I'm considering using Liferay's permission system to implement access security in an external Java application (not a portlet). Liferay has robust features for managing users, groups, roles, permissions and resources. It would be great if I could leverage those instead of re-inventing the wheel in our external app.
Liferay and our external application are configured to use the same CAS and LDAP for authentication, so they share the same users.
So far I've successfully used Liferay's JSON-WS API to manage a user's Roles. This is great but I need to take it to the next step.
Can I define and manage Liferay Permissions and Resources using the JSON-WS API?
I see API methods for checking if a user has certain permissions (ie. has-user-permission) but I don' see methods for creating and assigning Permissions and Resources.
Admittedly, I need to better understand how permissions and actions are defined in Liferay. From what I understand, permissions and actions are defined in XML files which are associated with specific portlets.
In our case, the external app won't have any portlets so how would I define custom permissions and actions? (maybe create a custom portlet which is only used for defining actions and resources?). I would still need a way to define resources programmatically since resources would need to be created for certain domain objects in our external app.
I know this is old but I wanted to answer this anyway for future reference.
You have a novel idea here but I don't quite understand yet how do you plan to check if a user has a specific permission in your application. Do you plan to query the Liferay JSON-WS API on every request to verify you have permission? If you do it on the server side then you might get a performance penalty but otherwise the idea seems OK. But don't do it on the client side (in-browser via javascript) - The user could manipulate the request or response to gain access to sensitive information.
As far as I know you cannot define Permissions and Resources using the JSON-WS API but they are stored in the database and you CAN create your own JSON-WS service via Service Builder to expose those features for your application.
As far as defining the permissions goes - Since you are going to have to build your own service to manage things anyway then you might as well define your permissions using the proper XML based configuration and deploy those along with the service.
I'm a little bit curious on what solution you ended up with because I assume that you have already finished this project.
来源:https://stackoverflow.com/questions/15367895/how-to-use-liferays-permission-system-in-other-applications