Fórumok

Bypass default authentication filters with AJAX

thumbnail
Ratnadeep Rakshit, módosítva 15 év-val korábban

Bypass default authentication filters with AJAX

Junior Member Bejegyzések: 25 Csatlakozás dátuma: 2008.03.03. Legújabb bejegyzések
Hello everyone,

I am trying to use AJAX while registering a user to my liferay server. What I want is to verify asynchronously whether the email address has already been taken by someone else. To do that, I have created a JSONAction and named it ValidatorAction.java. However, there is a problem that I am facing. Unless I login to the server, the action doesn't return me the valid response. But, as its natural that a first time user will not have a valid user account, how am I supposed to bypass the authentication check while accessing my Action classes using AJAX from the registration page?

Is there a way to let my AJAX call a action method without even logging into the server?

~RD
thumbnail
Ratnadeep Rakshit, módosítva 15 év-val korábban

RE: Bypass default authentication filters with AJAX

Junior Member Bejegyzések: 25 Csatlakozás dátuma: 2008.03.03. Legújabb bejegyzések
There must be someone who has worked on a similar scenario??? I just want to call a service using AJAX but without logging into the system. I need to know how can we override a filter in Liferay?
thumbnail
Victor Zorin, módosítva 15 év-val korábban

RE: Bypass default authentication filters with AJAX

Liferay Legend Bejegyzések: 1228 Csatlakozás dátuma: 2008.04.14. Legújabb bejegyzések
It depends on how did you deploy your application. If it is a servlet, place it outside of Liferay-protected zone. If your call is render/action within the portlet, placing portlet in public community such as Guest shall not force any authentication whether it is Ajaxed or not.
thumbnail
Ratnadeep Rakshit, módosítva 15 év-val korábban

RE: Bypass default authentication filters with AJAX

Junior Member Bejegyzések: 25 Csatlakozás dátuma: 2008.03.03. Legújabb bejegyzések
Actually I am using the default Sign In portlet and modifying it in the registration page. I now want to be able to use ajax to verify if the email address is already taken I have used a JSonAction which does the validation task. I call it using url pattern /login/validate_entry

Pls tell me how can i put this call in the guest access list?
thumbnail
Jim Klo, módosítva 15 év-val korábban

RE: Bypass default authentication filters with AJAX

Junior Member Bejegyzések: 75 Csatlakozás dátuma: 2008.11.07. Legújabb bejegyzések
Have you found a solution to this? I'm actually trying to do exactly the same thing. Running into the same sort of issue.
thumbnail
Ratnadeep Rakshit, módosítva 15 év-val korábban

RE: Bypass default authentication filters with AJAX

Junior Member Bejegyzések: 25 Csatlakozás dátuma: 2008.03.03. Legújabb bejegyzések
Hello friend,

I have overriden the AddUserAction.java which is packed default in the liferay portal and named the class CreateUserAction.java. I also modified the struts-ext-config.xml file. Now whenever users try to create a new acount, my action class is being called. I wanted to use AJAX to check if an email has already been taken and so I used JQuery.ajax() and passed for url the forms action parameter. This no doubt took my request to the CreateserAction class. However, it failed with a strange error when I tried to send data from that class to the ajax call.Actually I followed the steps taken in the Action class EditEntryAction.java from the blogs portlet. But that didnt work.

Later I tried to create a new JSONAction and my AJAX call could receive the data back from the server. Only problem was that I have to be logged in before the call can be successful.

I have no idea whats wrong.

