留言板
Block unsued structs actions
We are trying to block unauthenticated user to access struct-actions example like /serach/serach. Currently its allowing to access below url without authentication like this there are bunch of actions allowing . we want to restrict that for externally.
Are there any property or configuration will restrict the access ?
Ex:
https://<HOST_NAME>>/p_p_id=113&p_p_lifecycle=0&p_p_state=maximized&p_p_mode=view&_3_struts_action=%2Fsearch%2Fsearch
Are there any property or configuration will restrict the access ?
Ex:
https://<HOST_NAME>>/p_p_id=113&p_p_lifecycle=0&p_p_state=maximized&p_p_mode=view&_3_struts_action=%2Fsearch%2Fsearch
Hi
exist a property to skip authentication for public portal actions:
Moreover you can implement your own service pre action (take a look to hooking injecting a servlet.service.events.pre Action class) if you want to add custom logic to struts actions (portal and portlet struts actions).
Bye!
Denis.
[1] - https://dev.liferay.com/develop/tutorials/-/knowledge_base/6-2/performing-a-custom-action-using-a-hook
exist a property to skip authentication for public portal actions:
#
# Enter a list of comma delimited paths that do not require authentication.
#
auth.public.paths=\
/asset/get_categories,\
\
/blogs/find_entry,\
/blogs/rss,\
/blogs/trackback,\
\
/blogs_aggregator/rss,\
...
/search/open_search,\
/search/open_search_description.xml,\
...
Moreover you can implement your own service pre action (take a look to hooking injecting a servlet.service.events.pre Action class) if you want to add custom logic to struts actions (portal and portlet struts actions).
Bye!
Denis.
[1] - https://dev.liferay.com/develop/tutorials/-/knowledge_base/6-2/performing-a-custom-action-using-a-hook