Live Sessions

Live streaming of technical topics for Liferay Developers

You will find past session replays here. You can also find them on our YouTube channel.

Automated testing of Liferay plugins with Arquillian

When: 18 November 2014 @ 1500 GMT

Led by: Carlos Sierra

Testing Liferay plugins used not to be an easy task. In this talk we will go through the current and future arquillian integrations to test Liferay plugins using Arquillian. Arquillian is an innovative and highly extensible testing platform for the JVM that enables developers to easily create automated integration, functional and acceptance tests for Java middleware.

Pre-Session Setup and Needed Materials

Basic setup requirements before the session:

  • A running Liferay 6.2 installation (with no modifications needed)
  • A development environment (like Liferay IDE) to be able to create and deploy portlets

If you are going to follow along at home, have this github repo handy.

Faceted Search, OpenSearch, and "Frankensearch"

When: 13 November 2014 @ 1500 GMT

Led by: Andrew Jardine

In this session, follow Andrew Jardine (2013 Top Contributor) and learn how to:

  • Create custom apps using ServiceBuilder that and indexed entities
  • Integrate custom apps with Liferay's Faceted Search framework
  • Integrate custom apps with OpenSearch
  • Learn what "FrankenSearch" is (you will not be disappointed)
Pre-Session Setup and Needed Materials

Basic setup requirements before the session:

  • A running Liferay 6.2 installation (with no modifications needed)
  • A development environment (like Liferay IDE) to be able to create and deploy portlets

Optional, if you want to browse Lucene indexes, grab:

The Future of Web Development (Spain Symposium)

When: 23 October 2014 @ 0950 CEST

Led by: Zeno Rocha

In the past few years lots of things changed in software engineering, specially if you think about client-side technologies. HTML5 arrived with lots of new APIs, JavaScript engines got much faster, and plenty of new frameworks appeared. Backbone, Angular, Ember, React, Polymer - you name it. In this talk, you'll see what's next for web development, how this relates to Liferay, but more importantly, how to face this scenario without turning into a zombie.

Pre-Session Setup and Needed Materials

This is a special webcast from Liferay's Spain Symposium - as such, no setup or materials are needed. 

Using OSGi to create extensible plugins in Liferay 6.2

When: 6 October 2014 @ 14:35 GMT

Led by: Julio Camarero and Eduardo Garcia

By now you should know that Liferay is a powerful platform that allows developers to build and distribute their own applications. But what if you want your application to be extensible by third parties? Starting with version 6.2 Liferay Portal supports the OSGi specification, which enables developers to implement modular applications that can be dynamically extended by other applications. In this session we will show you how to use the Liferay SDK to build and distribute this new type of extensible applications.

Pre-Session Setup and Needed Materials

This session will be a special webcast from the Liferay 2014 North America Symposium - no setup or materials are needed.

Securing remote JSON Web Services

When: 23 September 2014 @ 1400 GMT

Led by: Tomáš Polešovský

In this session, we'll explore how to create and consume JSON web services using secure methods to provide anonymous and authenticated access to your custom JSON web services. Topics you will learn:

  • Creating public services as well as services that requires authentication
  • A standard approach to authorization
  • Authentication using p_auth token and built-in Basic/Digest authentication
  • Using services from outside using Cross-origin Resource Sharing spec
  • Creating secure built-in portlet services using portlet's resource phase
  • Overview of creating custom token authentication, API keys, filtering resources available and adding API connection limits

Some additional definitions and reading before the session will help you understand some of the key concepts:

  • p_auth - A Liferay portal (Anti-)CSRF token included in URLs and HTTP requests to help prevent Cross-site Request Forgery attacks
  • CSRF - Cross-site Request Forgery - A malicious attack targeting existing user sessions where the attacker force an unsuspecting user's browser to perform actions in the vulnerable web application without the user's approval or knowledge. For example:a user is authenticated to a vulnerable site, and while still authenticated she visits a malicious page that sends a hidden request to the vulnerable site and changes or deletes the user's email address or phone number, opening them to other attacks. A Non-authenticated attack consists of placing the attack vector on a high-traffic site (e.g. on a poll or forum post) hosted by the vulnerable site, then anybody visiting the high-traffic site that votes in the poll can get attacked.
  • CORS - Cross-origin Resource Sharing - A standardized way for JavaScript to read/parse responses from a site hosted on a different domain. It's replacement for JSONP. For example: a web application @ uses JavaScript to exchange data with For this to work the API site must emit CORS HTTP headers to enable the application to read the data.
  • Authentication - Proving you are who you say you are (your identity/credentials) to a web site. For example: Liferay checks that the provided login+password or SSO token is valid.
  • Authorization - Access control used to validate user permissions to access a resource. For example: Checking whether a non-authenticated user is allowed to download a particular file

