Uploaded image for project: 'PUBLIC - Liferay Portal Community Edition'
  1. PUBLIC - Liferay Portal Community Edition
  2. LPS-63773

The jsonws api should not be exposed by default

    Details

      Description

      Description:
      Currently, the jsonws api is accessible to everyone (jsonws.servlet.hosts.allowed property is empty by default which means unrestricted access to any client).
      (The link to access it is: http://localhost:8080/api/jsonws)
      If you set this property to something else, the api will become inaccessible along with the UI.

      In the next Liferay version, we would like to have the following features / changes:

      1. Securitywise the default setting should be more restrictive (as with other services, by default only 127.0.0.1,SERVER_IP should be allowed).
      2. There should be a seperate setting to disable the UI interface even if the service is enabled.

        Attachments

          Activity

            People

            Assignee:
            Unassigned
            Reporter:
            peter.petrekanics Peter Petrekanics
            Votes:
            2 Vote for this issue
            Watchers:
            1 Start watching this issue

              Dates

              Created:
              Updated:
              Resolved:

                Packages

                Version Package