Fórum

  1. Início
  2. Portal
  3. User able to access private pages by hiting URL directly

User able to access private pages by hiting URL directly

thumbnail
Abhishek Saxena, modificado 14 Anos atrás.

User able to access private pages by hiting URL directly

Regular Member Postagens: 130 Data de Entrada: 17/06/09 Postagens Recentes
Hi All ,

I have two communities which have all pages as private , custom portlets are available on these pages.

Roles have been created under regular roles which are assigned to user dynamically through custom code.
There are 3 levels of permission in which super user has complete access
intermediate user has been restricted to some pages and view_only user can only see few pages with CMS content . Few pages have content download repository access portlet on them which should not be seen by view only user.

I have checked the roles by logging they are correctly assigned to the users . View only user is not able to view pages in his navigation.

Problem statement : The view only user is able to access the private pages by typing the URL to prohibited page e.g. http://mydomain.mysite/mycommunity/do_not_access

Please provide some pointers why users are able to access these pages and how can i restrict them to access page by typing in the URL
thumbnail
Sandeep Nair, modificado 14 Anos atrás.

RE: User able to access private pages by hiting URL directly

Liferay Legend Postagens: 1744 Data de Entrada: 06/11/08 Postagens Recentes
Hi Abhishek,

I am not sure if this would help. As an admin go to manage pages. Click on the page which is in question. Click permission button at bottom. You will see guest tab and community tab. Make sure "View" is not allowed to both.

Let me know if it works.

Regards,
Sandeep
thumbnail
Abhishek Saxena, modificado 14 Anos atrás.

RE: User able to access private pages by hiting URL directly

Regular Member Postagens: 130 Data de Entrada: 17/06/09 Postagens Recentes
Guest permissions are not enabled ,on regular navigation view user is not able to see the pages but direct access by typing URL is possible.
See attached screen shot
thumbnail
Sandeep Nair, modificado 14 Anos atrás.

RE: User able to access private pages by hiting URL directly

Liferay Legend Postagens: 1744 Data de Entrada: 06/11/08 Postagens Recentes
Hi mate,

I am not sure why then coz it has to throw principalexception from portalrequestprocessor which is handled in /portal/error.jsp which shows the message you-do-not-have-the-roles-required-to-access-this-page. You can check PortalRequestProcessor in debug mode, it has tothrow exception here

if(!PortletPermissionUtil.contains(permissionChecker,layout.getPlid(),portlet,ActionKeys.VIEW)) {

	throw new PrincipalException()
}


In your case it is not, so it is getting permission to view that layout/page somewhere.

Regards,
Sandeep
thumbnail
Amos Fong, modificado 14 Anos atrás.

RE: User able to access private pages by hiting URL directly

Liferay Legend Postagens: 2047 Data de Entrada: 07/10/08 Postagens Recentes
Are users members of the community?
thumbnail
Abhishek Saxena, modificado 14 Anos atrás.

RE: User able to access private pages by hiting URL directly

Regular Member Postagens: 130 Data de Entrada: 17/06/09 Postagens Recentes
yes users are members of the community and only Community Member role is provided.
thumbnail
Charles Okonkwo, modificado 7 Anos atrás.

RE: User able to access private pages by hiting URL directly

New Member Postagens: 2 Data de Entrada: 18/08/16 Postagens Recentes
Did anyone find solution to this problem, I am currently having the same issue in liferay 6.2

Please, I would appreciate any help.
thumbnail
Charles Okonkwo, modificado 7 Anos atrás.

RE: User able to access private pages by hiting URL directly

New Member Postagens: 2 Data de Entrada: 18/08/16 Postagens Recentes
I couldn't find a solution to this.
Eventually, I had to implement my own security to redirect users.
If anyone has a solution to this, or ever comes up with one, please I would appreciate if you share it.

Thanks.