Understanding Service Access Policies
Use the service access policy tool to set which web services have public access. You can view a list of the default policies. Follow the steps below to add a new policy. See setting service access policies to learn more.
Note that by default, Liferay’s service access policies do not grant public access to any APIs.
The example below is for demonstration purposes only. Granting access to these services makes them public facing and typically should be paired with authentication.
Make an API request without passing any credentials.
Note, that a forbidden error response is returned.
Navigate to Global Menu () → Control Panel → Service Access Policy.
Click Add ().
Configure the new policy as follows:
MY_USER_ACCOUNT_GUEST_ACCESSas the name.
- Toggle the enabled switch on.
- Toggle the default switch on.
My User Account Guest Accessas the title.
com.liferay.headless.admin.user.internal.resource.v1_0.UserAccountResourceImplas the service class.
getMyUserAccountas the method name.
- Click Save.
Make the same API request.
Liferay now returns the user account info of the guest user. Allow or deny access in this way for other services.
Next: Cross-Origin Resource Sharing