Details

    • Story Points:
      1
    • Sprint:
      Iteration 45

      Description

      Step to reproduce:
      1. Start portal
      2. Add new instance named www.able.com
      3. Go to http://www.able.com:8080 and login as instance admin
      4. Enable MFA and API Authentication
      5. Go to Instance settings > API Authentication > Virtual Instance scope at www.able.com
      6. Disable Auto Login Basic Authentication Header
      7. Disable Basic Authentication Protocol Support
      8. Open Postman and send the following GET request http://able.com:8080/api/jsonws/user/get-current-user
      Authentication user: test@liferay.com Authentication password: test

      Actual result: Access denied message was not returned

      Expected result: The api request should be denied. Response message is: { "exception": "Access denied to com.liferay.portal.kernel.service.UserService#getCurrentUser", "throwable": "java.lang.SecurityException: Access denied to com.liferay.portal.kernel.service.UserService#getCurrentUser", "error":

      { "message": "Access denied to com.liferay.portal.kernel.service.UserService#getCurrentUser", "type": "java.lang.SecurityException" }

      }

        Attachments

          Activity

            People

            Assignee:
            della.wang Della Wang
            Reporter:
            della.wang Della Wang
            Participants of an Issue:
            Recent user:
            Della Wang
            Engineering Assignee:
            Marta Medio
            Votes:
            0 Vote for this issue
            Watchers:
            0 Start watching this issue

              Dates

              Created:
              Updated:
              Resolved:
              Days since last comment:
              8 weeks, 3 days ago

                Packages

                Version Package
                Master