Fórum
Liferay EE 6 SP2 - Upgrade and session.store.password
Matthieu Levesque, modificado 12 Anos atrás.
Liferay EE 6 SP2 - Upgrade and session.store.password
Junior Member Postagens: 64 Data de Entrada: 13/02/09 Postagens Recentes
Hi,
I'm currently truing to install the latest version of Liferay EE 6 all upgrade process completes with no issue. The portal is working properly except for the property session.store.password that doesn't seem to have any effect, in the session there's no PASSWORD attribute/variable. We developed a portlet that was using this value and I can't go on with the update without this portlet.
Does anyone else having this issue? I've compared the source for com.liferay.portlet.login.util.LoginUtil and I don't see any issue.
Here's a summary of the session properties:
Thanks,
Matthieu
I'm currently truing to install the latest version of Liferay EE 6 all upgrade process completes with no issue. The portal is working properly except for the property session.store.password that doesn't seem to have any effect, in the session there's no PASSWORD attribute/variable. We developed a portlet that was using this value and I can't go on with the update without this portlet.
Does anyone else having this issue? I've compared the source for com.liferay.portlet.login.util.LoginUtil and I don't see any issue.
Here's a summary of the session properties:
session.shared.attributes org.apache.struts.action.LOCALE,COMPANY_,USER_,LIFERAY_SHARED_,PASSWORD
session.shared.attributes.excludes
session.store.password true
session.test.cookie.support true
Thanks,
Matthieu
David H Nebinger, modificado 12 Anos atrás.
RE: Liferay EE 6 SP2 - Upgrade and session.store.password
Liferay Legend Postagens: 14919 Data de Entrada: 02/09/06 Postagens Recentes
I would have said that Liferay storing a user's password as a session variable would be a security hole and asked for it to be removed.
Why on earth would you need the user's password anyway? They've already authenticated themselves, so having access to the password should not be necessary at all.
Why on earth would you need the user's password anyway? They've already authenticated themselves, so having access to the password should not be necessary at all.
Matthieu Levesque, modificado 12 Anos atrás.
RE: Liferay EE 6 SP2 - Upgrade and session.store.password
Junior Member Postagens: 64 Data de Entrada: 13/02/09 Postagens Recentes
We currently don't have an SSO system. So we are using the variable to log users on other systems. It's not the best solution but I was working...
Sandeep Nair, modificado 12 Anos atrás.
RE: Liferay EE 6 SP2 - Upgrade and session.store.password
Liferay Legend Postagens: 1744 Data de Entrada: 06/11/08 Postagens Recentes
Add the following in portal-ext.properties too
session.shared.attributes.excludes=
Regards,
Sandeep
session.shared.attributes.excludes=
Regards,
Sandeep
Matthieu Levesque, modificado 12 Anos atrás.
RE: Liferay EE 6 SP2 - Upgrade and session.store.password
Junior Member Postagens: 64 Data de Entrada: 13/02/09 Postagens Recentes
Hi,
Thanks for the reply.
If you take a look at my first post it's already set to nothing...
I'm currently testing with this configuration :
I still have an exception fired up by tomcat (java.lang.IllegalStateException: setAttribute: Session already invalidated).
Still digging...
Thanks for the reply.
If you take a look at my first post it's already set to nothing...
I'm currently testing with this configuration :
session.store.password=true
session.shared.attributes.excludes=
session.shared.attributes=org.apache.struts.action.LOCALE,COMPANY_,USER_,LIFERAY_SHARED_,USER_PASSWORD
I still have an exception fired up by tomcat (java.lang.IllegalStateException: setAttribute: Session already invalidated).
Still digging...
Sandeep Nair, modificado 12 Anos atrás.
RE: Liferay EE 6 SP2 - Upgrade and session.store.password
Liferay Legend Postagens: 1744 Data de Entrada: 06/11/08 Postagens Recentes
Is there any custom code you are deploying along with this. Can you paste the complete stacktrace? The exception clearly says you are trying to set something into an invalidated session. somewhere in ur custom code are you setting something in session?
Regards,
Sandeep
Regards,
Sandeep
Matthieu Levesque, modificado 12 Anos atrás.
RE: Liferay EE 6 SP2 - Upgrade and session.store.password
Junior Member Postagens: 64 Data de Entrada: 13/02/09 Postagens Recentes
Hi,
Again thanks for replying.
I have no customizations installed, no theme nor portlets only the prepackaged tomcat version of EE SP2.
Here's the stack trace:
I've ran the portal in debug mode in Eclipse to see where the problem starts. In the SharedSessionWrapper, when ever getSessionDelegate returns the _portalSession I will get this error.
Again thanks for replying.
I have no customizations installed, no theme nor portlets only the prepackaged tomcat version of EE SP2.
