-
Notifications
You must be signed in to change notification settings - Fork 7
Introduction
This module, liferay-connector, aims to be the reference Liferay’s JSON WS wrapper for Node.js and Titanium SDK. More generally, this is a wrapper which supports every platform where @visionmedia’s superagent runs. For Titanium SDK SMC has in fact developed ti-superagent.
Currently the only authentication mechanism supported is Basic Auth. Once things settle it will be possible to use Liferay as a OAuth Provider, and liferay-connector as a OAuth Consumer. There’s no tangible plan for this at the moment.
The original Liferay Mobile SDK supports Liferay Portal version 6.2 and later, this connector instead extends that support back to Liferay 6.1.x—both CE and EE.
But in Liferay 6.2 an important change has been made: all JSON WSs require a valid authentication. To ensure that this connector does not impose difficulties in the process of transition a 6.1.x portal to Liferay 6.2, all requests will require a valid authentication, even for Liferay 6.1.
This connector works perfectly with custom made services in your plugins.
There are a few important notes to be done about JSON WS and security.
First of all let’s clarify once for all what actually JSON WS are: they are a RMI-like protocol (Remote Method Invocation) over HTTP and JSON format. What methods can be called then? Those that are in the so called “secure” services, those that are not inside *LocalServices.
This means that whatever security check you do in your actions, it will be completely bypassed using JSON WS. Let’s imagine a plugin that implements a custom blog: if in your BlogPortlet.updatePost you do a permission-like check and then you call BlogPostServiceUtil.updatePost()… Well, you’re going to have a bad time.