The Proposals Wiki has been deprecated in favor of creating Feature Requests in JIRA. If you wish to propose a new idea for a feature, visit the Community Ideas Dashboard and read the Feature Requests Wiki page for more information about submitting your proposal.
« Back to FrontPage

Feeds and authentication

From the Jira Issue: Before Liferay 5.2.x you could access Message Board RSS feeds (and other) from a private page without authentication. Since 5.2.x you must authenticate for accessing such a feed. Instead of using HTTP (Basic) Authentication, you must use the form-based auth (or OpenID, CAS-SSO,..)

That is very annoying, because common feed readers only know to authenticate by using HTTP Authentication. And the is a property in portal.properties where you can set the non auth paths "auth.public.paths". If this property is there and "/message_boards/rss" in included in this property, there should be no authentication required for feeds.

So what is the point? Either the entries in "auth.public.paths" are respected with no exceptions, or feeds should be accessible by using HTTP (Basic) Authentication, if a feed is from a Message Board in a private community.

What about OpenID, CAS-SSO and other Single Sign-On systems? They should also be supported, otherwise the access to RSS feeds might be broken again, if you use any kind of SSO

0 Attachments
12707 Views
Average (2 Votes)
The average rating is 5.0 stars out of 5.
Comments
Threaded Replies Author Date
Would like to recommend adding PKI Authentication. Krista M Leopold November 24, 2009 7:30 AM
One solution is posted in Jira... Tobias Käfer December 8, 2009 3:38 AM
Thanks Tobias, I'll try your solution. Hope... Lari Tuominen February 25, 2010 2:21 AM

Would like to recommend adding PKI Authentication.
Posted on 11/24/09 7:30 AM.
One solution is posted in Jira http://issues.liferay.com/browse/LPS-3622
This covers only wiki, blog and message-board feeds.

It does not cover the activities portlet, since this one uses a URL that is cannot be filter in servlet containers, since you cannot create something like this:
<url-pattern>/group/*/*/-/activities/rss/*</url-pattern>
Posted on 12/8/09 3:38 AM.
Thanks Tobias, I'll try your solution. Hope this will be fixed soon.
Posted on 2/25/10 2:21 AM in reply to Tobias S. Käfer.