留言板

  1. 主页
  2. Portal
  3. Liferay search ignores permissions

Liferay search ignores permissions

Klaus Bachmaier,修改在9 年前。

Liferay search ignores permissions

Regular Member 帖子: 223 加入日期: 13-9-30 最近的帖子
This is a question regarding the EE Version of Liferay. The reason I'm posting it here is, that my problem occurs in a development environment, so I can't use the LR Enterprise Support:

I have set up two (hopefully) exact same servers with Liferay 6.1.30 EE . One is meant to be my "live" server, the other as "staging". The installed patches are the same on both machines:

currently installed patches: administration-5-6130, asset-framework-9-6130, business-productivity-2-6130, collaboration-8-6130, development-3-6130, document-management-11-6130, dynamic-data-lists-7-6130, misc-4-6130, platform-22-6130, search-3-6130, social-networking-1-6130, user-interface-9-6130, wcm-core-12-6130, web-content-11-6130

On one of these servers (the "live" server) the liferay search ignores role permissions for web content articles and D&M Documents. When I create a Web Article, remove all permissions with the exception of "Owner" permissions, this article will be shown in the result list of a search, even for "guest" users. When I try to open this article from the result list I'm forced to Login into the portal, but the Title and Abstract of the article are visible in the search result list. With Documents from the D&M Library it's even worse, as I still can download these documents when they show up in the result list of a search, when I'm not logged into the portal ("guest" Role) and the document as well as the Folder in whitch the document resides should be only visible and accessible for the "owner".

On the second server everythings works as expected, there are none of the aforementioned problems on my "stage" server. I can't see any differences between my two portal instances and simply have no idea on how i get any further with this problem. Any ideas why the search functionality behaves differnt on two servers with the exact same codebase?
thumbnail
Juan Gonzalez,修改在9 年前。

RE: Liferay search ignores permissions

Liferay Legend 帖子: 3089 加入日期: 08-10-28 最近的帖子
Hi Klaus,

does LPS-45619 fits your use case?
Klaus Bachmaier,修改在9 年前。

RE: Liferay search ignores permissions

Regular Member 帖子: 223 加入日期: 13-9-30 最近的帖子
No, that's not the problem. I know, I wrote about a "staging" server, but we don't use Liferay staging in our setup. It's just a development server and a live server. Meanwhile i found out, that permissions on web content and documents are completely ignored by the live server. When i create a web content and set permissions for the web content (and for the web content display portlet) so that only the owner should see the article (and portlet), it's also displayed to "guest" users. When I do the same on our development server (same Liferay Version, same patches, same plugins), everything works as expected, and the article won't shown to any other user than the "owner".
thumbnail
Juan Gonzalez,修改在9 年前。

RE: Liferay search ignores permissions

Liferay Legend 帖子: 3089 加入日期: 08-10-28 最近的帖子
Hi Klaus, does your "live" server (better now to say "production" now you aren't using staging feature in Liferay) has a proxy/load balancer with some web cache feature enabled? Are you using a cluster with more than 1 node in your production server?
Klaus Bachmaier,修改在9 年前。

RE: Liferay search ignores permissions

Regular Member 帖子: 223 加入日期: 13-9-30 最近的帖子
No, there is neither a cluster nor a load balancer in our setup. Just an Apache Webserver in front of the Liferay server.

But there are a lot of custom plugins deployed on the server. Currently I try to undeploy/redeploy them to see if there's something wrong with them. On the other hand: The same plugins are installed on our "Staging" server, and there everything works as expected.
thumbnail
Juan Gonzalez,修改在9 年前。

RE: Liferay search ignores permissions

Liferay Legend 帖子: 3089 加入日期: 08-10-28 最近的帖子
Klaus Bachmaier:
No, there is neither a cluster nor a load balancer in our setup. Just an Apache Webserver in front of the Liferay server.


So, do you have only 1 Liferay node?

Can you check if Apache webserver is caching any of the web pages? Can you try accessing Liferay node directly to see if content is retrieved as it should?
Klaus Bachmaier,修改在9 年前。

RE: Liferay search ignores permissions

Regular Member 帖子: 223 加入日期: 13-9-30 最近的帖子
Yes, just one node, and I can access the Server directly. I've already rebuilt any Kind of caches and search indices using the server administration page of the Liferay control panel. When I create a new Web Article, remove all permissions from it except the "owner" permissions, and put it on a brand new page of my site, it immediately gets displayed to "guest" users if I open it with another browser where I'm not logged in to my portal.

Permissions work on pages, so when I remove the "guest" permissions of a page, then it won't be displayed to guest users. But they don't work with web content, documents and permission settings of portlets.
thumbnail
Juan Gonzalez,修改在9 年前。

RE: Liferay search ignores permissions

Liferay Legend 帖子: 3089 加入日期: 08-10-28 最近的帖子
Klaus Bachmaier:
Yes, just one node, and I can access the Server directly. I've already rebuilt any Kind of caches and search indices using the server administration page of the Liferay control panel. When I create a new Web Article, remove all permissions from it except the "owner" permissions, and put it on a brand new page of my site, it immediately gets displayed to "guest" users if I open it with another browser where I'm not logged in to my portal.

Permissions work on pages, so when I remove the "guest" permissions of a page, then it won't be displayed to guest users. But they don't work with web content, documents and permission settings of portlets.


Sorry, but can't reproduce. I guess you will have to check about differences (maybe portal-ext.properties and apache config.) between both environments.
Klaus Bachmaier,修改在9 年前。

RE: Liferay search ignores permissions

Regular Member 帖子: 223 加入日期: 13-9-30 最近的帖子
Thank you Juan for your efforts. The problem is, that I also can't reproduce the issue on any other Liferay server with the same portal version and patches installed. I see this problem only on this single "live" server.
thumbnail
Juan Gonzalez,修改在9 年前。

RE: Liferay search ignores permissions

Liferay Legend 帖子: 3089 加入日期: 08-10-28 最近的帖子
Klaus Bachmaier:
Thank you Juan for your efforts. The problem is, that I also can't reproduce the issue on any other Liferay server with the same portal version and patches installed. I see this problem only on this single "live" server.


No problem Klaus. I think this issue is caused by some kind of caching in your apache web server (using some configuration, even accessing the server directly, when clicking it would redirect again through apache).

There is no urgent need of caching resources through apache. Liferay deals with that (using HTTP headers and storing minified css/js resources for example).
Klaus Bachmaier,修改在9 年前。

RE: Liferay search ignores permissions

Regular Member 帖子: 223 加入日期: 13-9-30 最近的帖子
Problem solved: The issue was not about caching or staging, but the main cause was a very complex user defined role, with more than 60 different permissions. This role wasn't used in my test configurations (my test articles or portlets), but just the existence of this role caused the problems. I found this while compairing the existing roles in our stage system with the ones from the "live" server.

Thanks again Juan
thumbnail
Juan Gonzalez,修改在9 年前。

RE: Liferay search ignores permissions

Liferay Legend 帖子: 3089 加入日期: 08-10-28 最近的帖子
Good to know.

Thanks for posting what the problem was.