Securing Web Services
Liferay ships with APIs for just about all of its functionality. You can use these APIs to interact programmatically with Liferay’s entities or objects you’ve created yourself.
Service Access Policies define what services or service methods can be invoked remotely. Regardless of whether a user has authenticated and/or authorized access, if a service access policy does not grant access to a service, it cannot be called remotely.
Here, you’ll learn how to tune the service access policies appropriately for your use.
Cross-origin resource sharing (CORS) defines for browsers what resources on your Liferay system may be shared to other domains, or origins. If you have an application on a separate domain that needs access to a resource stored on your Liferay system, you must configure CORS. You’ll deploy a sample app and learn how.
Next: Service Access Policies