Forums

Home » Liferay Portal » English » 3. Development

Combination View Flat View Tree View
Threads [ Previous | Next ]
Ratnadeep Rakshit
Bypass default authentication filters with AJAX
February 3, 2009 11:58 PM
Answer

Ratnadeep Rakshit

Rank: Junior Member

Posts: 30

Join Date: March 3, 2008

Recent Posts

Hello everyone,

I am trying to use AJAX while registering a user to my liferay server. What I want is to verify asynchronously whether the email address has already been taken by someone else. To do that, I have created a JSONAction and named it ValidatorAction.java. However, there is a problem that I am facing. Unless I login to the server, the action doesn't return me the valid response. But, as its natural that a first time user will not have a valid user account, how am I supposed to bypass the authentication check while accessing my Action classes using AJAX from the registration page?

Is there a way to let my AJAX call a action method without even logging into the server?

~RD
Ratnadeep Rakshit
RE: Bypass default authentication filters with AJAX
February 4, 2009 11:13 AM
Answer

Ratnadeep Rakshit

Rank: Junior Member

Posts: 30

Join Date: March 3, 2008

Recent Posts

There must be someone who has worked on a similar scenario??? I just want to call a service using AJAX but without logging into the system. I need to know how can we override a filter in Liferay?
Victor Zorin
RE: Bypass default authentication filters with AJAX
February 4, 2009 1:47 PM
Answer

Victor Zorin

Rank: Liferay Legend

Posts: 1176

Join Date: April 14, 2008

Recent Posts

It depends on how did you deploy your application. If it is a servlet, place it outside of Liferay-protected zone. If your call is render/action within the portlet, placing portlet in public community such as Guest shall not force any authentication whether it is Ajaxed or not.
Ratnadeep Rakshit
RE: Bypass default authentication filters with AJAX
February 5, 2009 10:33 AM
Answer

Ratnadeep Rakshit

Rank: Junior Member

Posts: 30

Join Date: March 3, 2008

Recent Posts

Actually I am using the default Sign In portlet and modifying it in the registration page. I now want to be able to use ajax to verify if the email address is already taken I have used a JSonAction which does the validation task. I call it using url pattern /login/validate_entry

Pls tell me how can i put this call in the guest access list?
Jim Klo
RE: Bypass default authentication filters with AJAX
February 5, 2009 3:12 PM
Answer

Jim Klo

Rank: Junior Member

Posts: 75

Join Date: November 7, 2008

Recent Posts

Have you found a solution to this? I'm actually trying to do exactly the same thing. Running into the same sort of issue.
Ratnadeep Rakshit
RE: Bypass default authentication filters with AJAX
February 5, 2009 11:29 PM
Answer

Ratnadeep Rakshit

Rank: Junior Member

Posts: 30

Join Date: March 3, 2008

Recent Posts

Hello friend,

I have overriden the AddUserAction.java which is packed default in the liferay portal and named the class CreateUserAction.java. I also modified the struts-ext-config.xml file. Now whenever users try to create a new acount, my action class is being called. I wanted to use AJAX to check if an email has already been taken and so I used JQuery.ajax() and passed for url the forms action parameter. This no doubt took my request to the CreateserAction class. However, it failed with a strange error when I tried to send data from that class to the ajax call.Actually I followed the steps taken in the Action class EditEntryAction.java from the blogs portlet. But that didnt work.

Later I tried to create a new JSONAction and my AJAX call could receive the data back from the server. Only problem was that I have to be logged in before the call can be successful.

I have no idea whats wrong.

~RD
Jim Klo
RE: Bypass default authentication filters with AJAX
February 6, 2009 12:07 PM
Answer

Jim Klo

Rank: Junior Member

Posts: 75

Join Date: November 7, 2008

Recent Posts

So, I might have a partial solution for you. As I'm still trying to work through the rest of mine which is very similar. I'm actually in the process of building a mashup site, however I need to be able to display portal login status and have a login form on the microsite, which isn't being hosted out of the portal. So basically I need to accomplish this via JSONP (JSON via callbacks). Ran into the same issue.
I don' t know if you have a similar issue with XSS with cookies, so I needed to make the following update to my portal-ext.properties:
1 
2   #
3   # Set this to true to test whether users have cookie support before allowing
4   # them to sign in. This test will always fail if "tck.url" is set to true
5   # because that property disables session cookies.
6   #
7   session.test.cookie.support=false

