Capability

Security

検索バー

Liferay DXP is built with security in mind. A variety of standards based authentication methods and integrations can be used to ensure secure access to a site and its resources. Robust role-based access control with permissions gives you fine grained control over what authenticated and unauthenticated users can access, share, or edit. Liferay DXP’s web services also have a multi-layered and configurable approach to security and authorization.

Feature
Deployment Approach
Soy Portlet uncaught type errors
legacy
, knowledgeArticleType: troubleshooting, legacy: true, name: Soy Portlet uncaught type errors, showDisclaimerMessage: true, sourceTeam: Support, ticketNumber: 29014, title: Soy ポートレットでタイプ エラーがキャッチされない
To be able to access Liferay PaaS portal Database through DB client
legacy
, knowledgeArticleType: howTo, legacy: true, name: To be able to access Liferay PaaS portal Database through DB client, showDisclaimerMessage: true, sourceTeam: Support, ticketNumber: 23085, title: DB...
How do I replicate the Classic theme's Search box in a custom theme?
legacy
, knowledgeArticleType: troubleshooting, legacy: true, name: How do I replicate the Classic theme's Search box in a custom theme?, showDisclaimerMessage: true, sourceTeam: Support, ticketNumber: 35928, title: ...
How do I upgrade a 7.x Maven theme to be a Maven theme for a next 7.x version?
legacy
, knowledgeArticleType: howTo, legacy: true, name: How do I upgrade a 7.x Maven theme to be a Maven theme for a next 7.x version?, showDisclaimerMessage: true, sourceTeam: Support, ticketNumber: 18829, title:...
A comma gets appended in SEO's Meta keyword
legacy
, knowledgeArticleType: troubleshooting, legacy: true, name: A comma gets appended in SEO's Meta keyword, showDisclaimerMessage: true, sourceTeam: Support, ticketNumber: 17694, title: SEOのMetaキーワードにカンマが付加される
Unable to create users having screen name same as that of groupId (Site Id)
legacy
, knowledgeArticleType: troubleshooting, legacy: true, name: Unable to create users having screen name same as that of groupId (Site Id), showDisclaimerMessage: true, sourceTeam: Support, ticketNumber: ,...
Keeping toast success/error messages visible until user acknowledgement
legacy
, knowledgeArticleType: troubleshooting, legacy: true, name: Keeping toast success/error messages visible until user acknowledgement, showDisclaimerMessage: true, sourceTeam: Support, ticketNumber: 11025, title:...
Custom portlet with ICEfaces integration stops working in DXP Fix Pack de-33
legacy
, knowledgeArticleType: troubleshooting, legacy: true, name: Custom portlet with ICEfaces integration stops working in DXP Fix Pack de-33, showDisclaimerMessage: true, sourceTeam: Support, ticketNumber: 2768, title:...
KCS Article Quick Reference Guide
legacy
, knowledgeArticleType: howTo, legacy: true, name: KCS Article Quick Reference Guide, showDisclaimerMessage: true, sourceTeam: Support, ticketNumber: , title: KCS記事クイックリファレンスガイド
Integrate Okta with Liferay DXP using OpenID Connect
How To
Introduction This recipe guides you through the steps to integrate Okta, your Identity Provider (IdP), with your Liferay environment using OpenID Connect. Prerequisites Okta Dev account Liferay DXP environment Administrative...
Designing and Displaying Reusable Navigation Menus
How To
Introduction This recipe guides you through the basic steps to build a multi-step form. Prerequisites Liferay DXP environment An object definition with fields A user who has access and control to create and manage objects,...
Data Sets are not working after upgrading to 2025.q1.4-lts where the feature is released
Troubleshooting
Issue I upgraded from 2024.q4.7 to 2025.q1.4-lts. After the upgrade, we encountered issues with Data Sets. In 2024.q4.7 I was using datasets as beta but as in 2025.q1.4 its released. I have enabled Root Objects and...
Delete commerce orders from the database
legacy Troubleshooting
Issue There is an inconsistency in commerce orders between the Portal and Database. That means there are more number of orders than the number of orders in the Portal. Is there any script that can delete all...
Liferay IDE: Resolving 'Unable to make field private' errors with JDK 21
Troubleshooting
Issue I'm encountering java.lang.reflect.InaccessibleObjectException: Unable to make field private ... accessible errors when starting Liferay from the Liferay IDE plugin within the Eclipse IDE with JDK 21....
