-
Type:
Bug
-
Status: Closed
-
Resolution: Fixed
-
Affects Version/s: 7.1.X, 7.2.X, Master
-
Fix Version/s: 7.1.10 DXP FP15, 7.1.X, 7.2.10 DXP FP2, 7.2.10.1 DXP SP1, 7.2.1 CE GA2, 7.2.X, 7.3.10 DXP GA1, Master
-
Component/s: Application Security > JASS
-
Branch Version/s:7.2.x, 7.1.x
-
Backported to Branch:Committed
-
Fix Priority:3
-
Sprint:AS | Iteration 22
-
Git Pull Request:
Reproduction steps:
- Deploy a clean Liferay tomcat bundle
- Log in with an admin user
- Create 2 public pages under the default site
- Login (widget page) with url "/login" and place "Sign In" portlet on that page
- Protected (widget page) with url "/protected" and remove guest view permission from that page
- Log out and make sure that page 'Protected' is not visible in navigation
- Log in and make sure default admin works fine
- Shutdown server and configure JAAS
- Place attached "jaas.config" file in "tomcat/conf/" folder
- Configure the java login configuration by adding the following property to
CATALINA_OPTS in "setenv. bat" (or .sh): -Djava.security.auth.login.config=%CATALINA_HOME%\conf\jaas.config - Configure portal realm in tomcat by adding the following section to Catalina engine in "tomcat/conf/server.xml"
<Realm className="org.apache.catalina.realm.JAASRealm"
appName="PortalRealm"
userClassNames="com.liferay.portal.kernel.security.jaas.PortalPrincipal"
roleClassNames="com.liferay.portal.kernel.security.jaas.PortalRole"
useContextClassLoader="false"
debug="99"
/> - Activate JAAS in DXP by adding the following lines to portal-ext.properties:
company.security.auth.type=screenName
portal.jaas.enable=true
portal.jaas.auth.type=screenName - disable session persistence in tomcat by uncommenting the following line in "tomcat/conf/context.xml": <Manager pathname="" />
- Start the server and go to page /login, make sure that login works and Protected page shows up in navigation
- Log out and try to access /protected
- You will be redirected to login page
- Enter your admin credentials
Expected result: You get logged in
Actual result: The screen name cannot be blank
No additional log entries or errors or stacktraces show up.
Reproduced on
7.1.x f0d804e60855bace0e5f5de88206c5e3a6863b6d
master 78f925bad9573365220dc902795cd9ba6d72514c
- is duplicated by
-
LPS-95927 JAAS login with redirect not working
- Closed