Fórum
Reject Process Action
Mohd Danish, modificado 9 Anos atrás.
Reject Process Action
Regular Member Postagens: 187 Data de Entrada: 05/03/12 Postagens Recentes
I am having a portlet whose action method is called from a link send to through a mail. But the problem is when the user clicks upon the link, process action is rejected by liferay(LR 6.2 ce ga 2).
I have tried putting <add-default-resource>true</add-default-resource>
and also setting the portlet.add.default.resource.check.enabled=false
portlet.add.default.resource.check.whitelist= XXXXX_WAR_XXXXX
properties in portal-ext.properties.
Is their anything that I am missing or something else I can do?
I have tried putting <add-default-resource>true</add-default-resource>
and also setting the portlet.add.default.resource.check.enabled=false
portlet.add.default.resource.check.whitelist= XXXXX_WAR_XXXXX
properties in portal-ext.properties.
Is their anything that I am missing or something else I can do?
Jitendra Rajput, modificado 9 Anos atrás.
RE: Reject Process Action
Liferay Master Postagens: 875 Data de Entrada: 07/01/11 Postagens Recentes
Make sure you specify instance name also along with portletid if your portlet is instance able. It will not work until instance id is provided for portlet with multiple instances.
Copy existing property from portal-ext and add your portlet at the end.
portlet.add.default.resource.check.whitelist=3,56_INSTANCE_0000,58,82,86,87,88,103,113,145,164,166,170,177,101_INSTANCE_6yDjm6kcSUF4
Copy existing property from portal-ext and add your portlet at the end.
Mohd Danish, modificado 9 Anos atrás.
RE: Reject Process Action
Regular Member Postagens: 187 Data de Entrada: 05/03/12 Postagens Recentes
It is not instantiable. I tried to put up the the name of the portlet in the whitelist, but still it is showing the same.
Andew Jardine, modificado 9 Anos atrás.
RE: Reject Process Action (Resposta)
Liferay Legend Postagens: 2416 Data de Entrada: 22/12/10 Postagens Recentes
Does the link in the URL contain the p_auth parameter? If it does then you are likely being caught by the auth token check. Check out this property in the portal.properties file --
You could disable it altogther, but that does raise some possible XSS security issues I think. Best bet, if this is the cause of your problem, is to try to disable it just for this portlet.
Or possibly even remove it from the url that is emailed and see if that works.
##
## Authentication Token
##
#
# Set this to true to enable authentication token security checks. The
# checks can be disabled for specific actions via the property
# "auth.token.ignore.actions" or for specific portlets via the init
# parameter "check-auth-token" in portlet.xml.
#
auth.token.check.enabled=true
You could disable it altogther, but that does raise some possible XSS security issues I think. Best bet, if this is the cause of your problem, is to try to disable it just for this portlet.
Or possibly even remove it from the url that is emailed and see if that works.
Mohd Danish, modificado 9 Anos atrás.
RE: Reject Process Action
Regular Member Postagens: 187 Data de Entrada: 05/03/12 Postagens Recentes
Thanks a lot that worked..
Tomas Polesovsky, modificado 9 Anos atrás.
RE: Reject Process Action
Liferay Master Postagens: 676 Data de Entrada: 13/02/09 Postagens Recentes
Please don't disable whole CSRF check, you open a significant security hole, keep:
Rather, extract the email functionality into separate portlet and white-list the portlet using:
auth.token.check.enabled=true
Rather, extract the email functionality into separate portlet and white-list the portlet using:
auth.token.ignore.portlets=xxx_WAR_xxx