Uploaded image for project: 'PUBLIC - Liferay Portal Community Edition'
  1. PUBLIC - Liferay Portal Community Edition
  2. LPS-41843

Add white and black list for JSONWebService paths

    Details

    • Type: Story
    • Status: Closed
    • Priority: Minor
    • Resolution: Completed
    • Affects Version/s: 6.2.0 CE GA1
    • Fix Version/s: 6.2.0 CE GA1, 7.0.0 M3
    • Component/s: Web Services
    • Labels:
      None

      Description

      Add portal.properties flags for including/excluding JSONWebService methods, i.e. paths.

      Example usages

      Enable just /address/* and /user/* APIs:

      jsonws.web.service.paths.included=/address/*,/user/*
      jsonws.web.service.paths.excluded=
      

      Enable all APIs but exclude marketplace portlet

      jsonws.web.service.paths.included=
      jsonws.web.service.paths.excluded=/marketplace-portlet/*
      

      Enable part of the APIs but exclude dangerous methods

      jsonws.web.service.paths.included=/user/*,/address/*,....
      jsonws.web.service.paths.excluded=/user/update-password,/user/set-role
      

      So you have both whitelist and blacklist functionality in one.

      This list might be important if some security issue appears in the future - this way our users may very easily remove some API without rebuilding the server. See LPS-41317 for an example.

        Attachments

          Activity

            People

            Assignee:
            robert.srisamang Robert Srisam-ang (Inactive)
            Reporter:
            igor.spasic Igor Spasic (Inactive)
            Recent user:
            Kiyoshi Lee
            Participants of an Issue:
            Votes:
            0 Vote for this issue
            Watchers:
            0 Start watching this issue

              Dates

              Created:
              Updated:
              Resolved:

                Packages

                Version Package
                6.2.0 CE GA1
                7.0.0 M3