Did you use the old template for 7.0 and it does not work anymore? Or did you create a new Rest module based on Whiteboard?
If you use Whiteboard, those threads should help you. If not, I don't know, maybe you need to switch to whiteboard (or maybe those properties also help you)
https://liferay.dev/forums/-/message_boards/message/112794830
https://liferay.dev/forums/-/message_boards/message/117823352

Wow.
So eventually grokking through those posts you provided was the answer. I had to add the whiteboard annotations AND use the control panel to include my endpoint in the system default policy...
I guess I have been asleep at the switch. Is there anything in the doco that describes the recommended switch from the old CXF/REST style of services to this pure whiteboard approach?

Christoph
Can you explain a little more about this comment from the last post in the second thread:?
>> You can disable oauth (add  "oauth2.scopechecker.type=none" to the properties), but as you found out, you will be blocked by the access control.
>> To get around that, go to Control Panel -> Configuration -> Service Access Policy -> System_Default (it already contains getCountries and getRegions).
>> Add your own class/method to it.
>> package.itemsRESTApplication#working
>> or maybe even
>> package.itemsRESTApplication#*
>> if you want to allow access to all methods of your class.
So this works, but i am not sure why. Especially the part about "you will be blocked by the access control". Can you explain that a little more in detail?
Thanks