Foren

  1. Startseite
  2. Development
  3. Block unsued structs actions

Block unsued structs actions

Aleksandr Kaushanskiy, geändert vor 6 Jahren.

Block unsued structs actions

New Member Beiträge: 6 Beitrittsdatum: 12.01.16 Neueste Beiträge
We are trying to block unauthenticated user to access struct-actions example like /serach/serach. Currently its allowing to access below url without authentication like this there are bunch of actions allowing . we want to restrict that for externally.

Are there any property or configuration will restrict the access ?

Ex:

https://<HOST_NAME>>/p_p_id=113&p_p_lifecycle=0&p_p_state=maximized&p_p_mode=view&_3_struts_action=%2Fsearch%2Fsearch
thumbnail
Denis Signoretto, geändert vor 6 Jahren.

RE: Block unsued structs actions

Expert Beiträge: 375 Beitrittsdatum: 21.04.09 Neueste Beiträge
Hi

exist a property to skip authentication for public portal actions:

    #
    # Enter a list of comma delimited paths that do not require authentication.
    #
    auth.public.paths=\
        /asset/get_categories,\
        \
        /blogs/find_entry,\
        /blogs/rss,\
        /blogs/trackback,\
        \
        /blogs_aggregator/rss,\
        ...
        /search/open_search,\
        /search/open_search_description.xml,\
        ...


Moreover you can implement your own service pre action (take a look to hooking injecting a servlet.service.events.pre Action class) if you want to add custom logic to struts actions (portal and portlet struts actions).

Bye!
Denis.

[1] - https://dev.liferay.com/develop/tutorials/-/knowledge_base/6-2/performing-a-custom-action-using-a-hook