Next to get around the login security problem, I created an 'empty' portlet that uses a FriendlyURLMapper, extending BaseFriendlyURLMapper.
My liferay-portlet-ext.xml defines this empty portlet as such:
 1
 2    <portlet>
 3        <portlet-name>EXT_REMOTELOGIN</portlet-name>
 4        <struts-path>ext/remotelogin</struts-path>
 5        <friendly-url-mapper-class>com.ext.lvlstudios.portlet.remotelogin.RemoteLoginFriendlyURLMapper</friendly-url-mapper-class>
 6        <preferences-unique-per-layout>false</preferences-unique-per-layout>
 7        <use-default-template>false</use-default-template>
 8        <restore-current-view>false</restore-current-view>
 9        <private-request-attributes>false</private-request-attributes>
10        <private-session-attributes>false</private-session-attributes>
11        <render-weight>1</render-weight>
12        <add-default-resource>true</add-default-resource>
13    </portlet>

And my FriendlyURLMapper code is like this:
 1
 2package com.ext.lvlstudios.portlet.remotelogin;
 3
 4import java.util.Map;
 5
 6import javax.portlet.PortletMode;
 7import javax.portlet.WindowState;
 8
 9import com.liferay.portal.kernel.portlet.BaseFriendlyURLMapper;
10import com.liferay.portal.kernel.portlet.LiferayPortletURL;
11import com.liferay.portal.kernel.portlet.LiferayWindowState;
12import com.liferay.portal.kernel.util.GetterUtil;
13import com.liferay.portal.kernel.util.Validator;
14
15public class RemoteLoginFriendlyURLMapper extends BaseFriendlyURLMapper {
16
17    @Override
18    public String getPortletId() {
19        return _PORTLET_ID;
20    }
21
22    @Override
23    public String buildPath(LiferayPortletURL portletURL) {
24       
25        String friendlyURLPath = null;
26
27        String strutsAction = GetterUtil.getString(portletURL
28                .getParameter("struts_action"));
29
30        if (strutsAction.equals("/ext/remotelogin/view")) {
31            friendlyURLPath = "ext/remotelogin/jsonp";
32        } 
33        if (Validator.isNotNull(friendlyURLPath)) {
34            portletURL.addParameterIncludedInPath("p_p_id");
35            portletURL.addParameterIncludedInPath("struts_action");
36        }
37
38        return friendlyURLPath;
39    }
40
41    @Override
42    public String getMapping() {
43       
44        return _MAPPING;
45    }
46
47    @Override
48    public void populateParams(String friendlyURLPath,
49            Map<String, String[]> params) {
50       
51        addParam(params, "p_p_id", _PORTLET_ID);
52        addParam(params, "p_p_lifecycle", "0");
53        addParam(params, "p_p_state", WindowState.NORMAL);
54        addParam(params, "p_p_mode", PortletMode.VIEW);
55
56        int x = friendlyURLPath.indexOf("/", 1);
57        int y = friendlyURLPath.length();
58
59        if ((x + 1) == y) {
60            addParam(params, "struts_action", "/portal/login");
61
62            return;
63        }
64
65        String type = friendlyURLPath.substring(x + 1, y);
66
67        if (type.equals("remotelogin/jsonp")) {
68            addParam(params, "p_p_lifecycle", "1");
69            addParam(params, "p_p_state", LiferayWindowState.EXCLUSIVE);
70
71            addParam(params, "struts_action", "/ext/remotelogin/view");
72        }
73
74    }
75   
76    private static final String _MAPPING = "ext/remotelogin";
77    private static final String _PORTLET_ID = "EXT_REMOTELOGIN";
78   
79
80}

So basically, I can do a form POST (via whatever means) to http://www.mywebsite.com/web/guest/home/-/ext/remotelogin/jsonp with the right parameters for my login action, and the mapper will hand it off to the the appropriate struts action.
Where I'm left right now is getting the response out of my action to work correctly. The action get's hit, but having problems with the forward not working always right and errors not getting sent to to the session. But I think the above should fix your issue.
Ratnadeep Rakshit
RE: Bypass default authentication filters with AJAX
February 6, 2009 10:14 PM
Answer

Ratnadeep Rakshit

Rank: Junior Member

Posts: 30

Join Date: March 3, 2008

Recent Posts

Hi Jim,

I merely want to grant guest access to my JSONAction class with the URL pattern /login/validate_entry which I shall be calling from the /login/create_account page. Otherwise my problem is already solved. Do you think using a friendly URL is gonna help me in that???

