Combination View Flat View Tree View
Threads [ Previous | Next ]
Ozeri Nir
Forbidden You do not have permission
September 20, 2010 6:42 AM

Ozeri Nir

Rank: New Member

Posts: 11

Join Date: September 16, 2010

Recent Posts


I have changed init_custom.vm and added the following lines
#set ($sign_in_text = $languageUtil.get($locale, "sign-in"))
#set ($sign_in_url = $portletURLFactory.create($request, "58", $page.getPlid(), "ACTION_PHASE"))
$sign_in_url.setParameter("struts_action", "/login/open_id");
$sign_in_url.setParameter("openId", "[URL for OpenId provider]");
$sign_in_url.setParameter("saveLastPath", "0");

At first login it seems to work ok, I am being redirected to the OpenId provider and once using the correct credentials I am being redirected to the portal home page.

Sign out also seems to work fine.

The next time I am trying to sign in I get the following error,


You do not have permission to access the requested resource.

http://[portal URL]:8080/home?p_auth=bZDP2MdE&p_p_auth=DTuw3wW3&p_p_id=58&p_p_lifecycle=1&p_p_state=maximized&p_p_mode=view&_58_struts_action=%2Flogin%2Fopen_id&_58_openId=http%3A%2F%2F[portal URL]%2Fsso%2Fauth%2Fid&saveLastPath=0"

If I click the "Sign In" link again the user is being signed in properly.

So, I see a cycle of getting the above error, then clicking the sign in again and the user is being logged in properly.

I am trying to achieve the following:
- User click the "Sign in" link and NOT presented with the login portlet
- Instead, the user is being redirected to OpenId provider (always the same provider)
- User will log in using his credentials on the OpenId provider server, then will be redirected back to the liferay portal

Is that the correct way to do it? if yes, why do I get the Forbidden error?
If this is not the correct way to implement it, please suggest a different/better way.
Amos Fong
RE: Forbidden You do not have permission
September 14, 2011 12:05 AM

Amos Fong


Rank: Liferay Legend

Posts: 1953

Join Date: October 7, 2008

Recent Posts

You can add that action (/login/open_id) to the list of ignored actions in

I think this might be a good idea to add by default, if you agree you can open a ticket at

 1  #
 2    # Input a list of comma delimited struts actions that will not be checked
 3    # for an authentication token.
 4    #
 5    auth.token.ignore.actions=\
 6        /asset/rss,\
 7        \
 8        /blogs/edit_entry,\
 9        /blogs/rss,\
10        \
11        /blogs_aggregator/edit_entry,\
12        /blogs_aggregator/rss,\
13        \
14        /document_library/edit_file_entry,\
15        \
16        /journal/rss,\
17        \
18        /image_gallery/edit_image,\
19        \
20        /login/login,\
21        \
22        /message_boards/edit_message,\
23        /message_boards/rss,\
24        \
25        /my_places/view,\
26        \
27        /wiki/edit_page,\
28        /wiki/edit_page_attachment,\
29        /wiki/get_page_attachment,\
30        /wiki/rss,\
31        \
32        /wiki_admin/edit_page_attachment
Pramod Bavchikar
RE: Forbidden You do not have permission
October 5, 2012 3:11 AM

Pramod Bavchikar

Rank: New Member

Posts: 2

Join Date: October 4, 2012

Recent Posts

I'm facing the same 403 (Forbidden) error.
I'm using liferay with annotation driven Spring MVC.
My portlet has multiple AJAX calls (@ResourceMapping) and one Form submit (@ActionMapping)
All was running well and fine until I had to implement a hook and ext for custom login.
Since then i encounter
- " Forbidden
You do not have permission to access the requested resource. "
whenever my form submit is called. No such issue faced for any of the AJAX calls.
I'm unable to isolate the source of the problem or a solution for the same. (Im using Liferay 6.1.1)

Thanks in Advance.