which services can be called you should have a look at Service Access Policies:<br /><br /><a href="https://help.liferay.com/hc/en-us/articles/360028711272-Service-Access-Policies">https://help.liferay.com/hc/en-us/articles/360028711272-Service-Access-Policies<br /><br /></a>Those will allow you to define the allowed services down to the method names of concrete classes. You can write your custom logic when a specific SAP is applied, e.g. based on IP adresses, secrets in the request or similar.Dominik Marks2020-04-29T08:50:37ZLiferay 7.2 CE GA2: use specific jsonws methods via propertiesAlessandro Candinihttps://liferay.dev/en/c/message_boards/find_message?p_l_id=119785333&messageId=1190574992020-04-28T08:19:20Z2020-04-28T08:19:20Z<html><head></head><body>I'm trying to limit the access to JSON web services only to the ones I use in my code. <br>For example, I use <strong>/bookmarks.bookmarksentry/subscribe-entry,</strong> and to get it work I used the following properties:<br><br><pre><code>json.web.service.enabled=true
jsonws.web.service.strict.http.method=false
jsonws.web.service.api.discoverable=true
jsonws.servlet.hosts.allowed=
jsonws.web.service.paths.includes=BookmarksEntry*
</code></pre><br>This way it works, but I would like to be more specific: what have I to write inside the includes property in order to use only <strong>subscribe-entry</strong> and not, for example, <strong>unsubscribe-entry</strong>?<br>I didn't find any pattern working with this need and I've tried a lot:<br><br><pre><code>jsonws.web.service.paths.includes=BookmarksEntry.subscribeEntry,\
BookmarksEntry.subscribeEntry*,\
BookmarksEntry*subscribeEntry*,\
/bookmarks.bookmarksentry/subscribe-entry,\
/bookmarks.bookmarksentry/subscribe-entry*,\
/bookmarksentry/subscribe-entry
</code></pre><br>If I try to change <strong>BookmarksEntry*</strong> with something more specific, I always get the same error:<br><br><pre><code>ERROR [ajp-nio-8009-exec-8][JSONWebServiceServiceAction:114] No JSON web service action with path /bookmarks.bookmarksentry/subscribe-entry and method null for bookmarks</code></pr