Foren

User able to access private pages by hiting URL directly

thumbnail
Abhishek Saxena, geändert vor 14 Jahren.

User able to access private pages by hiting URL directly

Regular Member Beiträge: 130 Beitrittsdatum: 17.06.09 Neueste Beiträge
Hi All ,

I have two communities which have all pages as private , custom portlets are available on these pages.

Roles have been created under regular roles which are assigned to user dynamically through custom code.
There are 3 levels of permission in which super user has complete access
intermediate user has been restricted to some pages and view_only user can only see few pages with CMS content . Few pages have content download repository access portlet on them which should not be seen by view only user.

I have checked the roles by logging they are correctly assigned to the users . View only user is not able to view pages in his navigation.

Problem statement : The view only user is able to access the private pages by typing the URL to prohibited page e.g. http://mydomain.mysite/mycommunity/do_not_access

Please provide some pointers why users are able to access these pages and how can i restrict them to access page by typing in the URL
thumbnail
Sandeep Nair, geändert vor 14 Jahren.

RE: User able to access private pages by hiting URL directly

Liferay Legend Beiträge: 1744 Beitrittsdatum: 06.11.08 Neueste Beiträge
Hi Abhishek,

I am not sure if this would help. As an admin go to manage pages. Click on the page which is in question. Click permission button at bottom. You will see guest tab and community tab. Make sure "View" is not allowed to both.

Let me know if it works.

Regards,
Sandeep
thumbnail
Abhishek Saxena, geändert vor 14 Jahren.

RE: User able to access private pages by hiting URL directly

Regular Member Beiträge: 130 Beitrittsdatum: 17.06.09 Neueste Beiträge
Guest permissions are not enabled ,on regular navigation view user is not able to see the pages but direct access by typing URL is possible.
See attached screen shot
thumbnail
Sandeep Nair, geändert vor 14 Jahren.

RE: User able to access private pages by hiting URL directly

Liferay Legend Beiträge: 1744 Beitrittsdatum: 06.11.08 Neueste Beiträge
Hi mate,

I am not sure why then coz it has to throw principalexception from portalrequestprocessor which is handled in /portal/error.jsp which shows the message you-do-not-have-the-roles-required-to-access-this-page. You can check PortalRequestProcessor in debug mode, it has tothrow exception here

if(!PortletPermissionUtil.contains(permissionChecker,layout.getPlid(),portlet,ActionKeys.VIEW)) {

	throw new PrincipalException()
}


In your case it is not, so it is getting permission to view that layout/page somewhere.

Regards,
Sandeep
thumbnail
Amos Fong, geändert vor 14 Jahren.

RE: User able to access private pages by hiting URL directly

Liferay Legend Beiträge: 2047 Beitrittsdatum: 07.10.08 Neueste Beiträge
Are users members of the community?
thumbnail
Abhishek Saxena, geändert vor 14 Jahren.

RE: User able to access private pages by hiting URL directly

Regular Member Beiträge: 130 Beitrittsdatum: 17.06.09 Neueste Beiträge
yes users are members of the community and only Community Member role is provided.
thumbnail
Charles Okonkwo, geändert vor 7 Jahren.

RE: User able to access private pages by hiting URL directly

New Member Beiträge: 2 Beitrittsdatum: 18.08.16 Neueste Beiträge
Did anyone find solution to this problem, I am currently having the same issue in liferay 6.2

Please, I would appreciate any help.
thumbnail
Charles Okonkwo, geändert vor 7 Jahren.

RE: User able to access private pages by hiting URL directly

New Member Beiträge: 2 Beitrittsdatum: 18.08.16 Neueste Beiträge
I couldn't find a solution to this.
Eventually, I had to implement my own security to redirect users.
If anyone has a solution to this, or ever comes up with one, please I would appreciate if you share it.

Thanks.