ZZZ: PUBLIC - Old Liferay Portal (Use Liferay Portal Standard Edition)

Create a servlet filter which will enable external servlets (those not in the portal war) to be authorized by the portal.

Details

  • Type: New Feature New Feature
  • Status: Closed Closed
  • Priority: Major Major
  • Resolution: Fixed
  • Affects Version/s: None
  • Fix Version/s: 4.4.0
  • Component/s: None
  • Labels:
    None
  • Similar Issues:
    Show 5 results 

Description

This means that calls like req.getRemoteUser() will succeed.

Activity

Ascending order - Click to sort in descending order
Hide
Permalink
Raymond Auge added a comment -

The side effect of this solution seems to be that we get the same session for servlets in the portlet war as the portlet, which is very cool, but I'm not sure if this side effect will be the same on other app servers/containers (I've only tested tomcat55).

Anyone having details on this please pipe in.

Show
Raymond Auge added a comment - The side effect of this solution seems to be that we get the same session for servlets in the portlet war as the portlet, which is very cool, but I'm not sure if this side effect will be the same on other app servers/containers (I've only tested tomcat55). Anyone having details on this please pipe in.
Hide
Permalink
Raymond Auge added a comment -

here is an example with the sample-struts-liferay-portlet.

in the web.xml add the following:

<filter>
<filter-name>Auto Login Filter</filter-name>
<filter-class>com.liferay.portal.kernel.servlet.PortalClassLoaderFilter</filter-class>
<init-param>
<param-name>filter-class</param-name>
<param-value>com.liferay.portal.servlet.filters.autologin.AutoLoginFilter</param-value>
</init-param>
</filter>
<filter>
<filter-name>Servlet Authorizing Filter</filter-name>
<filter-class>com.liferay.portal.kernel.servlet.PortalClassLoaderFilter</filter-class>
<init-param>
<param-name>filter-class</param-name>
<param-value>com.liferay.portal.servlet.filters.external.ServletAuthorizingFilter</param-value>
</init-param>
</filter>
<filter-mapping>
<filter-name>Auto Login Filter</filter-name>
<url-pattern>/test_session/*</url-pattern>
</filter-mapping>
<filter-mapping>
<filter-name>Servlet Authorizing Filter</filter-name>
<url-pattern>/test_session/*</url-pattern>
</filter-mapping>

The result is that the session becomes shared between the portlet and the servlet. As well the req.getRemoteUser() and calls requiring access to the user principle succeed where before they would not.

Show
Raymond Auge added a comment - here is an example with the sample-struts-liferay-portlet. in the web.xml add the following: <filter> <filter-name>Auto Login Filter</filter-name> <filter-class>com.liferay.portal.kernel.servlet.PortalClassLoaderFilter</filter-class> <init-param> <param-name>filter-class</param-name> <param-value>com.liferay.portal.servlet.filters.autologin.AutoLoginFilter</param-value> </init-param> </filter> <filter> <filter-name>Servlet Authorizing Filter</filter-name> <filter-class>com.liferay.portal.kernel.servlet.PortalClassLoaderFilter</filter-class> <init-param> <param-name>filter-class</param-name> <param-value>com.liferay.portal.servlet.filters.external.ServletAuthorizingFilter</param-value> </init-param> </filter> <filter-mapping> <filter-name>Auto Login Filter</filter-name> <url-pattern>/test_session/*</url-pattern> </filter-mapping> <filter-mapping> <filter-name>Servlet Authorizing Filter</filter-name> <url-pattern>/test_session/*</url-pattern> </filter-mapping> The result is that the session becomes shared between the portlet and the servlet. As well the req.getRemoteUser() and calls requiring access to the user principle succeed where before they would not.
Hide
Permalink
Brian Chan added a comment -

Nice filter Ray. Changed package to match name. Looks good!

Show
Brian Chan added a comment - Nice filter Ray. Changed package to match name. Looks good!
Hide
Permalink
Brian Chan added a comment -

Use "com.liferay.portal.servlet.filters.servletauthorizing.ServletAuthorizingFilter" instead.

Show
Brian Chan added a comment - Use "com.liferay.portal.servlet.filters.servletauthorizing.ServletAuthorizingFilter" instead.
Hide
Permalink
Raymond Auge added a comment -

Logic needs hardening.

Show
Raymond Auge added a comment - Logic needs hardening.
Hide
Permalink
Raymond Auge added a comment -

This statement is wrong: "The result is that the session becomes shared between the portlet and the servlet."

The servlet spec specifies that sharing the session between two web applications is not supposed to occur. So, we need to look into how to get hotdeployed portlets to have a session from the WAR rather than from the portal, as it should be, so that the portion of the portlet spec regarding common session between servlet and portlets in the same webapp can be upheld.

Show
Raymond Auge added a comment - This statement is wrong: "The result is that the session becomes shared between the portlet and the servlet." The servlet spec specifies that sharing the session between two web applications is not supposed to occur. So, we need to look into how to get hotdeployed portlets to have a session from the WAR rather than from the portal, as it should be, so that the portion of the portlet spec regarding common session between servlet and portlets in the same webapp can be upheld.
Hide
Permalink
Raymond Auge added a comment -

Reverted... that last RememberMeAutoLogin fix isn't required.

Show
Raymond Auge added a comment - Reverted... that last RememberMeAutoLogin fix isn't required.
Hide
Permalink
marco ferretti added a comment -

I have been trying to use this filter in 5.3.2 but it looks like it is not fired ?!? Is there any documentation/examples on how to use liferay filters ?

Show
marco ferretti added a comment - I have been trying to use this filter in 5.3.2 but it looks like it is not fired ?!? Is there any documentation/examples on how to use liferay filters ?

People

  • Assignee:
    Raymond Auge
    Reporter:
    Raymond Auge
Vote (0)
Watch (1)

Dates

  • Created:
    Updated:
    Resolved: