Can anyone please tell me how we can Restrict Access to Liferay api/jsonws page for normal users. api/jsonws page should be accessible only for admin users.

Do we have any option to do that in Liferay.

Can anyone please help me on this

I guess this feature is not in Liferay 6.2 :(

jsonws.web.service.api.discoverable=false

Reference : https://issues.liferay.com/browse/LPS-50668

Options which i am aware about you can do in 6.2

1. ServletFilter Hook

Write your logic there //write specific pattern

<servlet-filter>
      <servlet-filter-name>ServiceAccessPage</servlet-filter-name>
      <servlet-filter-impl>com.check.access.ServiceAccessPage</servlet-filter-impl>
       <init-param>
            <param-name>initparam</param-name>
             <param-value>Hi IP Address Filter</param-value>
              </init-param>
            </servlet-filter>
            <servlet-filter-mapping>
             <servlet-filter-name>ServiceAccessPage</servlet-filter-name>
                 <url-pattern>/api/jsonws</url-pattern>
                   <dispatcher>REQUEST</dispatcher>
                    <dispatcher>FORWARD</dispatcher>
            </servlet-filter-mapping>

inside ServiceAccessPage.java

    public void doFilter(ServletRequest request, ServletResponse response,
        FilterChain chain) throws java.io.IOException, ServletException {
//get user & Redirect to session.setAttribute(WebKeys.LAST_PATH, redirectionFailPath);
         logger.info("DoFilter method being called");
       }

2. Crete service action Pre Action.

[This will be called before every every action :(]

Get user from request, & Manage Landing page accordingly.

3. Use EXT

write one property to turn off/on page & Override JSONWebServiceServlet

you can custom auth.verifier for /api/jsonws/* by implementing AuthVerifier

and add these properties

auth.verifier.YOURAUTHVERFIER.urls.includes=/api/jsonws/*

please refer to this sample project