Message Boards
How to get HttpServletRequest in JSONWebService of a custom service?
How to get HttpServletRequest in JSONWebService of a custom service?
New Member Posts: 7 Join Date: 3/19/15 Recent PostsI have created a JSON Web service using service builder. While validating this web service call I need to check how many requests have been made from the caller's IP address to this web service. Hence I need the HttpServletRequest instance so that I can get the remote address by checking X_FORWARDED_FOR header.
So far I am unable to get it. I have tried following but the LiferayPortletRequest received from ServiceContextThreadLocal is null.
ServiceContextThreadLocal.getServiceContext().getLiferayPortletRequest().getHttpServletRequest()
Please let me know if someone has been able to achieve it. I am using Liferay DXP 7.2
RE: How to get HttpServletRequest in JSONWebService of a custom service?
Liferay Master Posts: 591 Join Date: 8/8/14 Recent PostsHi,
You will not have request object in JSON WebService Impl, For Audit/tracking purpose you can create Servlet Filter and use the request object there
https://help.liferay.com/hc/en-us/articles/360020486752-Servlet-Filters
RE: How to get HttpServletRequest in JSONWebService of a custom service? (Answer)
New Member Posts: 6 Join Date: 5/1/15 Recent PostsHi Ishaan. Because this is to do with access control, I would suggest you implement a com.liferay.portal.kernel.security.access.control.AccessControlPolicy in a @Component.
Your implementation of onServiceRemoteAccess() will then get called. From there you can static call com.liferay.portal.kernel.security.access.control.AccessControlUtil#getAccessControlContex . This will allow access to the HttpServletRequest .
The Filter approach is also viable, but likely more sensitive to product changes in the future.
RE: How to get HttpServletRequest in JSONWebService of a custom service?
New Member Posts: 7 Join Date: 3/19/15 Recent PostsThank you Mohammed Yasin and Stian Sigvartsen for you answers.
I was familiar with the filter approach but it did not suit my needs as my purpose was more than auditing. I took the AcessControlPolicy approch suggested by Stian and reached the desired ourcome.