Liferay EE 6 SP2 - Upgrade and session.store.password - Forums

Fórumok

Liferay EE 6 SP2 - Upgrade and session.store.password

Matthieu Levesque, módosítva 12 év-val korábban

Liferay EE 6 SP2 - Upgrade and session.store.password

Junior Member Bejegyzések: 64 Csatlakozás dátuma: 2009.02.13. Legújabb bejegyzések

Hi,

I'm currently truing to install the latest version of Liferay EE 6 all upgrade process completes with no issue. The portal is working properly except for the property session.store.password that doesn't seem to have any effect, in the session there's no PASSWORD attribute/variable. We developed a portlet that was using this value and I can't go on with the update without this portlet.

Does anyone else having this issue? I've compared the source for com.liferay.portlet.login.util.LoginUtil and I don't see any issue.

Here's a summary of the session properties:

session.shared.attributes 	org.apache.struts.action.LOCALE,COMPANY_,USER_,LIFERAY_SHARED_,PASSWORD
session.shared.attributes.excludes 	
session.store.password 	true
session.test.cookie.support 	true

Thanks,

Matthieu

David H Nebinger, módosítva 12 év-val korábban

RE: Liferay EE 6 SP2 - Upgrade and session.store.password

Liferay Legend Bejegyzések: 14919 Csatlakozás dátuma: 2006.09.02. Legújabb bejegyzések

I would have said that Liferay storing a user's password as a session variable would be a security hole and asked for it to be removed.

Why on earth would you need the user's password anyway? They've already authenticated themselves, so having access to the password should not be necessary at all.

Matthieu Levesque, módosítva 12 év-val korábban

RE: Liferay EE 6 SP2 - Upgrade and session.store.password

Junior Member Bejegyzések: 64 Csatlakozás dátuma: 2009.02.13. Legújabb bejegyzések

We currently don't have an SSO system. So we are using the variable to log users on other systems. It's not the best solution but I was working...

Sandeep Nair, módosítva 12 év-val korábban

RE: Liferay EE 6 SP2 - Upgrade and session.store.password

Liferay Legend Bejegyzések: 1744 Csatlakozás dátuma: 2008.11.06. Legújabb bejegyzések

Add the following in portal-ext.properties too

session.shared.attributes.excludes=

Regards,
Sandeep

Matthieu Levesque, módosítva 12 év-val korábban

RE: Liferay EE 6 SP2 - Upgrade and session.store.password

Junior Member Bejegyzések: 64 Csatlakozás dátuma: 2009.02.13. Legújabb bejegyzések

Hi,

Thanks for the reply.

If you take a look at my first post it's already set to nothing...

I'm currently testing with this configuration :

session.store.password=true
session.shared.attributes.excludes=
session.shared.attributes=org.apache.struts.action.LOCALE,COMPANY_,USER_,LIFERAY_SHARED_,USER_PASSWORD

I still have an exception fired up by tomcat (java.lang.IllegalStateException: setAttribute: Session already invalidated).

Still digging...

Sandeep Nair, módosítva 12 év-val korábban

RE: Liferay EE 6 SP2 - Upgrade and session.store.password

Liferay Legend Bejegyzések: 1744 Csatlakozás dátuma: 2008.11.06. Legújabb bejegyzések

Is there any custom code you are deploying along with this. Can you paste the complete stacktrace? The exception clearly says you are trying to set something into an invalidated session. somewhere in ur custom code are you setting something in session?

Regards,
Sandeep

Matthieu Levesque, módosítva 12 év-val korábban

RE: Liferay EE 6 SP2 - Upgrade and session.store.password

Junior Member Bejegyzések: 64 Csatlakozás dátuma: 2009.02.13. Legújabb bejegyzések

Hi,

Again thanks for replying.

I have no customizations installed, no theme nor portlets only the prepackaged tomcat version of EE SP2.

Here's the stack trace:

