Uploaded image for project: 'PUBLIC - Liferay Portal Community Edition'
  1. PUBLIC - Liferay Portal Community Edition
  2. LPS-143355

403 Forbidden error when accessing /o/api from non-ROOT context



      In 7.3, if you attempt to access the "/o/api" URL, you will always encounter a 403 Forbidden error, even if you are signed in as a user who should have access to it.

      This is a regression caused by the unique 7.3 changes made by LPS-129496. In those changes, we modified the logic used when trying to locate the AuthVerifierConfiguration objects for the input URL. The changes caused us to strip the context from the input URL, but not from the contextPath, which led to a mismatch when trying to locate the AuthVerifierConfiguration objects.

      Note that there is a separate issue with the "/o/api" URL that occurs when using a non-ROOT context. That issue is described in LPS-142229, whose 7.3.x backport is already underway. This fix does not aim to resolve that issue, only the 403 Forbidden error.

      Steps to Reproduce
      1. Rename ROOT to portal under TOMCAT_HOME/webapps
      2. Rename ROOT.xml to portal.xml under TOMCAT_HOME/conf/Catalina/localhost
      3. Delete temp and work folders under TOMCAT_HOME
      4. Start up the portal and log in as the admin user at http://localhost:8080/portal/
      5. Navigate to http://localhost:8080/portal/o/api
      Expected Result: The page would load successfully, with the Liferay Explorer API visible in the top-right corner. (Note that, due to LPS-129496, you will see the text No API definition provided. This is fine for this ticket. As long as you can see the Liferay Explorer API in the UI, this ticket should be considered as solved.)
      Actual Result: The page fails to load, and instead shows a ForbiddenEntity error.


        Issue Links



              melody.wu Melody Wu
              michael.bowerman Michael Bowerman
              Marta Elicegui Marta Elicegui
              Michael Bowerman Michael Bowerman
              0 Vote for this issue
              2 Start watching this issue


                1 year, 20 weeks ago


                  Version Package
         DXP SP3