-
Type:
Feature Request
-
Status: Won't Do
-
Priority:
Minor
-
Resolution: Discarded
-
Affects Version/s: None
-
Fix Version/s: None
-
Component/s: Portal Services, Web Services, Web Services > JSON WS
-
Labels:
Description:
Currently, the jsonws api is accessible to everyone (jsonws.servlet.hosts.allowed property is empty by default which means unrestricted access to any client).
(The link to access it is: http://localhost:8080/api/jsonws)
If you set this property to something else, the api will become inaccessible along with the UI.
In the next Liferay version, we would like to have the following features / changes:
1. Securitywise the default setting should be more restrictive (as with other services, by default only 127.0.0.1,SERVER_IP should be allowed).
2. There should be a seperate setting to disable the UI interface even if the service is enabled.