Here's the stack trace:
13:21:57,217 ERROR [LoginAction:119] java.lang.IllegalStateException: setAttribute: Session already invalidated
java.lang.IllegalStateException: setAttribute: Session already invalidated
at org.apache.catalina.session.StandardSession.setAttribute(StandardSession.java:1336)
at org.apache.catalina.session.StandardSession.setAttribute(StandardSession.java:1301)
at org.apache.catalina.session.StandardSessionFacade.setAttribute(StandardSessionFacade.java:130)
at com.liferay.portal.servlet.SharedSessionWrapper.setAttribute(SharedSessionWrapper.java:161)
at com.liferay.portlet.login.util.LoginUtil.login(LoginUtil.java:316)
at com.liferay.portlet.login.action.LoginAction.login(LoginAction.java:179)
at com.liferay.portlet.login.action.LoginAction.processAction(LoginAction.java:87)
at com.liferay.portal.struts.PortletRequestProcessor.process(PortletRequestProcessor.java:174)
at com.liferay.portlet.StrutsPortlet.processAction(StrutsPortlet.java:190)
at com.liferay.portlet.FilterChainImpl.doFilter(FilterChainImpl.java:70)
at com.liferay.portal.kernel.portlet.PortletFilterUtil.doFilter(PortletFilterUtil.java:48)
at com.liferay.portlet.InvokerPortletImpl.invoke(InvokerPortletImpl.java:653)
at com.liferay.portlet.InvokerPortletImpl.invokeAction(InvokerPortletImpl.java:689)
at com.liferay.portlet.InvokerPortletImpl.processAction(InvokerPortletImpl.java:361)
at com.liferay.portal.action.LayoutAction.processPortletRequest(LayoutAction.java:840)
at com.liferay.portal.action.LayoutAction.processLayout(LayoutAction.java:629)
at com.liferay.portal.action.LayoutAction.execute(LayoutAction.java:240)
at org.apache.struts.action.RequestProcessor.processActionPerform(RequestProcessor.java:431)
at org.apache.struts.action.RequestProcessor.process(RequestProcessor.java:236)
at com.liferay.portal.struts.PortalRequestProcessor.process(PortalRequestProcessor.java:170)
at org.apache.struts.action.ActionServlet.process(ActionServlet.java:1196)
at org.apache.struts.action.ActionServlet.doPost(ActionServlet.java:432)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:637)
at com.liferay.portal.servlet.MainServlet.callParentService(MainServlet.java:516)
at com.liferay.portal.servlet.MainServlet.service(MainServlet.java:493)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:717)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:290)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
at com.liferay.portal.kernel.servlet.filters.invoker.InvokerFilterChain.doFilter(InvokerFilterChain.java:72)
at com.liferay.portal.kernel.servlet.filters.invoker.InvokerFilterChain.doFilter(InvokerFilterChain.java:113)
at com.liferay.portal.kernel.servlet.filters.invoker.InvokerFilterChain.doFilter(InvokerFilterChain.java:113)
at com.liferay.portal.kernel.servlet.BaseFilter.processFilter(BaseFilter.java:121)
at com.liferay.portal.servlet.filters.secure.SecureFilter.processFilter(SecureFilter.java:199)
at com.liferay.portal.kernel.servlet.BaseFilter.doFilter(BaseFilter.java:48)
at com.liferay.portal.kernel.servlet.filters.invoker.InvokerFilterChain.processDoFilter(InvokerFilterChain.java:203)
at com.liferay.portal.kernel.servlet.filters.invoker.InvokerFilterChain.doFilter(InvokerFilterChain.java:105)
at com.liferay.portal.kernel.servlet.BaseFilter.processFilter(BaseFilter.java:121)
at com.liferay.portal.servlet.filters.autologin.AutoLoginFilter.processFilter(AutoLoginFilter.java:240)
at com.liferay.portal.kernel.servlet.BaseFilter.doFilter(BaseFilter.java:48)
at com.liferay.portal.kernel.servlet.filters.invoker.InvokerFilterChain.processDoFilter(InvokerFilterChain.java:203)
at com.liferay.portal.kernel.servlet.filters.invoker.InvokerFilterChain.doFilter(InvokerFilterChain.java:105)
at com.liferay.portal.kernel.servlet.filters.invoker.InvokerFilter.doFilter(InvokerFilter.java:75)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
at org.apache.catalina.core.ApplicationDispatcher.invoke(ApplicationDispatcher.java:646)
at org.apache.catalina.core.ApplicationDispatcher.processRequest(ApplicationDispatcher.java:436)
at org.apache.catalina.core.ApplicationDispatcher.doForward(ApplicationDispatcher.java:374)
at org.apache.catalina.core.ApplicationDispatcher.forward(ApplicationDispatcher.java:302)
at com.liferay.portal.servlet.FriendlyURLServlet.service(FriendlyURLServlet.java:136)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:717)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:290)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