13:21:57,217 ERROR [LoginAction:119] java.lang.IllegalStateException: setAttribute: Session already invalidated
java.lang.IllegalStateException: setAttribute: Session already invalidated
	at org.apache.catalina.session.StandardSession.setAttribute(StandardSession.java:1336)
	at org.apache.catalina.session.StandardSession.setAttribute(StandardSession.java:1301)
	at org.apache.catalina.session.StandardSessionFacade.setAttribute(StandardSessionFacade.java:130)
	at com.liferay.portal.servlet.SharedSessionWrapper.setAttribute(SharedSessionWrapper.java:161)
	at com.liferay.portlet.login.util.LoginUtil.login(LoginUtil.java:316)
	at com.liferay.portlet.login.action.LoginAction.login(LoginAction.java:179)
	at com.liferay.portlet.login.action.LoginAction.processAction(LoginAction.java:87)
	at com.liferay.portal.struts.PortletRequestProcessor.process(PortletRequestProcessor.java:174)
	at com.liferay.portlet.StrutsPortlet.processAction(StrutsPortlet.java:190)
	at com.liferay.portlet.FilterChainImpl.doFilter(FilterChainImpl.java:70)
	at com.liferay.portal.kernel.portlet.PortletFilterUtil.doFilter(PortletFilterUtil.java:48)
	at com.liferay.portlet.InvokerPortletImpl.invoke(InvokerPortletImpl.java:653)
	at com.liferay.portlet.InvokerPortletImpl.invokeAction(InvokerPortletImpl.java:689)
	at com.liferay.portlet.InvokerPortletImpl.processAction(InvokerPortletImpl.java:361)
	at com.liferay.portal.action.LayoutAction.processPortletRequest(LayoutAction.java:840)
	at com.liferay.portal.action.LayoutAction.processLayout(LayoutAction.java:629)
	at com.liferay.portal.action.LayoutAction.execute(LayoutAction.java:240)
	at org.apache.struts.action.RequestProcessor.processActionPerform(RequestProcessor.java:431)
	at org.apache.struts.action.RequestProcessor.process(RequestProcessor.java:236)
	at com.liferay.portal.struts.PortalRequestProcessor.process(PortalRequestProcessor.java:170)
	at org.apache.struts.action.ActionServlet.process(ActionServlet.java:1196)
	at org.apache.struts.action.ActionServlet.doPost(ActionServlet.java:432)
	at javax.servlet.http.HttpServlet.service(HttpServlet.java:637)
	at com.liferay.portal.servlet.MainServlet.callParentService(MainServlet.java:516)
	at com.liferay.portal.servlet.MainServlet.service(MainServlet.java:493)
	at javax.servlet.http.HttpServlet.service(HttpServlet.java:717)
	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:290)
	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
	at com.liferay.portal.kernel.servlet.filters.invoker.InvokerFilterChain.doFilter(InvokerFilterChain.java:72)
	at com.liferay.portal.kernel.servlet.filters.invoker.InvokerFilterChain.doFilter(InvokerFilterChain.java:113)
	at com.liferay.portal.kernel.servlet.filters.invoker.InvokerFilterChain.doFilter(InvokerFilterChain.java:113)
	at com.liferay.portal.kernel.servlet.BaseFilter.processFilter(BaseFilter.java:121)
	at com.liferay.portal.servlet.filters.secure.SecureFilter.processFilter(SecureFilter.java:199)
	at com.liferay.portal.kernel.servlet.BaseFilter.doFilter(BaseFilter.java:48)
	at com.liferay.portal.kernel.servlet.filters.invoker.InvokerFilterChain.processDoFilter(InvokerFilterChain.java:203)
	at com.liferay.portal.kernel.servlet.filters.invoker.InvokerFilterChain.doFilter(InvokerFilterChain.java:105)
	at com.liferay.portal.kernel.servlet.BaseFilter.processFilter(BaseFilter.java:121)
	at com.liferay.portal.servlet.filters.autologin.AutoLoginFilter.processFilter(AutoLoginFilter.java:240)
	at com.liferay.portal.kernel.servlet.BaseFilter.doFilter(BaseFilter.java:48)
	at com.liferay.portal.kernel.servlet.filters.invoker.InvokerFilterChain.processDoFilter(InvokerFilterChain.java:203)
	at com.liferay.portal.kernel.servlet.filters.invoker.InvokerFilterChain.doFilter(InvokerFilterChain.java:105)
	at com.liferay.portal.kernel.servlet.filters.invoker.InvokerFilter.doFilter(InvokerFilter.java:75)
	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235)
	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
	at org.apache.catalina.core.ApplicationDispatcher.invoke(ApplicationDispatcher.java:646)
	at org.apache.catalina.core.ApplicationDispatcher.processRequest(ApplicationDispatcher.java:436)
	at org.apache.catalina.core.ApplicationDispatcher.doForward(ApplicationDispatcher.java:374)
	at org.apache.catalina.core.ApplicationDispatcher.forward(ApplicationDispatcher.java:302)
	at com.liferay.portal.servlet.FriendlyURLServlet.service(FriendlyURLServlet.java:136)
	at javax.servlet.http.HttpServlet.service(HttpServlet.java:717)
	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:290)
	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
	at com.liferay.portal.kernel.servlet.filters.invoker.InvokerFilterChain.doFilter(InvokerFilterChain.java:72)
	at com.liferay.portal.kernel.servlet.BaseFilter.processFilter(BaseFilter.java:121)
	at com.liferay.portal.servlet.filters.strip.StripFilter.processFilter(StripFilter.java:301)
	at com.liferay.portal.kernel.servlet.BaseFilter.doFilter(BaseFilter.java:48)
	at com.liferay.portal.kernel.servlet.filters.invoker.InvokerFilterChain.processDoFilter(InvokerFilterChain.java:203)
	at com.liferay.portal.kernel.servlet.filters.invoker.InvokerFilterChain.doFilter(InvokerFilterChain.java:105)
	at com.liferay.portal.kernel.servlet.BaseFilter.processFilter(BaseFilter.java:121)
	at com.liferay.portal.servlet.filters.gzip.GZipFilter.processFilter(GZipFilter.java:123)
	at com.liferay.portal.kernel.servlet.BaseFilter.doFilter(BaseFilter.java:48)
	at com.liferay.portal.kernel.servlet.filters.invoker.InvokerFilterChain.processDoFilter(InvokerFilterChain.java:203)
	at com.liferay.portal.kernel.servlet.filters.invoker.InvokerFilterChain.doFilter(InvokerFilterChain.java:105)
	at com.liferay.portal.kernel.servlet.BaseFilter.processFilter(BaseFilter.java:121)
	at com.liferay.portal.servlet.filters.secure.SecureFilter.processFilter(SecureFilter.java:199)
