Portlet

This property sets the default virtual path for all hot deployed portlets. See liferay-portlet-app61_0.dtd and the virtual-path element for more information.

portlet.virtual.path=

Set this property to true to validate portlet.xml against the portlet schema.

portlet.xml.validate=true

Portlets that have configured liferay-portlet.xml with the element add-default-resource set to true will allow those portlets to be dynamically added to any page by any user. This is useful (and necessary) for some portlets that need to be dynamically added to a page, but it can also pose a security risk because it allows any user to do it.

Set this property to true to add a security check around this behavior. If set to true, then portlets can only be dynamically added to a page if they contain a proper security token. This security token is automatically passed when using a portlet URL from one portlet to another portlet.

Modify the property portlet.add.default.resource.check.whitelist to whitelist certain portlets from this security check.

The security check utilizes the implementation set in the property auth.token.impl.

portlet.add.default.resource.check.enabled=true

Set a list of comma delimited portlet ids for portlets that will bypass the security check set in the property portlet.add.default.resource.check.enabled.

portlet.add.default.resource.check.whitelist=3,56_INSTANCE_0000,58,82,86,87,103,113,145,164,166,170,177

Input a list of comma delimited struts actions that will bypass the security check set in the property portlet.add.default.resource.check.enabled.

portlet.add.default.resource.check.whitelist.actions=\
    /journal/rss,\
    /language/view

Input a regular expression to ban paths that cannot be used to serve resources in portlets.

portlet.resource.id.banned.paths.regexp=.*/(?:META-INF|WEB-INF)/.*