Forbidden You do not have permission

Foren

Ozeri Nir, geändert vor 13 Jahren.

Forbidden You do not have permission

New Member Beiträge: 11 Beitrittsdatum: 16.09.10 Neueste Beiträge

Hi,

I have changed init_custom.vm and added the following lines
#set ($sign_in_text = $languageUtil.get($locale, "sign-in"))
#set ($sign_in_url = $portletURLFactory.create($request, "58", $page.getPlid(), "ACTION_PHASE"))
$sign_in_url.setWindowState("maximized");
$sign_in_url.setPortletMode("view");
$sign_in_url.setParameter("struts_action", "/login/open_id");
$sign_in_url.setParameter("openId", "");
$sign_in_url.setParameter("saveLastPath", "0");

At first login it seems to work ok, I am being redirected to the OpenId provider and once using the correct credentials I am being redirected to the portal home page.

Sign out also seems to work fine.

The next time I am trying to sign in I get the following error,

"Forbidden

You do not have permission to access the requested resource.

http://[portal URL]:8080/home?p_auth=bZDP2MdE&p_p_auth=DTuw3wW3&p_p_id=58&p_p_lifecycle=1&p_p_state=maximized&p_p_mode=view&_58_struts_action=%2Flogin%2Fopen_id&_58_openId=http%3A%2F%2F[portal URL]%2Fsso%2Fauth%2Fid&saveLastPath=0"

If I click the "Sign In" link again the user is being signed in properly.

So, I see a cycle of getting the above error, then clicking the sign in again and the user is being logged in properly.

I am trying to achieve the following:
- User click the "Sign in" link and NOT presented with the login portlet
- Instead, the user is being redirected to OpenId provider (always the same provider)
- User will log in using his credentials on the OpenId provider server, then will be redirected back to the liferay portal

Is that the correct way to do it? if yes, why do I get the Forbidden error?
If this is not the correct way to implement it, please suggest a different/better way.

Amos Fong, geändert vor 12 Jahren.

RE: Forbidden You do not have permission

Liferay Legend Beiträge: 2047 Beitrittsdatum: 07.10.08 Neueste Beiträge

You can add that action (/login/open_id) to the list of ignored actions in portal-ext.properties:

I think this might be a good idea to add by default, if you agree you can open a ticket at http://issues.liferay.com

  #
    # Input a list of comma delimited struts actions that will not be checked
    # for an authentication token.
    #
    auth.token.ignore.actions=\
        /asset/rss,\
        \
        /blogs/edit_entry,\
        /blogs/rss,\
        \
        /blogs_aggregator/edit_entry,\
        /blogs_aggregator/rss,\
        \
        /document_library/edit_file_entry,\
        \
        /journal/rss,\
        \
        /image_gallery/edit_image,\
        \
        /login/login,\
        \
        /message_boards/edit_message,\
        /message_boards/rss,\
        \
        /my_places/view,\
        \
        /wiki/edit_page,\
        /wiki/edit_page_attachment,\
        /wiki/get_page_attachment,\
        /wiki/rss,\
        \
        /wiki_admin/edit_page_attachment

Pramod Bavchikar, geändert vor 11 Jahren.

RE: Forbidden You do not have permission

New Member Beiträge: 2 Beitrittsdatum: 04.10.12 Neueste Beiträge

I'm facing the same 403 (Forbidden) error.
I'm using liferay with annotation driven Spring MVC.
My portlet has multiple AJAX calls (@ResourceMapping) and one Form submit (@ActionMapping)
All was running well and fine until I had to implement a hook and ext for custom login.
Since then i encounter
- " Forbidden
You do not have permission to access the requested resource. " whenever my form submit is called. No such issue faced for any of the AJAX calls.
I'm unable to isolate the source of the problem or a solution for the same. (Im using Liferay 6.1.1)

Thanks in Advance.