	at com.liferay.portal.kernel.servlet.BaseFilter.doFilter(BaseFilter.java:48)
	at com.liferay.portal.kernel.servlet.filters.invoker.InvokerFilterChain.processDoFilter(InvokerFilterChain.java:203)
	at com.liferay.portal.kernel.servlet.filters.invoker.InvokerFilterChain.doFilter(InvokerFilterChain.java:105)
	at com.liferay.portal.kernel.servlet.filters.invoker.InvokerFilterChain.doFilter(InvokerFilterChain.java:113)
	at com.liferay.portal.kernel.servlet.filters.invoker.InvokerFilterChain.doFilter(InvokerFilterChain.java:113)
	at com.liferay.portal.kernel.servlet.BaseFilter.processFilter(BaseFilter.java:121)
	at com.liferay.portal.servlet.filters.etag.ETagFilter.processFilter(ETagFilter.java:55)
	at com.liferay.portal.kernel.servlet.BaseFilter.doFilter(BaseFilter.java:48)
	at com.liferay.portal.kernel.servlet.filters.invoker.InvokerFilterChain.processDoFilter(InvokerFilterChain.java:203)
	at com.liferay.portal.kernel.servlet.filters.invoker.InvokerFilterChain.doFilter(InvokerFilterChain.java:105)
	at com.liferay.portal.kernel.servlet.BaseFilter.processFilter(BaseFilter.java:121)
	at com.liferay.portal.servlet.filters.autologin.AutoLoginFilter.processFilter(AutoLoginFilter.java:240)
	at com.liferay.portal.kernel.servlet.BaseFilter.doFilter(BaseFilter.java:48)
	at com.liferay.portal.kernel.servlet.filters.invoker.InvokerFilterChain.processDoFilter(InvokerFilterChain.java:203)
	at com.liferay.portal.kernel.servlet.filters.invoker.InvokerFilterChain.doFilter(InvokerFilterChain.java:105)
	at com.liferay.portal.kernel.servlet.filters.invoker.InvokerFilter.doFilter(InvokerFilter.java:75)
	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235)
	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
	at org.apache.catalina.core.ApplicationDispatcher.invoke(ApplicationDispatcher.java:646)
	at org.apache.catalina.core.ApplicationDispatcher.processRequest(ApplicationDispatcher.java:436)
	at org.apache.catalina.core.ApplicationDispatcher.doForward(ApplicationDispatcher.java:374)
	at org.apache.catalina.core.ApplicationDispatcher.forward(ApplicationDispatcher.java:302)
	at com.liferay.portal.servlet.I18nServlet.service(I18nServlet.java:102)
	at javax.servlet.http.HttpServlet.service(HttpServlet.java:717)
	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:290)
	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
	at com.liferay.portal.kernel.servlet.filters.invoker.InvokerFilterChain.doFilter(InvokerFilterChain.java:72)
	at com.liferay.portal.kernel.servlet.BaseFilter.processFilter(BaseFilter.java:121)
	at com.liferay.portal.servlet.filters.sso.ntlm.NtlmPostFilter.processFilter(NtlmPostFilter.java:83)
	at com.liferay.portal.kernel.servlet.BaseFilter.doFilter(BaseFilter.java:48)
	at com.liferay.portal.kernel.servlet.filters.invoker.InvokerFilterChain.processDoFilter(InvokerFilterChain.java:203)
	at com.liferay.portal.kernel.servlet.filters.invoker.InvokerFilterChain.doFilter(InvokerFilterChain.java:105)
	at com.liferay.portal.kernel.servlet.BaseFilter.processFilter(BaseFilter.java:121)
	at com.liferay.portal.sharepoint.SharepointFilter.processFilter(SharepointFilter.java:80)
	at com.liferay.portal.kernel.servlet.BaseFilter.doFilter(BaseFilter.java:48)
	at com.liferay.portal.kernel.servlet.filters.invoker.InvokerFilterChain.processDoFilter(InvokerFilterChain.java:203)
	at com.liferay.portal.kernel.servlet.filters.invoker.InvokerFilterChain.doFilter(InvokerFilterChain.java:105)
	at com.liferay.portal.kernel.servlet.BaseFilter.processFilter(BaseFilter.java:121)
	at com.liferay.portal.servlet.filters.virtualhost.VirtualHostFilter.processFilter(VirtualHostFilter.java:207)
	at com.liferay.portal.kernel.servlet.BaseFilter.doFilter(BaseFilter.java:48)
	at com.liferay.portal.kernel.servlet.filters.invoker.InvokerFilterChain.processDoFilter(InvokerFilterChain.java:203)
	at com.liferay.portal.kernel.servlet.filters.invoker.InvokerFilterChain.doFilter(InvokerFilterChain.java:105)
	at com.liferay.portal.kernel.servlet.filters.invoker.InvokerFilterChain.processDirectCallFilter(InvokerFilterChain.java:184)
	at com.liferay.portal.kernel.servlet.filters.invoker.InvokerFilterChain.doFilter(InvokerFilterChain.java:92)
	at org.tuckey.web.filters.urlrewrite.UrlRewriteFilter.doFilter(UrlRewriteFilter.java:738)
	at com.liferay.portal.kernel.servlet.filters.invoker.InvokerFilterChain.processDoFilter(InvokerFilterChain.java:203)
	at com.liferay.portal.kernel.servlet.filters.invoker.InvokerFilterChain.doFilter(InvokerFilterChain.java:105)
	at com.liferay.portal.kernel.servlet.filters.invoker.InvokerFilterChain.processDirectCallFilter(InvokerFilterChain.java:164)
	at com.liferay.portal.kernel.servlet.filters.invoker.InvokerFilterChain.doFilter(InvokerFilterChain.java:92)
	at com.liferay.portal.kernel.servlet.filters.invoker.InvokerFilterChain.processDirectCallFilter(InvokerFilterChain.java:164)
	at com.liferay.portal.kernel.servlet.filters.invoker.InvokerFilterChain.doFilter(InvokerFilterChain.java:92)
	at com.liferay.portal.kernel.servlet.filters.invoker.InvokerFilter.doFilter(InvokerFilter.java:75)
	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235)
	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
	at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:233)
	at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:191)
	at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:470)
	at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:127)
	at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102)
	at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109)
	at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:298)
	at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:859)
	at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:588)
	at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:489)
	at java.lang.Thread.run(Thread.java:662)

