[LPS-70467] Secure Filter should never be disabled - Liferay Issues

XML

Word

Printable

Details

Type: Bug
Status: Closed
Resolution: Fixed
Affects Version/s: Master
Fix Version/s: 7.0.0 DXP FP12, 7.0.0 DXP SP2, 7.0.3 CE GA4, 7.1.X, Master
Component/s: Application Security
Labels:

Branch Version/s:

7.0.x
Backported to Branch:

Committed
Fix Priority:
3
Git Pull Request:
https://github.com/brianchandotcom/liferay-portal/pull/46911

Description

According to following comment, SecureFilter must not be disabled due to security reasons, see: https://issues.liferay.com/browse/LPS-60491?focusedCommentId=699220&page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel#comment-699220

Steps to Reproduce:

Use com.liferay.portal.servlet.filters.secure.SecureFilter=false on portal-ext.properties
Start Liferay Portal
Log in

Expected results:
Login should be successful.

Current results:
Caused by: com.liferay.portal.kernel.security.auth.PrincipalException: Principal is null appears.

Attachments

Options
- Sort By Name
- Sort By Date
- Ascending
- Descending
- Thumbnails
- List
- Download All

Attachments

fixed.png
259 kB
27/Feb/17 6:25 PM

Issue Links

causes

LPS-78406 LPS-70467 regression causes sharepointfilter unable to pick up portal property

Closed

relates

LPS-60491 Disabling SecureFilter leaves PrincipalThreadLocal with a null _name, impeding the execution of various use cases.

Closed

Activity

People

Assignee:: Hong Zhao (Inactive)

Reporter:: Mariano Álvaro

Participants of an Issue:: Hong Zhao, Mariano Álvaro

Recent user:: Brian Wulbern

Votes:: 0 Vote for this issue

Watchers:: 1 Start watching this issue

Dates

Created:: 06/Feb/17 1:19 AM

Updated:: 03/Sep/20 7:54 AM

Resolved:: 17/Feb/17 9:18 PM

Days since last comment:: 4 years, 16 weeks, 2 days ago

Packages

Version	Package
7.0.0 DXP FP12
7.0.0 DXP SP2
7.0.3 CE GA4
7.1.X
Master