Reputation: 2864
Implementing a permalink mechanism in Liferay Portlet
I am trying to create a permalink system for the portlets I'm developing (Spring MVC, Liferay 6.0.6). My idea was to create and map a special URL, so I used to append a query string to the current URL. It worked fine until I tried to use the link after a log-out/log-in.
http://localhost:8080/web/guest/home?p_auth=ASDFGH&p_p_id=xviewer_WAR_xviewer_INSTANCE_Yz9i&p_p_lifecycle=1&p_p_state=normal&p_p_mode=view&p_p_col_id=column-2&p_p_col_count=1&_xviewer_WAR_xviewer_INSTANCE_Yz9i_action=permalink&xQuery=asd
the problem is that Liferay screams about not enough privileges, which of course make sense. How should I do it?
Upvotes: 1
Views: 1646
Answers (1)
Reputation: 3865
I guess the problem is with p_auth=ASDFGH
Can you, for test, put
auth.token.check.enabled=false
in portal-ext.properties, restart server, make your link again and test it.
If it works than you have several options to disable token check for specific portlet/action.
Following properties are "Authentication Token" settings from portal.properties
#
# Set this to true to enable authentication token security checks. The
# checks can be disabled for specific actions via the property
# "auth.token.ignore.actions" or for specific portlets via the init
# parameter "check-auth-token" in portlet.xml.
#
auth.token.check.enabled=true
#
# Set the authentication token class. This class must implement
# com.liferay.portal.security.auth.AuthToken. This class is used to prevent
# CSRF attacks. See http://issues.liferay.com/browse/LPS-8399 for more
# information.
#
auth.token.impl=com.liferay.portal.security.auth.SessionAuthToken
#
# Input a list of comma delimited struts actions that will not be checked
# for an authentication token.
#
auth.token.ignore.actions=\
/asset/rss,\
\
/blogs/rss,\
\
/document_library/edit_file_entry,\
\
/journal/rss,\
\
/image_gallery/edit_image,\
\
/login/login,\
\
/message_boards/rss,\
\
/wiki/edit_page_attachment,\
/wiki/rss
#
# Set the shared secret that is used for requests where it is not possible
# to generate an authentication token (i.e. WSRP).
#
auth.token.shared.secret=BAHyWOT9TbPB
Upvotes: 1
Related Questions
- Liferay portlet: liferay friendly custom Url parameter
- add URL parameter in render method for liferay portlet
- Dynamic URLs for a Liferay Portlet
- Liferay 6.1 + Spring MVC Portlet 4.0: Friendly URL Mapping
- Creating a Liferay portlet configuration page
- Portlet:actionurl is not going to @Actionmapping in controller
- How to show site page urls in Liferay jsp portlet?
- How to make my Spring portlet URL Friendly?
- Generate an URL to different portlet in Liferay
- Creating a permalink to a certain portlet state