Forums

Home » Liferay Portal » English » 3. Development

Combination View Flat View Tree View
Threads [ Previous | Next ]
toggle
MICHAIL MOUDATSOS
CP Acces: Undeploy Control Panel portlet
November 22, 2011 5:03 AM
Answer

MICHAIL MOUDATSOS

Rank: Regular Member

Posts: 110

Join Date: October 4, 2011

Recent Posts

Hello all,


I' dealing with a customer with very strict security concerns. After I have managed to restrict access to control panel for specific users using a hook, the client went a step further and asked if it is possible to allow access to cotrol panel only from a specific host , e.g. localhost. I also thought about hook and dealing with the request's source ip/hostname. Stll the client is not convinced that the control panel will not be accessible from someone/somewhere-else/somehow and I thought about completely undeploying the Control Panel portlet.

Is it even possible? I ve read around many topicsthe phrase "Control Panel portlet", I even read its deployement id in a deployment .xml file (while I was trying to find a restrict-access solution, I think) but I'm not sure whether it is and whether it is treated as yet another portlet and most importanlty, what its functionality encloses as a whole? Does it only offer the administration possibility through a page or does it also explicitly implement it for any other case? To be short and more precise, my web app does its own management through liferay API calls from code. If undeploying the CP is possible, will that restrain my code from performing its actions (i.e implicitly this portlet provides the core functionality of liferay) or is this completely irrelevant and my code will work just fine (meaning that it just provides the functionality and delegates it to other portal code running even if CP portlet is removed)?

Thank you in advance
Jan van der Kaaden
RE: CP Acces: Undeploy Control Panel portlet
November 24, 2011 12:27 AM
Answer

Jan van der Kaaden

Rank: New Member

Posts: 20

Join Date: March 20, 2011

Recent Posts

Hi Michail,
We had a comparable situation. Our solution was to restrict access to the control pannel using Apache.
To restrict access we redirect all calls with a RewriteRule done to yoursite.com/web/guest and yoursite.com/group/control_panel to the main page of our portal.
An advantage of this construction is that you are able to allow people from your LAN to access the control panel by accessing the applicationserver directly instead of the webserver.
Sharana Basavaraj Ballari
RE: CP Acces: Undeploy Control Panel portlet
November 24, 2011 10:22 AM
Answer

Sharana Basavaraj Ballari

Rank: Regular Member

Posts: 139

Join Date: September 9, 2007

Recent Posts

Hi Michail,

Liferay provides robust user management functionalities. using which user can be assigned as a Member, Owner and Administrator. you can create user roles where he will not have access to control panel functionalities. all other routes of achieving this seems like work around for me.

HTH
Sharan
MICHAIL MOUDATSOS
RE: CP Acces: Undeploy Control Panel portlet
November 25, 2011 6:55 AM
Answer

MICHAIL MOUDATSOS

Rank: Regular Member

Posts: 110

Join Date: October 4, 2011

Recent Posts

@Jan van der Kaaden
Thanks very much for the response!

It was very interesting though I must read more about it cause I m not really an expert and I don't know what happens if client doesn't use apache. One more question on this:

Could a similar scheme be applied (with an appropriate n/w setup) even for intra-domain access?

Thank you in advance
MICHAIL MOUDATSOS
RE: CP Acces: Undeploy Control Panel portlet
November 25, 2011 6:58 AM
Answer

MICHAIL MOUDATSOS

Rank: Regular Member

Posts: 110

Join Date: October 4, 2011

Recent Posts

@Sharana Basavaraj Ballari

Thank you very much, for your response. The thing about what you say is that you missed the point that I want to completely restrain access to control panel for non administrator users, a thing which I have already achieved using hook (concerning access to control panel) and portal-ext.properties (concerning public/private layouts). So I was asking for more control over not only who but from WHERE control panel can be accessed.

Maybe things are more clear now about what I want

Thank you anyway!