Fórum

  1. Início
  2. Development
  3. Protect page using Site minder

Protect page using Site minder

thumbnail
Manish Jha, modificado 9 Anos atrás.

Protect page using Site minder

Junior Member Postagens: 50 Data de Entrada: 07/02/13 Postagens Recentes
My Portal is using Site minder for authentication. User login through a Login.fcc page. We implemented a auto login hook to let user login to Portal.
We wanted to protect the all the liferay page from unauthorized access. Currently only /c/portal/login page is protected by site minder. So if we navigate to Liferay Login page then it uses site minder login page for aithentication.

I like to implement following :
1. Protect all the page. User must login before access.
2. If page is referencing to a friendly url, then user should be forwarded to the url after login.

I tried implementing using a servlet-filter hook. I checked the incoming request if they have SM_USER. If they do not I redirect them to /c/portal/login page with redirect parameter having value of forwarded url. For example, if user enter -> http://abc.com/intranet/company/hr/benefits. Then servlet-filter intercept it and redirect to
http://abc.com/c/portal/login?redirect=/intranet/company/hr/benefits.

User get redirected to login page but does not go to /intranet/company/hr/benefits. Instead it goes to default landing page.

I need some suggestion how can I implement this feature.

I am using JBOSS EAP 6.2 with Liferay 6.2.
Oliver Bayer, modificado 9 Anos atrás.

RE: Protect page using Site minder

Liferay Master Postagens: 894 Data de Entrada: 18/02/09 Postagens Recentes
Hi Manish,

I don't know site minder in detail but why do you want to implement the "protection" feature on your own? Liferay already provides a suitable feature ootb for your requirement I think. You should use private pages which can only be accessed by authenticated users.

HTH Oli
thumbnail
Manish Jha, modificado 9 Anos atrás.

RE: Protect page using Site minder

Junior Member Postagens: 50 Data de Entrada: 07/02/13 Postagens Recentes
The pages are already a public pages. The requirement is to implement them on public pages.
Oliver Bayer, modificado 9 Anos atrás.

RE: Protect page using Site minder

Liferay Master Postagens: 894 Data de Entrada: 18/02/09 Postagens Recentes
Then the requirement is bull..... ahhh I suppose bad emoticon.
thumbnail
Krzysztof Gołębiowski, modificado 9 Anos atrás.

RE: Protect page using Site minder

Liferay Master Postagens: 549 Data de Entrada: 25/06/11 Postagens Recentes
Oliver is right. I have two installations like this with CAS as an SSO. Both use private pages, which forces the user to log in before he sees any content. This is the way it should be done in Liferay.

I think it is much better for you to move all pages from public to private section (together with updating permissions, etc) than implementing any servlet-filter hacks which is rather a very bad idea.

Regards,
KG
thumbnail
Manish Jha, modificado 9 Anos atrás.

RE: Protect page using Site minder (Resposta)

Junior Member Postagens: 50 Data de Entrada: 07/02/13 Postagens Recentes
I was able to implement using Servlet-filter hook and post login hook.