According to following comment, SecureFilter must not be disabled due to security reasons, see: https://issues.liferay.com/browse/LPS-60491?focusedCommentId=699220&page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel#comment-699220
So original problem was closed as "Won't fix".
After some internal discussions in this LPS some information at portal.properties file was added:
Steps to reproduce
- Go to tomcat-8.0.32\webapps\ROOT\WEB-INF\lib
- Unzip portal-impl.jar file
- Open internal portal.properties
- Go to com.liferay.portal.servlet.filters.secure.SecureFilter lines:
Using com.liferay.portal.servlet.filters.secure.SecureFilter=false makes executing several use cases impossible when user is logged in.
Steps to reproduce (Original problem, closed as won't fix)
- Use com.liferay.portal.servlet.filters.secure.SecureFilter=false on portal-ext.properties
- Start Liferay Portal
- Log in
- Try to add a page to the public pages
A new public page is added to the site
An error message is shown "You do not have the required permissions".