~RD
thumbnail
Jim Klo, módosítva 15 év-val korábban

RE: Bypass default authentication filters with AJAX

Junior Member Bejegyzések: 75 Csatlakozás dátuma: 2008.11.07. Legújabb bejegyzések
So, I might have a partial solution for you. As I'm still trying to work through the rest of mine which is very similar. I'm actually in the process of building a mashup site, however I need to be able to display portal login status and have a login form on the microsite, which isn't being hosted out of the portal. So basically I need to accomplish this via JSONP (JSON via callbacks). Ran into the same issue.
I don' t know if you have a similar issue with XSS with cookies, so I needed to make the following update to my portal-ext.properties:
  
   #
   # Set this to true to test whether users have cookie support before allowing
   # them to sign in. This test will always fail if "tck.url" is set to true
   # because that property disables session cookies.
   #
   session.test.cookie.support=false

Next to get around the login security problem, I created an 'empty' portlet that uses a FriendlyURLMapper, extending BaseFriendlyURLMapper.
My liferay-portlet-ext.xml defines this empty portlet as such:

    <portlet>
        <portlet-name>EXT_REMOTELOGIN</portlet-name>
        <struts-path>ext/remotelogin</struts-path>
        <friendly-url-mapper-class>com.ext.lvlstudios.portlet.remotelogin.RemoteLoginFriendlyURLMapper</friendly-url-mapper-class>
        <preferences-unique-per-layout>false</preferences-unique-per-layout>
        <use-default-template>false</use-default-template>
        <restore-current-view>false</restore-current-view>
        <private-request-attributes>false</private-request-attributes>
        <private-session-attributes>false</private-session-attributes>
        <render-weight>1</render-weight>
        <add-default-resource>true</add-default-resource>
    </portlet>

And my FriendlyURLMapper code is like this:

package com.ext.lvlstudios.portlet.remotelogin;

import java.util.Map;

import javax.portlet.PortletMode;
import javax.portlet.WindowState;

import com.liferay.portal.kernel.portlet.BaseFriendlyURLMapper;
import com.liferay.portal.kernel.portlet.LiferayPortletURL;
import com.liferay.portal.kernel.portlet.LiferayWindowState;
import com.liferay.portal.kernel.util.GetterUtil;
import com.liferay.portal.kernel.util.Validator;

public class RemoteLoginFriendlyURLMapper extends BaseFriendlyURLMapper {

	@Override
	public String getPortletId() {
		return _PORTLET_ID;
	}

	@Override
	public String buildPath(LiferayPortletURL portletURL) {
		
		String friendlyURLPath = null;

		String strutsAction = GetterUtil.getString(portletURL
				.getParameter("struts_action"));

		if (strutsAction.equals("/ext/remotelogin/view")) {
			friendlyURLPath = "ext/remotelogin/jsonp";
		}  
		if (Validator.isNotNull(friendlyURLPath)) {
			portletURL.addParameterIncludedInPath("p_p_id");
			portletURL.addParameterIncludedInPath("struts_action");
		}

		return friendlyURLPath;
	}

	@Override
	public String getMapping() {
		
		return _MAPPING;
	}

	@Override
	public void populateParams(String friendlyURLPath,
			Map<string, string[]> params) {
		
		addParam(params, "p_p_id", _PORTLET_ID);
		addParam(params, "p_p_lifecycle", "0");
		addParam(params, "p_p_state", WindowState.NORMAL);
		addParam(params, "p_p_mode", PortletMode.VIEW);

		int x = friendlyURLPath.indexOf("/", 1);
		int y = friendlyURLPath.length();

		if ((x + 1) == y) {
			addParam(params, "struts_action", "/portal/login");

			return;
		}

		String type = friendlyURLPath.substring(x + 1, y);

		if (type.equals("remotelogin/jsonp")) {
			addParam(params, "p_p_lifecycle", "1");
			addParam(params, "p_p_state", LiferayWindowState.EXCLUSIVE);

			addParam(params, "struts_action", "/ext/remotelogin/view");
		} 

	}
	
	private static final String _MAPPING = "ext/remotelogin";
	private static final String _PORTLET_ID = "EXT_REMOTELOGIN";
	

}
</string,>

So basically, I can do a form POST (via whatever means) to http://www.mywebsite.com/web/guest/home/-/ext/remotelogin/jsonp with the right parameters for my login action, and the mapper will hand it off to the the appropriate struts action.
Where I'm left right now is getting the response out of my action to work correctly. The action get's hit, but having problems with the forward not working always right and errors not getting sent to to the session. But I think the above should fix your issue.
thumbnail
Ratnadeep Rakshit, módosítva 15 év-val korábban

RE: Bypass default authentication filters with AJAX

Junior Member Bejegyzések: 25 Csatlakozás dátuma: 2008.03.03. Legújabb bejegyzések
Hi Jim,

I merely want to grant guest access to my JSONAction class with the URL pattern /login/validate_entry which I shall be calling from the /login/create_account page. Otherwise my problem is already solved. Do you think using a friendly URL is gonna help me in that???