I've ran the portal in debug mode in Eclipse to see where the problem starts. In the SharedSessionWrapper, when ever getSessionDelegate returns the _portalSession I will get this error.

Sandeep Nair, módosítva 12 év-val korábban

RE: Liferay EE 6 SP2 - Upgrade and session.store.password

Liferay Legend Bejegyzések: 1744 Csatlakozás dátuma: 2008.11.06. Legújabb bejegyzések

Ok do one thing . Add the following in portal-ext.properties and try again plz

session.enable.phishing.protection=false

Regards,
Sandeep

Matthieu Levesque, módosítva 12 év-val korábban

RE: Liferay EE 6 SP2 - Upgrade and session.store.password

Junior Member Bejegyzések: 64 Csatlakozás dátuma: 2009.02.13. Legújabb bejegyzések

session.enable.phishing.protection=false did the trick!

Thanks!

Rautureau Jérôme, módosítva 9 év-val korábban

RE: Liferay EE 6 SP2 - Upgrade and session.store.password

Junior Member Bejegyzések: 52 Csatlakozás dátuma: 2008.02.22. Legújabb bejegyzések

Thanks....You save my day...!

divya goyal, módosítva 7 év-val korábban

RE: Liferay EE 6 SP2 - Upgrade and session.store.password

New Member Bejegyzések: 7 Csatlakozás dátuma: 2014.11.11. Legújabb bejegyzések

Hi,

Sorry for referring to the very old post, but how will keeping the password will create a security hole.?

And Phishing.protection is not creating security hole? It will not let the jsession id get changed which will in turn is also a big security hole. Please help in the above query? As in the application we need the user credential for further action.

Regards
Divya