Java – Liferay API / jsonws page can only be accessed by administrator users
•
Java
Anyone can tell me how to restrict ordinary users from accessing Liferay API / jsonws pages The API / jsonws page can only be accessed by administrator users
Do we have any choice in Liferay?
Anyone can help me
Solution
I guess this function is not in Liferay 6.2:(
jsonws.web.service.api.discoverable=false
reference resources: https://issues.liferay.com/browse/LPS-50668
The options I know can be completed in 6.2
> ServletFilter Hook
Write your logic there / / write a specific pattern
<servlet-filter>
<servlet-filter-name>ServiceAccessPage</servlet-filter-name>
<servlet-filter-impl>com.check.access.ServiceAccessPage</servlet-filter-impl>
<init-param>
<param-name>initparam</param-name>
<param-value>Hi IP Address Filter</param-value>
</init-param>
</servlet-filter>
<servlet-filter-mapping>
<servlet-filter-name>ServiceAccessPage</servlet-filter-name>
<url-pattern>/api/jsonws</url-pattern>
<dispatcher>REQUEST</dispatcher>
<dispatcher>FORWARD</dispatcher>
</servlet-filter-mapping>
In serviceaccesspage In Java
public void doFilter(ServletRequest request,ServletResponse response,FilterChain chain) throws java.io.IOException,ServletException {
//get user & Redirect to session.setAttribute(WebKeys.LAST_PATH,redirectionFailPath);
logger.info("DoFilter method being called");
}
>Crete service pre operation
[this will be called before each action: ()
Get the user from the request and & manage the login page accordingly
>Use ext
Write a property to close / open the page & override the JSON web service servlet
The content of this article comes from the network collection of netizens. It is used as a learning reference. The copyright belongs to the original author.
THE END
二维码