Details
-
Bug
-
Status: Closed
-
Resolution: Fixed
-
7.3.6 CE GA7, 7.4.0 CE GA1, Master
-
7.3.x
-
Committed
-
3
Description
According to portal.properties it is expected to list all JSONWS paths you need to whitelist:
# # The property "jsonws.web.service.paths.includes" denotes patterns for JSON # web service action paths that are allowed. Set a blank pattern to allow # any service action path. # # Env: LIFERAY_JSONWS_PERIOD_WEB_PERIOD_SERVICE_PERIOD_PATHS_PERIOD_INCLUDES # jsonws.web.service.paths.includes=
However, if JSONWS paths are namespaced (e.g. those with ddl namespace below), you have to tweak them to be processed correctly. So instead of this:
jsonws.web.service.paths.includes=\ /announcementsflag/add-flag,\ /announcementsflag/get-flag,\ /announcementsflag/delete-flag,\ /ddl.ddlrecord/add-record,\ /ddl.ddlrecordset/update-min-display-rows
you have to specify this:
jsonws.web.service.paths.includes=\ /announcementsflag/add-flag,\ /announcementsflag/get-flag,\ /announcementsflag/delete-flag,\ ddlrecord.ddlrecord/add-record,\ ddlrecordset.ddlrecordset/update-min-display-rows
It means: without the leading slash and with that namespace replaced with the part after the dot.
It is caused by two mistakes:
- The leading character is stripped, but not added back after the namespace is prepended to the context path:
https://github.com/liferay/liferay-portal/blob/874bdcaff61d6290bc627a667d9cf0c8b0a01516/portal-kernel/src/com/liferay/portal/kernel/jsonwebservice/JSONWebServiceNaming.java#L168-L173
public boolean isIncludedPath(String contextPath, String path) { String portalContextPath = PortalUtil.getPathContext(); if (!contextPath.equals(portalContextPath)) { path = contextPath + StringPool.PERIOD + path.substring(1); }
- Instead of the contextName the contextPath is passed so incorrect value is prepended:
https://github.com/liferay/liferay-portal/blob/6d28f4266948e7b0eeb14c3e8d16b3d81e02e8bb/portal-impl/src/com/liferay/portal/jsonwebservice/DefaultJSONWebServiceRegistrator.java#L281-L283
protected void onJSONWebServiceBean( String contextName, String contextPath, Object serviceBean, JSONWebService jsonWebService) throws Exception { ... if (!_jsonWebServiceNaming.isIncludedPath(contextPath, path)) { continue; }
Once namespaced paths are specified in the original form, they disappear from the localhost:8080/api/jsonws and the error is thrown when API is accessed using e.g. curl.
Attachments
Issue Links
- mentioned in
-
Page Loading...