Block access of com_liferay_login_web_portlet_LoginPortlet
legacy Troubleshooting
Issue There is a security vulnerability found wherein someone can create a page after being able to login through com_liferay_login_web_portlet_LoginPortlet. Therefore, how to block access of...
Unauthorized modification in Open Order Status
legacy Troubleshooting
Issue The user who doesn't have the permission of 'Manage Order' is still able to update the order from an "Open" status to a "Quote Requested" status. Steps to reproduce: 1. Create a 'Minium' site. 2. Navigate to...
The package.json and config.js files are accessible via URLs
legacy
Issue Observed potential security vulnerabilities where the package.json and config.js files expose sensitive information like file paths, testing configurations, dependencies with versions, build scripts,...
CKEditor Customizations Not Applying to Translations or Forms
Troubleshooting
Issue Customizations made to CKEditor using an `EditorConfigContributor` are only applying to the editor when editing Web Content, but not in the editor for translations (accessed through Control Panel...
How to decouple User and Email notifications?
legacy
Issue The user wishes to decouple User and Email notifications. Environment Liferay Quarterly Release  Resolution The email and user notifications are tied together in the system. There is no option to...
"Tablet Landscape" display device is not available in Page Edit Mode
legacy
Issue While page editing, only four viewports are visible: Desktop () Tablet () (Portrait) Landscape phone () Portrait Phone () But, the "Tablet Landscape" viewport is missing/not available. Environment Liferay DXP...
Freemarker templates escape HTML content in Text fields after migrating from Liferay DXP 7.3 to 2025.Q1
Troubleshooting
Issue After migrating from Liferay DXP 7.3 to 2025.Q1, HTML content within web content "Text" fields is no longer interpreted by Freemarker templates using ${field.getData()}. It is displayed as...
How to Configure PaaS to Push Metrics to Dynatrace Account
How To
Issue What is the correct way to configure our new PaaS environment to push metrics to a Dynatrace account? Environment DXP 7.4 Resolution Set the following environment variables in LCP.json ...
Finding your Liferay Cloud location via egress IP address
How To
Issue The ingress IP address of our Liferay Cloud instance shows a different location than expected.   Environment Liferay PaaS   Resolution The ingress IP address does not reflect the actual location of the specific...
Full Day Event Overlaps Two Days in Calendar Month View
legacy How To
Issue When creating an all-day event that spans from 12:00 AM on one day to 12:00 AM on the next day, the event appears on both days in the calendar month view. Expected behavior is for the event to only be visible on...
The "Menu Display" text appears in the Navigation Menu widget
Troubleshooting
Issue After a failed login attempt, the navigation menu's display text appears above the menu itself. Steps to reproduce: Create a site. Create a login page and deploy the sign-in widget. Create a navigation...
Content lost when changing language during creation
Troubleshooting
Issue When creating content, such as a calendar event or filling a form, changing the language during the process can cause the loss of all entered information. This can happen if another browser window or tab is open...
Translatable fields display empty after deleting field translation instead default translation
Troubleshooting
Issue When adding content to a translatable field in a structure and subsequently deleting the content in a secondary language, the field displays as empty in that specific language instead of falling...
How to deploy a custom JAR to the shielded-container-lib directory in my PaaS Environment
How To
Issue I would like to know how to deploy a custom JAR to the shielded-container-lib directory of Tomcat in my PaaS environment. Environment Liferay PaaS Resolution Follow these steps: In your Liferay Workspace,...
Liferay and CVE-2025-24813
legacy
Issue Does Liferay DXP have the vulnerability CVE-2025-24813? Environment Liferay DXP Quarterly Releases 2025.Q1 Resolution Liferay bundles and docker images are not affected due to the attribute...
Can Layouts Be Dynamically Assigned to Object Entries Based on Experience (e.g., User Role)?
Issue I’ve created an Object named TestObject and added two layouts: Test Layout 1 and Test Layout 2 in the Site Builder → Pages section. Behavior observed: If no layout is marked as default, the system uses the...
Discrepancy in Batch Behavior: headless-commerce-admin-account vs. headless-admin-user
legacy How To
Issue We’ve encountered a discrepancy in how batch operations work for Accounts between the headless-commerce-admin-account API (now deprecated) and the newer headless-admin-user API. Previous Behavior...
