是否可以通过JSON-WS API远程调用ResourceLocalService? [英] Can the ResourceLocalService be called remotely via the JSON-WS API?
问题描述
我正在尝试使用JSON-WS API创建Liferay权限资源.我没有在http://localhost:8080/api/jsonws中找到任何用于创建资源的JSON-WS API注册服务方法.
I'm trying to create a Liferay permissions resource using the JSON-WS API. I haven't found any JSON-WS API registered service methods in http://localhost:8080/api/jsonws for creating Resources.
根据 JSON Web服务 docs,您可以通过添加@JSONWebService批注来远程启用服务.对于我来说,目前尚不清楚,如果尚未公开Liferay的内置服务,则如何以及是否可以注册.
According to the JSON Web Services docs, you can remotely enable services by adding the @JSONWebService annotation. It is not clear to me how and if you can register Liferay's built-in services if they aren't already exposed.
此外, Javadocs 针对ResourceLocalService的特定状态为:
Also, the Javadocs for ResourceLocalService specifically state:
这是一项本地服务.该服务的方法将没有 基于传播的JAAS凭据进行安全检查,因为 只能从同一VM内访问服务.
This is a local service. Methods of this service will not have security checks based on the propagated JAAS credentials because this service can only be accessed from within the same VM.
那么,甚至可以使用JSON-WS API远程访问ResourceLocalService的方法吗?如果是这样,您能指出正确的方向吗?
So is it even possible to access methods of ResourceLocalService remotely with the JSON-WS API? If so, can you point me in the right direction of how to do it?
PS:我已经在外部应用程序中成功使用JSON-WS API来处理已经发布并列在http://localhost:8080/api/jsonws
PS: I am successfully using the JSON-WS API in my external application for service methods that are already published and listed in http://localhost:8080/api/jsonws
推荐答案
我用于此目的的方法是编写自己的服务,该服务没有数据表,但是公开了一些JSON WS方法.您可以在一个插件项目中使用服务构建器的选项来创建远程服务(我使用了Portlet插件,因为我的应用程序中包含Portlet,但我相信它也可以在一个钩子插件中完成).
The approach I've used for this is to write my own service that has no data tables, but exposes some JSON WS methods. You do this in a plugin project using service builder's option for creating remote services (I used a portlet plugin because my app has portlets in it, but I believe it could be done in a hook plugin just as well).
service.xml的简短摘录:
Quick excerpt from a service.xml:
<entity name="UserNotification" local-service="true"
remote-service="true">
</entity>
没有字段,没有发现者...只是实体名称.
No fields, no finders... just the entity name.
然后,在插件项目的UserNotificationServiceImpl中,创建要公开的方法,并对所涉及的Liferay服务进行常规服务调用(您负责使用权限检查器,此处没有关于安全性的自动信息).重新构建服务时,ServiceBuilder将对您的方法进行逆向工程,并创建远程服务API.
Then in your plugin project's UserNotificationServiceImpl you create the methods you want to expose and make regular service calls to the Liferay service in question (you are responsible for making use of the permission checker, there's nothing automatic about security here). When you re-build your services ServiceBuilder reverse engineer's your methods and creates the remote service API.
然后比较棘手的一点是调用您的自定义API,该自定义API的形式与您对内置API的调用不同.假设您希望该服务需要身份验证,并为您的方法提供一个用户上下文以与权限检查器一起使用,您可以通过以下形式进行调用:
The tricky bit is to then call your custom API, which will have a different form than the calls you make to the built-in API. Assuming you want the service to require authentication and give your method a user context to use with the permission checker you make the call in this form:
https://user:passwd@example.com/api/secure/jsonws/plugin-name.entity-name/method? ...parameters
还有其他调用格式,但是关键是要直接寻址Liferay,然后使用该点分符号来标识插件和实体.如果您在其自己的应用程序上下文中解决您的插件
There are other calling formats, but the key thing is that you address Liferay directly, and then identify the plugin and entity using that dotted notation. If you address your plugin in its own application context
https://user:passwd@example.com/plugin-name/api/secure/jsonws/entity-name/method? ...parameters
您将不会获得身份验证上下文,因此将无法使用权限检查器.不幸的是,您会在Liferay网站周围找到大量材料,告诉您以这种方式进行呼叫.不要.
You will not get the authentication context, so you won't be able to use the permission checker. Unfortunately you will find a fair amount of material laying around the Liferay site that tells you to make the call this way. Don't.
I haven't addressed all details (configuration settings, calling nuances, etc) But the new documentation in the Developer Guide addresses them fairly well now. So be sure to study that.
您还将希望阅读但是请注意-您可能习惯于使用门户网站提供的API页面作为服务参考.这对于内置服务来说不错,但是对于插件提供的服务而言,此页面不可靠,因为它给出了错误的示例.随便看看文档.
But be warned -- you are probably used to using the API page provided by your portal as a reference for the services. This fine for in-built services, but for services provided by plugins, this page is not reliable, as it gives incorrect examples. Go by the docs.
这篇关于是否可以通过JSON-WS API远程调用ResourceLocalService?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
