Service access policy is a second from four of Liferay’s API security layers. Together with IP Permission Layer, Authentication and verification layer and User permission layer is responsible for securing access to web services provided by portal instance.

If you develop new REST Builder REST/GraphQL endpoint’s it’s a common requirement to setup an access for those API’s for an unauthenticated portal user- Guest which is by default forbidden.

1. allowed-service-signatures provides the same functionality as Advanced Mode

Resource permissions.

Resource permissions are set per company are verifiable with followin API call.

Portlet permissions.

Following snippet creates expando attribute canonical-url with permissions to view by guest user.

Site element must always have site-friendly-url attribute. Guest site is determined by default attribute with true value. All content like pages, articles, documents etc. is always created within a specific site.

Files new_structure.xml and new_structure_template.ftl are deployed as a part of a module that is using the db-setup-core library and reside in it’s classpath.

File artcle.xml is deployed as a part of a module that is using the db-setup-core library and reside in it’s classpath.

Document’s file itself is determined by file-system-name attribute which defines resource on classpath.

• switched to JDK11

• upgraded and tested all features in example setup with Liferay Portal 7.4.3.86

• attached two tests from lundegaard fork, credit goes to Jakub Jandak, thank you!

• improved documentation

• fixed bug when handling multiline service access policy

• added an ability to create/update/delete Service Access Policies

• refactored common mock setup into a separate class

• fixed setup for multiple companies/groups

• upgraded test harness to latest mockito, added basic tests for multiple company/groups setup execution

• fixed SonarCloud scan integration with GitHub actions, TODO: pull request decoration

• fixed configuration related resource reading, library can read e.g. article files from caller bundle, credit goes to Milan Kuljovsky- thank you!

• article-structure-key and article-template-key article element attributes are required as there are no defaults for those values

• target Liferay Portal version is still minimum 7.3.6 (GA7)

• fix: add individual resource for permissions setup in case there are declared not for portlet but a model-resource, allows to use hasUserPermission method for the custom resource id string and a primKey = companyId

  Fixed configuration

      <resource-permissions>
          <resource resource-id="custom.resource.id-not.a.portlet.id">
              <actionId name="SOME_PERMISSION">
                  <role name="Some Portal Role"/>

• version changed from 4 to 3 numbers, build version will increment every time there is a new feature or bugfix

• improved docs

• Bumped target Liferay Portal version to minimum 7.3.6 ga7.

• Improved category/vocabulary idempotency, it’s possible to update categories and vocabularies with optional uuid, before categories/vocabularies were identified only by name. That allows to update a category name which wasn’t possible before.

• Improved categories/vocabulary updates performance, update is only issued if anything in the definition differs compared to the data in the DB.

• Category by_name search is scoped only to a particular vocabulary.

• Added property element in categories that allows to define AssetCategoryProperty. These are identified by a key.

  Tip	TODO: deletion of existing property.

• divided xsd to "elements" and "types" parts, replaced many element references with types which improves naming flexibility

• every xsd type follows is camel cased and suffixed with word: Type, e.g. UuidType

• simplified dependency management with release.portal.bom

• removed shade maven plugin as portal exports com.liferay.portlet.asset.util package already in org.eclipse.osgi_3.13.0.LIFERAY-PATCHED-11 bundle

• OSGI descriptors in JAR, the bundle can be deployed and work as a standalone Liferay 7.x bundle

• instance import feature added, credit goes to @bimki - thank you!

• portal properties feature added, credit goes to @fabalint - thank you!

• new helper methods to run the setup (ported from 1.x branch):

  • com.ableneo.liferay.portal.setup.LiferaySetup#setup(java.io.InputStream)

  • com.ableneo.liferay.portal.setup.LiferaySetup#setup(java.io.File)

• fixed categorization idempotency (vocabulary and category name handling)

• fixed language handling for groups

• improved javadoc in entrypoint com.ableneo.liferay.portal.setup.LiferaySetup class

• upped dependencies to Liferay 7.3.5, credit goes to @fabalint - thank you!

• changed versioning so that major.minor.patch version reflects target platform, build version will be used to track changes in the library

• documentation format conversion from markdown to aciidoc

• added slf4j and changed logger in few classes for more ergonomic log message interpolation (Liferay 7.x provides slf4j by default)

• added prettier formatter to the project

• added build environment setup automation with nix

• it’s possible to use more than one company id per configuration file, the configuration will be applied to all listed companies

• tag names in configuration follow unified naming convention: word-word

• run-as-user renamed to run-as-user-email to be explicit about expected value

• added missing documentation to few xml elements

• setup xsd provides a version attribute

• configured sonar analysis on each commit

• configured maven test / coverage runner

• maven project structure has changed to single-module

• companyId, groupId and runAsUserId are set in Setup class and propagated to all involved Utils with SetupConfigurationThreadLocal context class

• improved MarshallUtil performance

• introduced unit tests

• most of the problems reported by sonar are fixed

• improved logging

• Added resource class name when creating ADT

• Fix user expando assignement

• Allow add categories and summaries to articles