at com.liferay.portal.kernel.servlet.filters.invoker.InvokerFilterChain.doFilter(InvokerFilterChain.java:72)
at com.liferay.portal.kernel.servlet.BaseFilter.processFilter(BaseFilter.java:121)
at com.liferay.portal.servlet.filters.strip.StripFilter.processFilter(StripFilter.java:301)
at com.liferay.portal.kernel.servlet.BaseFilter.doFilter(BaseFilter.java:48)
at com.liferay.portal.kernel.servlet.filters.invoker.InvokerFilterChain.processDoFilter(InvokerFilterChain.java:203)
at com.liferay.portal.kernel.servlet.filters.invoker.InvokerFilterChain.doFilter(InvokerFilterChain.java:105)
at com.liferay.portal.kernel.servlet.BaseFilter.processFilter(BaseFilter.java:121)
at com.liferay.portal.servlet.filters.gzip.GZipFilter.processFilter(GZipFilter.java:123)
at com.liferay.portal.kernel.servlet.BaseFilter.doFilter(BaseFilter.java:48)
at com.liferay.portal.kernel.servlet.filters.invoker.InvokerFilterChain.processDoFilter(InvokerFilterChain.java:203)
at com.liferay.portal.kernel.servlet.filters.invoker.InvokerFilterChain.doFilter(InvokerFilterChain.java:105)
at com.liferay.portal.kernel.servlet.BaseFilter.processFilter(BaseFilter.java:121)
at com.liferay.portal.servlet.filters.secure.SecureFilter.processFilter(SecureFilter.java:199)
at com.liferay.portal.kernel.servlet.BaseFilter.doFilter(BaseFilter.java:48)
at com.liferay.portal.kernel.servlet.filters.invoker.InvokerFilterChain.processDoFilter(InvokerFilterChain.java:203)
at com.liferay.portal.kernel.servlet.filters.invoker.InvokerFilterChain.doFilter(InvokerFilterChain.java:105)
at com.liferay.portal.kernel.servlet.filters.invoker.InvokerFilterChain.doFilter(InvokerFilterChain.java:113)
at com.liferay.portal.kernel.servlet.filters.invoker.InvokerFilterChain.doFilter(InvokerFilterChain.java:113)
at com.liferay.portal.kernel.servlet.BaseFilter.processFilter(BaseFilter.java:121)
at com.liferay.portal.servlet.filters.etag.ETagFilter.processFilter(ETagFilter.java:55)
at com.liferay.portal.kernel.servlet.BaseFilter.doFilter(BaseFilter.java:48)
at com.liferay.portal.kernel.servlet.filters.invoker.InvokerFilterChain.processDoFilter(InvokerFilterChain.java:203)
at com.liferay.portal.kernel.servlet.filters.invoker.InvokerFilterChain.doFilter(InvokerFilterChain.java:105)
at com.liferay.portal.kernel.servlet.BaseFilter.processFilter(BaseFilter.java:121)
at com.liferay.portal.servlet.filters.autologin.AutoLoginFilter.processFilter(AutoLoginFilter.java:240)
at com.liferay.portal.kernel.servlet.BaseFilter.doFilter(BaseFilter.java:48)
at com.liferay.portal.kernel.servlet.filters.invoker.InvokerFilterChain.processDoFilter(InvokerFilterChain.java:203)
at com.liferay.portal.kernel.servlet.filters.invoker.InvokerFilterChain.doFilter(InvokerFilterChain.java:105)
at com.liferay.portal.kernel.servlet.filters.invoker.InvokerFilter.doFilter(InvokerFilter.java:75)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
at org.apache.catalina.core.ApplicationDispatcher.invoke(ApplicationDispatcher.java:646)
at org.apache.catalina.core.ApplicationDispatcher.processRequest(ApplicationDispatcher.java:436)
at org.apache.catalina.core.ApplicationDispatcher.doForward(ApplicationDispatcher.java:374)
at org.apache.catalina.core.ApplicationDispatcher.forward(ApplicationDispatcher.java:302)
at com.liferay.portal.servlet.I18nServlet.service(I18nServlet.java:102)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:717)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:290)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
at com.liferay.portal.kernel.servlet.filters.invoker.InvokerFilterChain.doFilter(InvokerFilterChain.java:72)
at com.liferay.portal.kernel.servlet.BaseFilter.processFilter(BaseFilter.java:121)
at com.liferay.portal.servlet.filters.sso.ntlm.NtlmPostFilter.processFilter(NtlmPostFilter.java:83)
at com.liferay.portal.kernel.servlet.BaseFilter.doFilter(BaseFilter.java:48)
at com.liferay.portal.kernel.servlet.filters.invoker.InvokerFilterChain.processDoFilter(InvokerFilterChain.java:203)
at com.liferay.portal.kernel.servlet.filters.invoker.InvokerFilterChain.doFilter(InvokerFilterChain.java:105)
at com.liferay.portal.kernel.servlet.BaseFilter.processFilter(BaseFilter.java:121)
at com.liferay.portal.sharepoint.SharepointFilter.processFilter(SharepointFilter.java:80)
at com.liferay.portal.kernel.servlet.BaseFilter.doFilter(BaseFilter.java:48)
