Block unsued structs actions

留言板

Aleksandr Kaushanskiy，修改在6 年前。

Block unsued structs actions

New Member 帖子: 6 加入日期: 16-1-12 最近的帖子

We are trying to block unauthenticated user to access struct-actions example like /serach/serach. Currently its allowing to access below url without authentication like this there are bunch of actions allowing . we want to restrict that for externally.

Are there any property or configuration will restrict the access ?

Ex:

https://<HOST_NAME>>/p_p_id=113&p_p_lifecycle=0&p_p_state=maximized&p_p_mode=view&_3_struts_action=%2Fsearch%2Fsearch

Denis Signoretto，修改在6 年前。

RE: Block unsued structs actions

Expert 帖子: 375 加入日期: 09-4-21 最近的帖子

Hi

exist a property to skip authentication for public portal actions:


    #
    # Enter a list of comma delimited paths that do not require authentication.
    #
    auth.public.paths=\
        /asset/get_categories,\
        \
        /blogs/find_entry,\
        /blogs/rss,\
        /blogs/trackback,\
        \
        /blogs_aggregator/rss,\
        ...
        /search/open_search,\
        /search/open_search_description.xml,\
        ...

Moreover you can implement your own service pre action (take a look to hooking injecting a servlet.service.events.pre Action class) if you want to add custom logic to struts actions (portal and portlet struts actions).

Bye!
Denis.

[1] - https://dev.liferay.com/develop/tutorials/-/knowledge_base/6-2/performing-a-custom-action-using-a-hook