Liferay remote service access for all usersLiferay remote service access for all usershttps://liferay.dev/en/c/message_boards/find_thread?p_l_id=119785333&threadId=1194730832024-03-29T08:39:15Z2024-03-29T08:39:15ZRE: Liferay remote service access for all usersChristoph Rabelhttps://liferay.dev/en/c/message_boards/find_message?p_l_id=119785333&messageId=1194758642020-06-24T12:51:45Z2020-06-24T12:51:45ZI guess, it is the missing authToken parameter. Liferay checks if the parameter is there for security reasons, to make sure that the call was actually made by the current user. I don't know if you can disable the check for one specific method only.<br />If you call it from a Liferay page, you can add the p_auth parameter yourself. Even if you don't want to use the Liferay object, just using window.Liferay.authToken is probably not a big deal.<br />Another way to solve this would be to implement the service method using the rest template instead of through service builder. That approach really has a lot of merits since you are far more flexible with the interfaces you can provide and you also have a lot more control about things like authentication. (There is also the rest builder, <a href="https://help.liferay.com/hc/en-us/articles/360028708852-Introduction-to-REST-Builder">https://help.liferay.com/hc/en-us/articles/360028708852-Introduction-to-REST-Builder</a> which might also be useful if you plan to have lots of rest services)Christoph Rabel2020-06-24T12:51:45ZLiferay remote service access for all usersRafał Pydyniakhttps://liferay.dev/en/c/message_boards/find_message?p_l_id=119785333&messageId=1194730822020-06-24T10:48:23Z2020-06-24T10:48:23ZHello,<br />I have a problem with using remote services. I have method findAll() in my *Service. This method just returns some entities from database. We want these data to be accessible for both logged users and guests. I have therefore added ServiceAccessPolicy for my Service and it works great for guests users - I get the JSON with data when I enter the url<a href="">http://localhost:8080/api/jsonws/invoke?cmd={%22/mynamespace.data/find-all%22:{}}</a> <br />(the namespace and table names are changed)But when I try to enter the exactly same URL as logged user (either admin user or just newly created user without any additional roles) I get the error:<img src="/documents/portlet_file_entry/14/image--tempRandomSuffix--ALLemfZz.png/e9663dad-3e12-a1c9-0d17-430d17c8b175" /><br />So basically I can enter the URL as guest but I can't as an administrator which seems quite weird for me. When I try with p_auth parameter obtained from Liferay.auth it works fine (so the same url but with &p_auth=MY_TOKEN)But I'd like not to use the p_auth because we don't want to use Liferay object<br />I know I could also:<ul style="list-style: disc outside;"><li>Use basic authentication - but in my case I can't because we're actually calling the REST from React application embedded in MVCPortlet and this React app doesn't have the username/password</li><li>Use Liferay.Service - we don't want to use Liferay object at all</li></ul>Any clues? Perhaps it's a bug in Liferay remote services?<br />I'm using Liferay 7.0.6 GA7 at the moment (we're moving to DXP but