Liferay AUI createUrl() - Reject process action

Question

I am currently trying to automatically generate actionUrls in a datatable using aui.

I am already generating the links using a formater, however, as soon as I try to exectute the action using one of the links it is rejected and the action is not executed. I am assuming this is part of the cross site scripting protection measures.

[http-bio-8080-exec-2][SecurityPortletContainerWrapper:630] Reject process action for /c/portal/layout on functiontest_WAR_functionTestportlet

I am generating the links like this:

<aui:script>
AUI().use( 
          'aui-datatable',
          'datatable-sort',
          'datatable-paginator',
          'aui-datatable-highlight',
          'liferay-portlet-url',
          function(A) {
            var columns =[{
                label : 'ID',
                key : 'testVar',
                allowHTML : true,
                sortable : true,
                formatter : function(o) {

                    var url = Liferay.PortletURL.createActionURL();
                    url.setWindowState("<%= LiferayWindowState.NORMAL.toString()%>");
                    url.setPortletMode("<%= LiferayPortletMode.VIEW %>");
                    url.setPortletId("<%= themeDisplay.getPortletDisplay().getId() %>");
                    url.setPlid("<%= plid %>");
                    url.setParameter("javax.portlet.action","actionTest");
                    url.setParameter("testVar",o.data.testVar);

                    return '<a href="'+ url +'">' + o.data.TestVar + '</a>';
                }
            }];
         var table = new A.DataTable(
                {
                    ...
                }
            ).render('#DataTable');
        .....
</aui:script>

Does anyone know how I can allow the execution of the freshly generated URLs without disabling security?

Kind regards John Smith

score 0 · Accepted Answer · answered Feb 22 '17 at 21:06

0

That happens when auth token does not exist in your action url. You could add auth parameter or you have 3 options to skip that case:

Editing portal-ext.properties:

auth.token.ignore.actions=....

Adding init-param to portlet.xml:

<init-param>
    <name>check-auth-token</name>
    <value>false</value>
</init-param>

Editing portal-ext.properties (NOT RECOMMENDED)

auth.token.check.enabled=true

answered Feb 22 '17 at 21:06

Joan Bonilla

89
3

This is working great for me thank you. However, how would I go about can retrieving the auth token if I wanted to add it to the parameter though? – John Smith Feb 24 '17 at 07:56
Liferay add this parameter by default as it says here: https://web.liferay.com/es/community/wiki/-/wiki/Main/Authentication+Token If you have new custom actions or portlets, check if you must add it to the whitelist with the next properties: "portlet.add.default.resource.check.whitelist" "portlet.add.default.resource.check.whitelist.actions" – Joan Bonilla Feb 24 '17 at 09:04

Liferay AUI createUrl() - Reject process action

1 Answers1