Foren

  1. Startseite
  2. Development
  3. Liferay URL issue : Need to identify whether the url is created by some oth

Liferay URL issue : Need to identify whether the url is created by some oth

kehsihba eejrenab, geändert vor 11 Jahren.

Liferay URL issue : Need to identify whether the url is created by some oth

Junior Member Beiträge: 82 Beitrittsdatum: 16.07.09 Neueste Beiträge
In our project we have a requirement of sharing parameters between various portlets using URL.
the sample url is ,
http://localhost:8080/web/guest/test2?p_p_id=senderportlet_WAR_IPCDemoportlet_INSTANCE_qa1Y&p_p_lifecycle=0&p_p_state=normal&p_p_mode=view&p_p_col_id=column-1&p_p_col_count=2&_senderportlet_WAR_IPCDemoportlet_INSTANCE_qa1Y_paramval=1234


The end of the url has "paramval=1234". The url is read by a portlet on the same page(Reciever portlet) which fetches a document from a custom database.

The problem occurs when a user directly types the url on the browser with different docuement number. He gets access to the documents.The reciever portlet doesn't understand whether the url is created generated by other portlets on the page or directly typed on the browser.

Is there a way yo identify in the reciever portlet's lifecycle methods whether the url is created by some other portlet or typed by user directly?
Oliver Bayer, geändert vor 11 Jahren.

RE: Liferay URL issue : Need to identify whether the url is created by some

Liferay Master Beiträge: 894 Beitrittsdatum: 18.02.09 Neueste Beiträge
Hi,

I don't think you can easily distinguish between an url created by your portlet and one modified by a user. The better approach would be to implement some sort of permission checking for your receiver portlet (you can use the permissionChecker object for it). Doing it that way you can be asured that a user is only seeing documents for which he has the permission for (even if he's guessing document numbers).

HTH Oli
kehsihba eejrenab, geändert vor 11 Jahren.

RE: Liferay URL issue : Need to identify whether the url is created by some

Junior Member Beiträge: 82 Beitrittsdatum: 16.07.09 Neueste Beiträge
Thanks for the reply Oliver.

The problem here is . The user is already logged in and his session is active.
And now he opens another tab and writes the url directly in the browser with changed param values and gets access to the documents.
We are asked to restrict the direct url access and allow only if the url is generated from some Caller portlet.

Is there any other way to make the reciever portlet know that the request is from a portlet and not directly typed url.
thumbnail
Jan Geißler, geändert vor 11 Jahren.

RE: Liferay URL issue : Need to identify whether the url is created by some

Liferay Master Beiträge: 735 Beitrittsdatum: 05.07.11 Neueste Beiträge
This is technically impossible as all WebApplications are stateless. You do not have any possibility to check if a URL is typed in the Browser or generated by a caller portlet. What you want to do is definatly not possible the way you want to achieve it. Only thing could be to create some random HASH value which gets shared for a user or so. But the easiest way would be implementing permission checks, if a User has the permission to view a resource or not.
kehsihba eejrenab, geändert vor 11 Jahren.

RE: Liferay URL issue : Need to identify whether the url is created by some

Junior Member Beiträge: 82 Beitrittsdatum: 16.07.09 Neueste Beiträge
Thanks for the reply.

We are starting on it with a new approach using shared portlet session.

PortletSession psession=actionRequest.getPortletSession();
String val="True";
psession.setAttribute( "LIFERAY_SHARED_mySpecialVar", val,PortletSession.APPLICATION_SCOPE);

we could set a value inside a variable and put it in session from portlet A and read the value from portlet B and make the sahred variable as "false".
But, on deploying them on the same portal page.
Portlet B's doview() is called first and it cant find any value in the session.
Then , PortletA's doview() is called.

Can you suggest me how to handle this situation.
thumbnail
Jan Geißler, geändert vor 11 Jahren.

RE: Liferay URL issue : Need to identify whether the url is created by some

Liferay Master Beiträge: 735 Beitrittsdatum: 05.07.11 Neueste Beiträge
Actually, I can't help you with that. Also I do think this will not work. I think I would try to do some AuthCode Code logic and decrypt it in the parameters.
Maybe you could set the sessionValue in the RenderMethod of portlet b, as portlet a get's fired first. But you will face a Problem if you change the portlets on that page. I would have to give this some serious thoughts, but unfortunatly I don't have the time for that right now.