When you created that empty Portlet to map the friendly URL, you still have to pass the user_id and password to grand access right??? Or am I not getting the point yet!!!
Jim Klo
RE: Bypass default authentication filters with AJAX
February 9, 2009 4:15 PM
Answer

Jim Klo

Rank: Junior Member

Posts: 75

Join Date: November 7, 2008

Recent Posts

No, as long as you reference the portlet via a public page:
http://www.example.com/web/guest/-/myfriendlyurl/json

You shouldn't need to authenticate as the friendly url mapper helps you bypass the security. The other route is to make your JSONAction class a servlet - which isn't what I think you want to do. The only thing you would need to pass along is any information you need forwarded to your JSONAction. So in your case, I believe all you need is an email address or screen name.
Jim Klo
RE: Bypass default authentication filters with AJAX
February 16, 2009 10:41 AM
Answer

Jim Klo

Rank: Junior Member

Posts: 75

Join Date: November 7, 2008

Recent Posts

I think I forgot to mention one critical thing, if you hadn't figured it out yet:

You need to redefine the following from portal.properties and add the path to your struts action to auth.public.paths. Do this in your portal-ext.properties, assuming you're using the EXT environment and haven't customized property files yet.:
 1
 2    #
 3    # Enter a list of comma delimited paths that do not require authentication.
 4    #
 5    auth.public.paths=\
 6        /blogs/find_entry,\
 7        /blogs/rss,\
 8        /blogs/trackback,\
 9        \
10        /bookmarks/open_entry,\
11        \
12        /calendar/find_event,\
13        \
14        /document_library/get_file,\
15        \
16        /journal/get_article,\
17        /journal/get_articles,\
18        /journal/get_latest_article_content,\
19        /journal/get_structure,\
20        /journal/get_template,\
21        /journal/view_article_content,\
22        /journal_articles/view_article_content,\
23        \
24        /layout_management/sitemap,\
25        \
26        /message_boards/find_category,\
27        /message_boards/find_message,\
28        /message_boards/find_thread,\
29        /message_boards/get_message_attachment,\
30        /message_boards/rss,\
31        \
32        /my_places/view,\
33        \
34        /polls/view_chart,\
35        \
36        /portal/expire_session,\
37        /portal/extend_session,\
38        /portal/extend_session_confirm,\
39        /portal/json_service,\
40        /portal/logout,\
41        /portal/open_id_request,\
42        /portal/open_id_response,\
43        /portal/session_click,\
44        /portal/session_tree_js_click,\
45        /portal/status,\
46        \
47        /search/open_search,\
48        /search/open_search_description.xml,\
49        \
50        /shopping/notify,\
51        \
52        /tags/rss,\
53        \
54        /wiki/find_page,\
55        /wiki/get_page_attachment,\
56        /wiki/rss
Asier Hernández
RE: Bypass default authentication filters with AJAX
February 10, 2011 6:25 AM
Answer

Asier Hernández

Rank: New Member

Posts: 21

Join Date: February 1, 2011

Recent Posts

Hi there,

I am trying to do something similar with the journal_content ratings. I want to let guest users (not logged) rating journal contents. I am developing a JsonAction based in RateEntryAction but I don't get it work. The Action never executes and I have tried to add my action calls to auth.public.paths in protal-ext.properties as shown:

1
2#
3# Enter a list of comma delimited paths that do not require authentication.
4#
5auth.public.paths=\
6    /ratings/rate_entry,\
7    /ratings/ext_rate_entry


If I do this the Liferay doesn't even load the journal content.

¿Some ideas how to solve this issue?

Thanks