This wiki does not contain official documentation and is currently deprecated and read only. Please try reading the documentation on the Liferay Developer Network, the new site dedicated to Liferay documentation. DISCOVER Build your web site, collaborate with your colleagues, manage your content, and more. DEVELOP Build applications that run inside Liferay, extend the features provided out of the box with Liferay's APIs. DISTRIBUTE Let the world know about your app by publishing it in Liferay's marketplace. PARTICIPATE Become a part of Liferay's community, meet other Liferay users, and get involved in the open source project. Feeds and authentication
From the Jira Issue: Before Liferay 5.2.x you could access Message Board RSS feeds (and other) from a private page without authentication. Since 5.2.x you must authenticate for accessing such a feed. Instead of using HTTP (Basic) Authentication, you must use the form-based auth (or OpenID, CAS-SSO,..)
That is very annoying, because common feed readers only know to authenticate by using HTTP Authentication. And the is a property in portal.properties where you can set the non auth paths "auth.public.paths". If this property is there and "/message_boards/rss" in included in this property, there should be no authentication required for feeds.
So what is the point? Either the entries in "auth.public.paths" are respected with no exceptions, or feeds should be accessible by using HTTP (Basic) Authentication, if a feed is from a Message Board in a private community.
What about OpenID, CAS-SSO and other Single Sign-On systems? They should also be supported, otherwise the access to RSS feeds might be broken again, if you use any kind of SSO