at com.liferay.portal.kernel.servlet.filters.invoker.InvokerFilterChain.processDoFilter(InvokerFilterChain.java:203)
at com.liferay.portal.kernel.servlet.filters.invoker.InvokerFilterChain.doFilter(InvokerFilterChain.java:105)
at com.liferay.portal.kernel.servlet.BaseFilter.processFilter(BaseFilter.java:121)
at com.liferay.portal.servlet.filters.virtualhost.VirtualHostFilter.processFilter(VirtualHostFilter.java:207)
at com.liferay.portal.kernel.servlet.BaseFilter.doFilter(BaseFilter.java:48)
at com.liferay.portal.kernel.servlet.filters.invoker.InvokerFilterChain.processDoFilter(InvokerFilterChain.java:203)
at com.liferay.portal.kernel.servlet.filters.invoker.InvokerFilterChain.doFilter(InvokerFilterChain.java:105)
at com.liferay.portal.kernel.servlet.filters.invoker.InvokerFilterChain.processDirectCallFilter(InvokerFilterChain.java:184)
at com.liferay.portal.kernel.servlet.filters.invoker.InvokerFilterChain.doFilter(InvokerFilterChain.java:92)
at org.tuckey.web.filters.urlrewrite.UrlRewriteFilter.doFilter(UrlRewriteFilter.java:738)
at com.liferay.portal.kernel.servlet.filters.invoker.InvokerFilterChain.processDoFilter(InvokerFilterChain.java:203)
at com.liferay.portal.kernel.servlet.filters.invoker.InvokerFilterChain.doFilter(InvokerFilterChain.java:105)
at com.liferay.portal.kernel.servlet.filters.invoker.InvokerFilterChain.processDirectCallFilter(InvokerFilterChain.java:164)
at com.liferay.portal.kernel.servlet.filters.invoker.InvokerFilterChain.doFilter(InvokerFilterChain.java:92)
at com.liferay.portal.kernel.servlet.filters.invoker.InvokerFilterChain.processDirectCallFilter(InvokerFilterChain.java:164)
at com.liferay.portal.kernel.servlet.filters.invoker.InvokerFilterChain.doFilter(InvokerFilterChain.java:92)
at com.liferay.portal.kernel.servlet.filters.invoker.InvokerFilter.doFilter(InvokerFilter.java:75)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:233)
at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:191)
at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:470)
at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:127)
at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102)
at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109)
at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:298)
at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:859)
at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:588)
at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:489)
at java.lang.Thread.run(Thread.java:662)
I've ran the portal in debug mode in Eclipse to see where the problem starts. In the SharedSessionWrapper, when ever getSessionDelegate returns the _portalSession I will get this error.
Sandeep Nair, modificado 12 Anos atrás.
RE: Liferay EE 6 SP2 - Upgrade and session.store.password
Liferay Legend Postagens: 1744 Data de Entrada: 06/11/08 Postagens Recentes
Ok do one thing . Add the following in portal-ext.properties and try again plz
session.enable.phishing.protection=false
Regards,
Sandeep
session.enable.phishing.protection=false
Regards,
Sandeep
Matthieu Levesque, modificado 12 Anos atrás.
RE: Liferay EE 6 SP2 - Upgrade and session.store.password
Junior Member Postagens: 64 Data de Entrada: 13/02/09 Postagens Recentes
session.enable.phishing.protection=false did the trick!
Thanks!
Thanks!
Rautureau Jérôme, modificado 9 Anos atrás.
RE: Liferay EE 6 SP2 - Upgrade and session.store.password
Junior Member Postagens: 52 Data de Entrada: 22/02/08 Postagens Recentes
Thanks....You save my day...!
divya goyal, modificado 7 Anos atrás.
RE: Liferay EE 6 SP2 - Upgrade and session.store.password
New Member Postagens: 7 Data de Entrada: 11/11/14 Postagens Recentes
Hi,
Sorry for referring to the very old post, but how will keeping the password will create a security hole.?
And Phishing.protection is not creating security hole? It will not let the jsession id get changed which will in turn is also a big security hole. Please help in the above query? As in the application we need the user credential for further action.
Regards
Divya
Sorry for referring to the very old post, but how will keeping the password will create a security hole.?
And Phishing.protection is not creating security hole? It will not let the jsession id get changed which will in turn is also a big security hole. Please help in the above query? As in the application we need the user credential for further action.
Regards
Divya