Liferay ist zum sechsten Mal in Folge ein Leader im Gartner Magic Quadrant. Hier mehr erfahren
The Proposals Wiki has been deprecated in favor of creating Feature Requests in JIRA. If you wish to propose a new idea for a feature, visit the Community Ideas Dashboard and read the Feature Requests Wiki page for more information about submitting your proposal.
« Zurück zu FrontPage

Feeds and authentication

From the Jira Issue: Before Liferay 5.2.x you could access Message Board RSS feeds (and other) from a private page without authentication. Since 5.2.x you must authenticate for accessing such a feed. Instead of using HTTP (Basic) Authentication, you must use the form-based auth (or OpenID, CAS-SSO,..)

That is very annoying, because common feed readers only know to authenticate by using HTTP Authentication. And the is a property in where you can set the non auth paths "auth.public.paths". If this property is there and "/message_boards/rss" in included in this property, there should be no authentication required for feeds.

So what is the point? Either the entries in "auth.public.paths" are respected with no exceptions, or feeds should be accessible by using HTTP (Basic) Authentication, if a feed is from a Message Board in a private community.

What about OpenID, CAS-SSO and other Single Sign-On systems? They should also be supported, otherwise the access to RSS feeds might be broken again, if you use any kind of SSO

0 Anhänge
23735 Angesehen
Durchschnitt (2 Stimmen)
Die durchschnittliche Bewertung ist 5.0 von max. 5 Sternen.
Antworten im Thread Autor Datum
Would like to recommend adding PKI Authentication. Krista M Leopold 24. November 2009 07:30
One solution is posted in Jira... Tobias Käfer 8. Dezember 2009 03:38
Thanks Tobias, I'll try your solution. Hope... Lari Tuominen 25. Februar 2010 02:21

Would like to recommend adding PKI Authentication.
Gepostet am 24.11.09 07:30.
One solution is posted in Jira
This covers only wiki, blog and message-board feeds.

It does not cover the activities portlet, since this one uses a URL that is cannot be filter in servlet containers, since you cannot create something like this:
Gepostet am 08.12.09 03:38.
Thanks Tobias, I'll try your solution. Hope this will be fixed soon.
Gepostet am 25.02.10 02:21 als Antwort auf Tobias S. Käfer.