Access denied error message is thrown in the browser with XML format of the rest API

Issue

  • After passing the authorization in the HTTP header and while hitting the URL http://localhost:8080/o/greetings/morning, the web service responds to the request with the below error message [XML format] in the browser. 
<Forbidden><message>Access denied to sample.rest.application.Samplexxxx#working</message></Forbidden>
  • Steps to create the rest API:
    • Please follow this help center article to create a rest module API
    • In this article, the JAX-RS sample module is unchanged except for configuration properties in the @Component annotation.
    • Note: Please ensure the following as per the requirement
      • Service endpoint, Service as it appears in the authentication, properties may be required for further configuration.
    • Reference:
      • Rest_module.gif
  • Steps to replicate the issue: 
    • Start the server and log in using admin credentials.
    • Deploy the sample rest plugin
    • Authenticating to JAX-RS web services
      • OAuth 2 authentication:
        • Navigate to Control Panel → Configuration → OAuth2 Administration
        • Click on the plus icon and add an application using a descriptive name
        • For example: Select the "Headless Server profile" template which auto-selects the Client Credentials authorization type.

oauth.PNG

        • Note: Copy the Client ID and Client Secret from this created application and use these to authenticate to your web service.
      • In this example, requesting the OAuth token using the curl tool.
      • Execute the below command using the respective client_id and client_secret of your application.
curl http://localhost:8080/o/oauth2/token -d 'grant_type=client_credentials&client_id=id-XXXXXXXXXXXXXXXX&client_secret=secret-XXXXXXXXXXXXXXXXXXXXXXXXX'

Response-JSON.PNG

      • The token is generated as below with JSON format.
{"access_token":"XXXXXXXXXXXXXXXXXXXXXXXXXX","token_type":"Bearer","expires_in":600}
      • Using the generated token, I have executed the below command to call the service
      • Observed behavior:
        After passing the authorization in the HTTP header and while hitting the URL http://localhost:8080/o/greetings/morning, the web service responds to the request with the below error message [XML format] in the browser. 
<Forbidden><message>Access denied to sample.rest.application.Samplexxxx#working</message></Forbidden>

Environment

  • Liferay-dxp-7.2.10-ga1 bundle with Liferay-fix-pack-dxp-1-7210
  • HSQL database [Liferay DXP is initially configured to use the embedded HSQL database but the HSQL DB is primarily intended for demonstration and trial purposes.]

Resolution

  • Below steps will help to resolve the issue:
    • Create a public endpoint for development purposes. In this example, For public services, setting with the below two properties under the property of @Component annotation.  
"auth.verifier.guest.allowed=true",
"liferay.access.control.disable=true"
    • Rebuild the plugin after adding the endpoint as per the requirement and deploy it.
    • Note Please have a look at this article "Service Access Policies" for further information.
  • With authorization, your web service can be called and responds to the request. In this example, web service gets called and responds to the request as below.

 

Works.jpgGood_morning.jpgwith_param.jpg

Additional Information

这篇文章有帮助吗?
1 人中有 0 人觉得有帮助