Join the social network of Tech Nerds, increase skill rank, get work, manage projects...
  • Authentication token in liferay

    • 0
    • 1
    • 0
    • 0
    • 0
    • 0
    • 0
    • 0
    • 4.16k
    Comment on it

    Liferay design a mechanism to more secure the web URLs using the authentication token.
    Authentication tokens type:
    Their are two types of Authentication tokens in the liferay. one is p_auth "Portal Authentication token" and p_p_auth "Portlet Authentication token".



    Lets see in detail with eample:
    p_auth is a portal authentication token for preventing Cross Site Request Forgery attacks in the website. It's known as Portal Authentication token in the liferay.


    p_p_auth portlet authentication token for add-default-resource protection.


    Portal Authentication token

    Portal Authentication token implemented to prevent Cross Site Request forgery.

    To prevent attack of CSRF, we need to generate Synchronizer Token Pattern and we need to associate this token with all actions.

    We add this token with each URL and before execute any action or link action ,the server check the token ,if the token is valid then it will be execute the action.
    The token check can be enabled/disabled with the below property:

     "auth.token.check.enabled" in portal properties.

    Every portlet can be whitelist to specify "check-auth-token" init parameter in portlet.xml as bellow:


    Portlet Authentication token
    Authentication token is designed to prevent, that users can access to any portlet in any page because add-default-resource portlet is default true. "p_p_auth" parameter included with the URL.

    The token check can be enabled or disabled by below property :

    "portlet.add.default.resource.check.enabled" in 
     <add-default-resource>true</add-default-resource> in the liferay-portlet.xml.

 0 Comment(s)

Sign In

Sign up using

Forgot Password
Fill out the form below and instructions to reset your password will be emailed to you:
Reset Password
Fill out the form below and reset your password: