Liferay portal’s permissions framework is configured declaratively. Put all the permissions in an XML file called default.xml. Then you implement permissions checks in the following places in your code:
- View layer.
- In the actions, performing a protected action.
- service layer, calling the local service.
Step 1. Define the permissions file and where it is located. src/main/resources/. You’ll define resource and model permissions in the module where your model is defined. portlet.properties.
Step 2. Define portlet permissions. These are managed in the guestbook-web module, which contains the portlet class.
Step 3. Implement the Java code to support permissions in the service layer. Resources are data stored with your entities that define how they can be accessed. To manage the resources, all you must do is call the API in the service’s add and delete methods.
Step 4. Create permissions helper classes to check permissions.
Step 5. Check permissions in the UI.