Uploaded image for project: 'PUBLIC - Liferay Portal Community Edition'
  1. PUBLIC - Liferay Portal Community Edition
  2. LPS-41843

Add white and black list for JSONWebService paths

    Details

    • Type: Story
    • Status: Closed
    • Priority: Minor
    • Resolution: Completed
    • Affects Version/s: 6.2.0 CE GA1
    • Fix Version/s: 6.2.0 CE GA1, 7.0.0 M3
    • Component/s: Web Services
    • Labels:
      None

      Description

      Add portal.properties flags for including/excluding JSONWebService methods, i.e. paths.

      Example usages

      Enable just /address/* and /user/* APIs:

      jsonws.web.service.paths.included=/address/*,/user/*
      jsonws.web.service.paths.excluded=
      

      Enable all APIs but exclude marketplace portlet

      jsonws.web.service.paths.included=
      jsonws.web.service.paths.excluded=/marketplace-portlet/*
      

      Enable part of the APIs but exclude dangerous methods

      jsonws.web.service.paths.included=/user/*,/address/*,....
      jsonws.web.service.paths.excluded=/user/update-password,/user/set-role
      

      So you have both whitelist and blacklist functionality in one.

      This list might be important if some security issue appears in the future - this way our users may very easily remove some API without rebuilding the server. See LPS-41317 for an example.

        Attachments

          Activity

            People

            • Votes:
              0 Vote for this issue
              Watchers:
              0 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved:

                Packages

                Version Package
                6.2.0 CE GA1
                7.0.0 M3