Uploaded image for project: 'PUBLIC - Liferay Portal Community Edition'
  1. PUBLIC - Liferay Portal Community Edition
  2. LPS-44605

It's not possible to call remote services from a public remote method

    Details

      Description

      Let's disable authentication for a remote service method using @AccessControlled(guestAccessEnabled=true).

      During non-authenticated web service call when this method use another remote service (GroupServiceUtil, UserServiceUtil, ...) the access to non-public remote service is denied, because:
      1, the non-public service is annotated with guestAccessEnabled=false
      2, we are still in a remote call

      See AccessControlAdvice and AccessControlAdvisorImpl.

      guestAccessEnabled=true should only disable authentication but not permission checking.

      Workaround: use only local services and always check permissions manually.

        Attachments

          Issue Links

            Activity

              People

              Assignee:
              shitian.zhang Shitian "Shelton" Zhang (Inactive)
              Reporter:
              tomas.polesovsky Tomáš Polešovský
              Participants of an Issue:
              Recent user:
              Esther Sanz
              Votes:
              4 Vote for this issue
              Watchers:
              4 Start watching this issue

                Dates

                Created:
                Updated:
                Resolved:
                Days since last comment:
                5 years, 4 weeks, 5 days ago

                  Packages

                  Version Package
                  7.0.0 Alpha 1