Submit Feedback
Legacy Knowledge Base
Published Jul. 2, 2025

JSON Authentication for Custom Portlets

Written By

Justin Choi

How To articles are not official guidelines or officially supported documentation. They are community-contributed content and may not always reflect the latest updates to Liferay DXP. We welcome your feedback to improve How To articles!

While we make every effort to ensure this Knowledge Base is accurate, it may not always reflect the most recent updates or official guidelines.We appreciate your understanding and encourage you to reach out with any feedback or concerns.

Legacy Article

You are viewing an article from our legacy "FastTrack" publication program, made available for informational purposes. Articles in this program were published without a requirement for independent editing or verification and are provided"as is" without guarantee.

Before using any information from this article, independently verify its suitability for your situation and project.

Liferay will support our API and resolve any issues and answer any questions having to do with the API itself or any other part of Liferay's software. Issues and questions regarding custom development may be handled by our Global Services team or by the developer of those customizations.

If a customer is using JSON authentication for a custom portlet, the Liferay API in regards to the service call must be included. Otherwise, users may have to authenticate their sign in credentials a second time. Because this article involves a custom portlet, some of the information should be adapted for specific environments.

Resolution

Before compiling the portlet, modify the portlet's view.jsp accordingly from:

code>
	function callService2()
	{
	Liferay.Service('/api/jsonws/[custom portlet name].thing/find-all-things',
		function(obj) {
		    console.log(obj);
		  }
		);
	}

to

code>
	function callService2()
	{
	Liferay.Service('/[custom portlet name].thing/find-all-things',
		  function(obj) {
		    console.log(obj);
		  }
		);
	}
  1. Compile the custom portlet.
  2. Start a Liferay bundle.
  3. Use all default options and leave Hypersonic as the default database.
  4. Stop the application server.
  5. Create a newportal-ext.propertieswith the following properties: 
    code>
		auth.token.check.enabled=false
		json.service.auth.token.enabled=false
		jsonws.web.service.public.methods=get*,has*,is*,save*,xx*,remove*,update*
		json.service.public.methods=get*,has*,is*,save*,xx*,remove*,update*
  6. Place the portal-ext.properties in the same directory with portal-setup-wizard.properties
  7. Restart the portal.
  8. Deploy the custom portlet.
  9. Open a new browser window that does not have any session information on cookies. For Chrome users, use the Incognito window feature. (All the examples will be using Chrome. For Firefox and Internet Explorer users, the corresponding features are Private Windows and InPrivate Browsing, respectively.)
  10. Click Go to > My Private Pages
  11. Create a private page named Hello World. The resulting URL will be: http://localhost:8080/group/[username]/hello-world
  12. Add the custom portlet to that page.
  13. Close the browser.
  14. Open a new Incognito Chrome window with two tabs:
    • http://localhost:8080/
    • http://localhost:8080/[custom portlet name]/api/jsonws
  15. Do not log in yet. At this point, users will be prompted for authentication on the second browser tab.
  16. Close the second tab.
  17. Log in to the portal on the first browser tab.
  18. Open a new tab to this URL: http://localhost:8080/[custom portlet name]/api/jsonws. Notice that the user is authenticated and does not need to log in again.

Additional Information

JSON Web Services (Liferay Portal 6.1 Developers Guide)

Did this article resolve your issue ?
Legacy Knowledge Base
Did this article resolve your issue ?