There are many guidelines with respect to securing sites. The most important ones relevant to securing APIs are:

  • Use HTTPS to avoid interception and modification of requests/responses
  • Where possible, allow authenticated access only, always perform permissions checks
  • For errors return only messages + timestamps, stacktraces should go always only into logs
  • Review access logs for HTTP 404 and 500 errors
  • Read OWASP's REST Security Cheat Sheet
Pre-Session Setup and Needed Materials

Basic setup requirements before the session:

  • A running Liferay 6.2 installation (with no modifications needed)
  • A development environment (like Liferay IDE) to be able to create and deploy portlets

Customizing and Extending Export/Import and Staging

When: 9 September 2014 @ 1400 GMT

Led by: Máté Thurzó

If you have ever wanted your own plugin to work with staging, or export/import, this is your session. We will go through the steps of creating export/import support for any plugin with multiple service-generated entities, including reference handling, and conditional exports.

Also we are going to check a few uncommon scenarios how to further customize built-in portal staging logic.


Pre-Session Setup and Needed Materials


Developing Ridiculously Small Plugins

When: 26 August 2014 @ 1400 GMT

Led by: Olaf Kock

Liferay plugins don't have to be big. In this session, you'll build a Ridiculously Small Plugin that can be customized and published to the Liferay Marketplace in no time!

What is a Ridiculously Small Plugin? It's a plugin that you estimate to be able to build in less than one hour. Of course, it's a developer estimation, so you'll have to round that up to a day, sans documentation and making it fit for deployment and unforeseen complications.

Pre-Session Setup and Needed Materials
  • Liferay 6.2 deployed and ready to go.
  • A developer environment for building plugins for said deployment.

OSGI Development in Liferay (Special Session)

When: 21 August 2014 @ 2pm PDT

Led by: Ray Augé

Join us for this special session with Ray Augé, Senior Software Architect at Liferay, as he discusses the future of Liferay Development and demos new developer features in Liferay using OSGi. This special session won't be our ordinary "hands-on" session but is relevant enough for developers to be included in the stream. 

Pre-Session Setup and Needed Materials

No special setup required - this will not be a hands-on interactive session

Building a mobile app with the Mobile SDK

When: 12 August 2014 @ 1400 GMT

Led by: Bruno Farache

The Liferay Mobile SDK is a framework for building native mobile apps that integrate with your different Liferay Portal instances and their portlets.

In this session, Bruno will walk through the steps of building a mobile app that integrates with Liferay through the Mobile SDK.

You will also learn to use a typical mobile development application stack, including Android SDK and Android Studio.

Pre-Session Setup and Needed Materials
  • Have Liferay 6.2 CE GA2 installed and running on your local machine (the same one you are using for the below tools)
  • Install Android Studio 0.8.2 - Download 0.8.0 first, then click "Check for updates..." after you launch it to get to 0.8.2.
    • Within Android Studio, you must install Android SDK API Level 19 (corresponding to Android version 4.4.2) - to do this, click the Configure button in Android Studio startup screen to launch the SDK Manager, and follow these instructions to get the required bits including API Level 19 items).
    • NOTE: If you have prior experience developing Android apps (and therefore have the Android SDK already installed), you do not need to re-install these components - you can configure the path to your existing Android SDK once you create a project, using the "Project Structure" preferences, to avoid a lengthy download.
  • Download Liferay Android SDK (it's a small JAR file - just have it handy as it will be used during the session)

Intro to & Portlet Config

When: 29 July 2014 @ 1400 GMT

Led by: James Falkner

In this session James Falkner will give an introduction to the developer sessions, and then a brief example of what you can expect in future sessions.

We will build a simple portlet (using Maven builds) with configuration options using Liferay's built-in configuration settings system.

Pre-Session Setup and Needed Materials
  • Have a running Liferay Portal 6.2 CE or EE
  • Maven
  • Liferay IDE setup to build portlets and deploy them to Liferay