When you created that empty Portlet to map the friendly URL, you still have to pass the user_id and password to grand access right??? Or am I not getting the point yet!!!
thumbnail
Jim Klo, módosítva 15 év-val korábban

RE: Bypass default authentication filters with AJAX

Junior Member Bejegyzések: 75 Csatlakozás dátuma: 2008.11.07. Legújabb bejegyzések
No, as long as you reference the portlet via a public page:
http://www.example.com/web/guest/-/myfriendlyurl/json

You shouldn't need to authenticate as the friendly url mapper helps you bypass the security. The other route is to make your JSONAction class a servlet - which isn't what I think you want to do. The only thing you would need to pass along is any information you need forwarded to your JSONAction. So in your case, I believe all you need is an email address or screen name.
thumbnail
Jim Klo, módosítva 15 év-val korábban

RE: Bypass default authentication filters with AJAX

Junior Member Bejegyzések: 75 Csatlakozás dátuma: 2008.11.07. Legújabb bejegyzések
I think I forgot to mention one critical thing, if you hadn't figured it out yet:

You need to redefine the following from portal.properties and add the path to your struts action to auth.public.paths. Do this in your portal-ext.properties, assuming you're using the EXT environment and haven't customized property files yet.:

    #
    # Enter a list of comma delimited paths that do not require authentication.
    #
    auth.public.paths=\
        /blogs/find_entry,\
        /blogs/rss,\
        /blogs/trackback,\
        \
        /bookmarks/open_entry,\
        \
        /calendar/find_event,\
        \
        /document_library/get_file,\
        \
        /journal/get_article,\
        /journal/get_articles,\
        /journal/get_latest_article_content,\
        /journal/get_structure,\
        /journal/get_template,\
        /journal/view_article_content,\
        /journal_articles/view_article_content,\
        \
        /layout_management/sitemap,\
        \
        /message_boards/find_category,\
        /message_boards/find_message,\
        /message_boards/find_thread,\
        /message_boards/get_message_attachment,\
        /message_boards/rss,\
        \
        /my_places/view,\
        \
        /polls/view_chart,\
        \
        /portal/expire_session,\
        /portal/extend_session,\
        /portal/extend_session_confirm,\
        /portal/json_service,\
        /portal/logout,\
        /portal/open_id_request,\
        /portal/open_id_response,\
        /portal/session_click,\
        /portal/session_tree_js_click,\
        /portal/status,\
        \
        /search/open_search,\
        /search/open_search_description.xml,\
        \
        /shopping/notify,\
        \
        /tags/rss,\
        \
        /wiki/find_page,\
        /wiki/get_page_attachment,\
        /wiki/rss
Asier Hernández, módosítva 13 év-val korábban

RE: Bypass default authentication filters with AJAX

New Member Bejegyzések: 24 Csatlakozás dátuma: 2011.02.01. Legújabb bejegyzések
Hi there,

I am trying to do something similar with the journal_content ratings. I want to let guest users (not logged) rating journal contents. I am developing a JsonAction based in RateEntryAction but I don't get it work. The Action never executes and I have tried to add my action calls to auth.public.paths in protal-ext.properties as shown:


#
# Enter a list of comma delimited paths that do not require authentication.
#
auth.public.paths=\
	/ratings/rate_entry,\
	/ratings/ext_rate_entry


If I do this the Liferay doesn't even load the journal content.

¿Some ideas how to solve this issue?

Thanks