Details

    • Story Points:
      1
    • Fix Priority:
      3
    • Sprint:
      Iteration 45

      Description

      Steps to reproduce
      1. Start portal
      2. Go to Control Panel>Security>Service Access Policy
      3. Add service access policy
      enabled = "false",
      methodName = "getVersion",
      policyName = "OAUTH2_read.portalversion",
      serviceClass = "com.liferay.portal.kernel.service.PortalService",
      title = "read Portal version"
      4. Add new OAuth2 application and uncheck Authorization Code
      5. Edit Scopes>check read Portal version and Save
      6. Execute curl -X POST --data 'client_id=abc123&client_secret=abc123&grant_type=client_credentials' http://localhost:8080/o/oauth2/token to get accesss_token
      7. Execute curl -X POST -H 'Authorization: Bearer "87441b375885e3ea5625279b16b91b4cd29771ac5869aa946bf772e152b6' http://localhost:8080/api/jsonws/portal/get-version

      Actual result: No Access denied message was returned, returned {}. see return.png
      Expected result: Returned message like 'Access denied to com.liferay.portal.kernel.service.PortalService#getVersion'.

        Attachments

          Activity

            People

            Assignee:
            della.wang Della Wang
            Reporter:
            della.wang Della Wang
            Participants of an Issue:
            Recent user:
            Michael Prigge
            Votes:
            0 Vote for this issue
            Watchers:
            0 Start watching this issue

              Dates

              Created:
              Updated:
              Resolved:
              Days since last comment:
              8 weeks, 3 days ago

                Packages

                Version Package