Submit Feedback
Legacy Knowledge Base
Published Sep. 10, 2025

How to connect to API Rest using Digest Auth in 7.1

Written By

Roberto Díaz

How To articles are not official guidelines or officially supported documentation. They are community-contributed content and may not always reflect the latest updates to Liferay DXP. We welcome your feedback to improve How To articles!

While we make every effort to ensure this Knowledge Base is accurate, it may not always reflect the most recent updates or official guidelines.We appreciate your understanding and encourage you to reach out with any feedback or concerns.

Legacy Article

You are viewing an article from our legacy "FastTrack" publication program, made available for informational purposes. Articles in this program were published without a requirement for independent editing or verification and are provided"as is" without guarantee.

Before using any information from this article, independently verify its suitability for your situation and project.

Issue

  • It's not possible to accces to an endpoint in 7.1 when using Digest Auth using the same configuration as used in higher versions (for our example we'll use 7.3).
  • For the reproduction steps we'll use:
    • the same endpoint used in How To Invoke A Service, namely http://localhost:8080/o/headless-delivery/v1.0/sites/20127/blog-postings/,
    • POSTMAN with Digest Auth.
  • In Liferay, add this configuration in System Settings/API Authentication/Digest Authentication:
    • Force Digest Authentication (check).
    • Enabled (check).
    • URLs Includes (/o/headless-delivery/v1.0/sites/[groupId]/blog-postings/) - use the group Id of your system, in our case 20127.

  • In Postman, create a new GET request as seen in this image and send it.

    Captura_de_pantalla_2021-11-05_a_las_7.30.31.png

  • Results:

    7.3: SUCCESS:

    Captura_de_pantalla_2021-11-05_a_las_7.31.20.png

    7.1: Error (403 forbidden):

    Captura_de_pantalla_2021-11-05_a_las_7.31.41.png

Environment

  • This solution was tested in 7.1.

Resolution

  • Every time a request is made to the portal, it passes through the filters chain reaching the AuthVerifierFilter

    The AuthVerifierFilter uses the AccessControl implemented by AccessControlImpl that verifies the request using the AuthVerifierPipeline.

    The AuthVerifierPipeline implement the following workflow to verify the request:

    • Get the possible authVerifierConfigurations depending on the request
    • Check each possible AuthVerifierConfiguration with the correspondent AuthVerifier to try to verify the request
    • In case there is no positive verification it creates a Guest result to check later if the request can be made as guest

    In the particular case of Digest Auth there is a change of behavior between 7.3 and 7.1 that makes that DigestAuth is not being selected as a candidate to verify the request.

    That is because in 7.1 it process the path of the request removing the context of the application, so if we have a request to /o/headless-delivery/v1.0/sites/20127/blog-postings, it removes the /o/headless-delivery part and leaves the /v1.0/sites/20127/blog-postings to check for the Digest Auth configurations.

  • In 7.1, if there is a Digest Auth configuration with the URLs Include to /v1.0/sites/20127/blog-postings, it will work correctly giving a successful response and the result.

  • In 7.3, as explained, the Digest Auth configuration should be the complete path /o/headless-delivery/v1.0/sites/20127/blog-postings, instead.

Additional Information

 

Did this article resolve your issue ?
Legacy Knowledge Base
Did this article resolve your issue ?