1. Home
  2. Development
  3. RE: Access denied to com.liferay.portal.kernel.service.UserService#getUserB

RE: Access denied to com.liferay.portal.kernel.service.UserService#getUserB

John Cressman, modified 7 Years ago.
Access denied to com.liferay.portal.kernel.service.UserService#getUserById
Junior Member Posts: 39 Join Date: 8/15/17 Recent Posts

I am going through the Liferay University tutorial and have built a simple Android Studio app that should login to my local instance of Liferay.

First, it looked like a 7.1 vs 7.0 issue, but now I have 7.0 DXP installed and running.  I am point to the correct company_id and group_id's.

Now, I actually see something in the catalina console when I try to login.  The login fails, but on the catalina console I get the following error:

 

Access denied to com.liferay.portal.kernel.service.UserService#getUserById

 

How do I get around this?  This has been a very frustrating experience as following the tutorial line by line, my results are not what the instructor sees.

 

 

thumbnail
Christoph Rabel, modified 7 Years ago.
RE: Access denied to com.liferay.portal.kernel.service.UserService#getUserB
Liferay Legend Posts: 1555 Join Date: 9/24/09 Recent Posts

Where do you call that? Are you sure that your current user has the permission to call that function?

When you authenticate with that user, can you call getUserById from the browser (go to /api/jsonws and try to call that method).

John Cressman, modified 7 Years ago.
RE: Access denied to com.liferay.portal.kernel.service.UserService#getUserB
Junior Member Posts: 39 Join Date: 8/15/17 Recent Posts

I am calling that from within the Android App, as per the tutorial.  I'm not using a web browser any sort.  I'm not calling it as any particular user - as far as I can tell - it's using:

In the layout:

 

<com.liferay.mobile.screens.auth.login.LoginScreenlet
android:id="@+id/login_screenlet"
android:layout_width="match_parent"
android:layout_height="wrap_content"
liferay:basicAuthMethod="screen_name"
liferay:credentialsStorage="auto"
liferay:layoutId="@layout/login_westeros"
/>

 

And in the java:

protected void onCreate(Bundle savedInstanceState) {
    super.onCreate(savedInstanceState);
    setContentView(R.layout.activity_main);

    LoginScreenlet loginScreenlet = (LoginScreenlet) findViewById(R.id.login_screenlet);

    loginScreenlet.setListener(this);

}

@Override
public void onLoginSuccess(User user) {

    startActivity(new Intent(MainActivity.this, ActivityOne.class));

}

@Override
public void onLoginFailure(Exception e) {

    Toast.makeText( MainActivity.this,  "!!! LOGIN FAILURE !!!", Toast.LENGTH_SHORT).show();

}

THat's all straight from the tutorial.

John Cressman, modified 7 Years ago.
RE: Access denied to com.liferay.portal.kernel.service.UserService#getUserB
Junior Member Posts: 39 Join Date: 8/15/17 Recent Posts

After much searching and researching, it I tried adding the com.liferay.portal.kernal.service.UserService#getUserByScreenName to the System_Default in Configuration->Service Access Policy and no longer get the Access denied to com.liferay.portal.kernal.service.UserService#getUserByScreenName error.

Instead, I now get: User 20119 must have the VIEW permission to com.liferay.portal.kernel.model.User 20155.

Looking in users, I do see that Test user (the one I try to log in with) is 20155, however I cannot find 20119.  In fact, TEST is the ONLY user right now.

So it looks like there is definitely some permissioning issues going on.  I don't remember seeing any of this addressed in the tutorial I watched.  Is this addressed some place else? 

Anyone else have this issue?

thumbnail
Javier Gamarra, modified 7 Years ago.
RE: Access denied to com.liferay.portal.kernel.service.UserService#getUserB
Expert Posts: 348 Join Date: 2/12/15 Recent Posts

Liferay default JSON-WS services are private by default (you need an authenticated user to access them, either using BASIC, DIGEST, OAUTH...). You can make them public with the service access policy as you already discovered :)

The error you are receiving right now is because you are trying to access the default user (a hidden user called default) that can not be queried, it's used only for security reasons. You can access it if you enable some permissions but it doesn't make much sense because it's not a "normal" user. If you query other user you should access the information without issues.

 

About the service access policy issue you have 2 approaches, change the policy to enable unauthenticated queries or use a user for accessing the API with only the permissions you want.

John Cressman, modified 7 Years ago.
RE: Access denied to com.liferay.portal.kernel.service.UserService#getUserB
Junior Member Posts: 39 Join Date: 8/15/17 Recent Posts

What is the preferred way for creating mobile applications that call the Liferay APIs?  In the tutorial, there is no mention of creating a user that I see.

 

John

thumbnail
Javier Gamarra, modified 7 Years ago.
RE: Access denied to com.liferay.portal.kernel.service.UserService#getUserB
Expert Posts: 348 Join Date: 2/12/15 Recent Posts

Depends on your needs... if the APIs can be public, changing the access policy (there are several options to restrict access) is the easiest way. But if you want more complex needs, creating a user is more flexible (you can disable it in the event of a security issue, implement some sort of rate limiting...). It's also way more cumbersome (detect which permissions you need, take care of the user, embed it...).