在 Liferay Portlet 中实现永久链接机制

发布于 2024-12-17 07:53:30 字数 473 浏览 1 评论 0原文

我正在尝试为我正在开发的 portlet 创建一个永久链接系统(Spring MVC、Liferay 6.0.6)。 我的想法是创建并映射一个特殊的 URL,因此我通常将查询字符串附加到当前 URL。它工作正常,直到我尝试在注销/登录后使用该链接。

http://localhost:8080/web/guest/home?p_auth=ASDFGH&p_p_id=xviewer_WAR_xviewer_INSTANCE_Yz9i&p_p_lifecycle=1&p_p_state=normal&p_p_mode=view&p_p_col_id=column-2&p_p_col_count=1&_xviewer_WAR_xviewer_INSTANCE_Yz9i_action=permalink&xQuery=asd

问题是 Liferay 抱怨权限不够,这当然是有道理的。 我该怎么做呢?

I am trying to create a permalink system for the portlets I'm developing (Spring MVC, Liferay 6.0.6).
My idea was to create and map a special URL, so I used to append a query string to the current URL. It worked fine until I tried to use the link after a log-out/log-in.

http://localhost:8080/web/guest/home?p_auth=ASDFGH&p_p_id=xviewer_WAR_xviewer_INSTANCE_Yz9i&p_p_lifecycle=1&p_p_state=normal&p_p_mode=view&p_p_col_id=column-2&p_p_col_count=1&_xviewer_WAR_xviewer_INSTANCE_Yz9i_action=permalink&xQuery=asd

the problem is that Liferay screams about not enough privileges, which of course make sense.
How should I do it?

如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。

扫码二维码加入Web技术交流群

发布评论

需要 登录 才能够评论, 你可以免费 注册 一个本站的账号。

评论(1

小鸟爱天空丶 2024-12-24 07:53:30

我猜问题出在 p_auth=ASDFGH
为了进行测试,您可以放入

auth.token.check.enabled=false

portal-ext.properties,重新启动服务器,再次创建链接并进行测试吗?

如果它有效,那么您有几个选项可以禁用特定 portlet/操作的令牌检查。

以下属性是来自 Portal.properties 的“身份验证令牌”设置

#
# Set this to true to enable authentication token security checks. The
# checks can be disabled for specific actions via the property
# "auth.token.ignore.actions" or for specific portlets via the init
# parameter "check-auth-token" in portlet.xml.
#
auth.token.check.enabled=true

#
# Set the authentication token class. This class must implement
# com.liferay.portal.security.auth.AuthToken. This class is used to prevent
# CSRF attacks. See http://issues.liferay.com/browse/LPS-8399 for more
# information.
#
auth.token.impl=com.liferay.portal.security.auth.SessionAuthToken

#
# Input a list of comma delimited struts actions that will not be checked
# for an authentication token.
#
auth.token.ignore.actions=\
    /asset/rss,\
    \
    /blogs/rss,\
    \
    /document_library/edit_file_entry,\
    \
    /journal/rss,\
    \
    /image_gallery/edit_image,\
    \
    /login/login,\
    \
    /message_boards/rss,\
    \
    /wiki/edit_page_attachment,\
    /wiki/rss

#
# Set the shared secret that is used for requests where it is not possible
# to generate an authentication token (i.e. WSRP).
#
auth.token.shared.secret=BAHyWOT9TbPB

I guess the problem is with p_auth=ASDFGH
Can you, for test, put

auth.token.check.enabled=false

in portal-ext.properties, restart server, make your link again and test it.

If it works than you have several options to disable token check for specific portlet/action.

Following properties are "Authentication Token" settings from portal.properties

#
# Set this to true to enable authentication token security checks. The
# checks can be disabled for specific actions via the property
# "auth.token.ignore.actions" or for specific portlets via the init
# parameter "check-auth-token" in portlet.xml.
#
auth.token.check.enabled=true

#
# Set the authentication token class. This class must implement
# com.liferay.portal.security.auth.AuthToken. This class is used to prevent
# CSRF attacks. See http://issues.liferay.com/browse/LPS-8399 for more
# information.
#
auth.token.impl=com.liferay.portal.security.auth.SessionAuthToken

#
# Input a list of comma delimited struts actions that will not be checked
# for an authentication token.
#
auth.token.ignore.actions=\
    /asset/rss,\
    \
    /blogs/rss,\
    \
    /document_library/edit_file_entry,\
    \
    /journal/rss,\
    \
    /image_gallery/edit_image,\
    \
    /login/login,\
    \
    /message_boards/rss,\
    \
    /wiki/edit_page_attachment,\
    /wiki/rss

#
# Set the shared secret that is used for requests where it is not possible
# to generate an authentication token (i.e. WSRP).
#
auth.token.shared.secret=BAHyWOT9TbPB
~没有更多了~
我们使用 Cookies 和其他技术来定制您的体验包括您的登录状态等。通过阅读我们的 隐私政策 了解更多相关信息。 单击 接受 或继续使用网站,即表示您同意使用 Cookies 和您的相关数据。
原文