[LPS-70467] Secure Filter should never be disabled - Liferay Issues

XML

Word

Printable

Details

Type: Bug
Status: Closed
Resolution: Fixed
Affects Version/s: Master
Fix Version/s: 7.0.0 DXP FP12, 7.0.0 DXP SP2, 7.0.3 CE GA4, 7.1.X, Master
Component/s: Application Security
Labels:
- liferay-digital-enterprise-70-sp2
- liferay-fixpack-de-12-7010

Branch Version/s:

7.0.x
Backported to Branch:

Committed
Fix Priority:
3
Git Pull Request:
https://github.com/brianchandotcom/liferay-portal/pull/46911

Description

According to following comment, SecureFilter must not be disabled due to security reasons, see: https://issues.liferay.com/browse/LPS-60491?focusedCommentId=699220&page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel#comment-699220

Steps to Reproduce:

Use com.liferay.portal.servlet.filters.secure.SecureFilter=false on portal-ext.properties
Start Liferay Portal
Log in

Expected results:
Login should be successful.

Current results:
Caused by: com.liferay.portal.kernel.security.auth.PrincipalException: Principal is null appears.

Attachments

Options
- Sort By Name
- Sort By Date
- Ascending
- Descending
- Thumbnails
- List
- Download All

Attachments

fixed.png
259 kB
27/Feb/17 6:25 PM

Issue Links

causes

LPS-78406 LPS-70467 regression causes sharepointfilter unable to pick up portal property

Closed

relates

LPS-60491 Disabling SecureFilter leaves PrincipalThreadLocal with a null _name, impeding the execution of various use cases.

Closed

Activity

People

Assignee:

Hong Zhao

Reporter:

Mariano Álvaro

Participants of an Issue:

Hong Zhao, Mariano Álvaro

Recent user:

Csaba Turcsan

Votes:

0 Vote for this issue

Watchers:

1 Start watching this issue

Dates

Created:

06/Feb/17 1:19 AM

Updated:

09/May/19 2:21 PM

Resolved:

17/Feb/17 9:18 PM

Days since last comment:

2 years, 41 weeks, 1 day ago

Packages

Version	Package
7.0.0 DXP FP12
7.0.0 DXP SP2
7.0.3 CE GA4
7.1.X
Master