How to allow unauthenticated (guest user) requests for GraphQL
How To articles are not official guidelines or officially supported documentation. They are community-contributed content and may not always reflect the latest updates to Liferay DXP. We welcome your feedback to improve How To articles!
While we make every effort to ensure this Knowledge Base is accurate, it may not always reflect the most recent updates or official guidelines.We appreciate your understanding and encourage you to reach out with any feedback or concerns.
Issue
- I implemented ReactJS Widget that relies on GraphQL requests for custom object values, with a widget exposing object entries to the public. However, unauthenticated GrapQL requests are disabled by default and guest users cannot see the widget content.
- Is there way to enable GraphQL for guest users?
Environment
- Liferay Quarterly Release 2024.q3
Resolution
- To enable GraphQL object entry visibility for guests, grant view permissions to guests for the associated object.
- If the object has an ObjectRelationship, you will also need to navigate to "Control Panel --> Security --> Service Access Policy" and create the following Service Access Policy → OBJECT_DEFAULT:
- Service Class: com.liferay.object.rest.internal.resource.v1_0.ObjectEntryRelatedObjectsResourceImpl
- Method Name: getCurrentObjectEntriesObjectRelationshipNamePage
This method retrieves the related object entries based on the ObjectRelationship.
did-this-article-resolve-your-issue