Changes to Content Page Template Not Propagated to Pages
Issue After creating a Content Page Template and then creating pages based on that template, any subsequent changes and publishing of the template do not reflect on the pages using the template.   Environment...
User did not provide a valid CSRF token Error
Troubleshooting
Issue Portlet Action requests intermittently returning a 403 error code. In the logs the following error message regarding invalid CSRF token gets printed whenever the 403 error is thrown. "User [user_id] did not provide...
Automatic Fragment Propagation and Liferay startup time
legacy Troubleshooting
Note: please note that Liferay has renamed its Liferay Experience Could offerings to Liferay SaaS (formerly LXC) and Liferay PaaS (formerly LXC-SM). Issue Customers with a large number of Content Pages extensively...
How to run the Liferay PaaS webserver service locally to test configuration changes
legacy How To
Note: please note that Liferay has renamed its Liferay Experience Could offerings to Liferay SaaS (formerly LXC) and Liferay PaaS (formerly LXC-SM). NOTE: Liferay Support does not recommend or endorse specific...
Uncaught TypeError: Liferay.Notification is not a constructor
Troubleshooting
Issue Adding the below script to any page through any Web content display can reproduce the issue in vanilla. <a href="#" onClick="showWltNotification('Your Request failed to process', 'danger');"> Link here </a>...
"Could not resolve value from secret references" error deploying build in PaaS
Troubleshooting
Issue When deploying a build in my Liferay Cloud PaaS environment, the build process fails and returns the following error message: Some error has happened during the build. Try again. [{"message":"Could not...
Client Extension Build Fails Due to Unresolved Dependency
legacy Troubleshooting
Issue When building a Client Extension of type jsImportMapsEntry, the build fails if the Client Extension depends on another Client Extension, because the build cannot resolve the dependency. Environment Liferay DXP...
How can I disable the Commerce Wish List creation
How To
Issue I have an issue with the commerce wish list table in the database. The table has lots of entries and it is growing more, even though we do not use the wish list feature. I would like to remove these entries and...
Monotype Font Licensing
Issue Usage of Monotype fonts require a license If a user does not have the Monotype font license, is it necessary to remove references to Monotype font throughout the portal?   Environment Liferay DXP 7.4   Resolution...
Limit the languages displayed in the translation selector for object fields
Issue We want to limit the languages displayed in the translation selector for object fields to only those defined in the site, similar to how it works for Journal Articles. Currently, the selector shows all...
Filtering Products by Category via API
legacy Troubleshooting
Issue I need to display related products on a product details page, filtered by a specific category. Attempts to filter products by category using an Information Template and API calls with...
Implementing strict rules for virtual hosts and friendly URLs
legacy Troubleshooting
Issue Having the different URLs for the same content could potentially impact SEO by affecting how pages are indexed. Even when a virtual host is defined for a site, it is possible to access that site...
Email Address Validation for Forgot Password
Issue The Forgot Password option does not validate if the user enters a correct email address. You can enter anything and the field will accept it. Two types of validation are expected: Email format validation (to...
Sorting Structures by Name in Liferay DXP
Troubleshooting How To
Issue The order of Structures when creating Web Content seems to be random. The structures are not sorted alphabetically or by modification date. Environment Liferay DXP 2024.Q2 Resolution Web Content Display widget...
"Inconsistent patch level detected" error occured in the logs
Troubleshooting
Issue The following error occurs in the logs due to an inconsistency in patch levels: Example 1: ERROR [server.startup : 2][PatcherImpl:204] Inconsistent patch level detected WARN [server.startup :...
Migration Guidelines from Cloud Stack Version 4.x to 5.x
legacy How To
Introduction With the End of Functionality for Cloud Service Stack Version 4 on January 14, 2025, existing builds using Version 4 images will fail moving forward. As Liferay Cloud Version 5 introduces new features and...
Sending Individual Emails for Workflow Notifications
How To
Background In a workflow, email notifications are sent to all users in a role as a single email with all recipients in the "To:" field. Objective The goal is to send individual emails to each of the...
ClayDatePicker making everything inaccessible
legacy Troubleshooting
Issue We've discovered that the page becomes unresponsive when using the ClayDatePicker in a react element.  Steps to reproduce: Click on Date Picker Field  Click on year dropdown within the Date Picker Without...
Hotfix created for 2025.Q1.X won't install
legacy Troubleshooting
Issue A hotfix created for 2025.Q1.X won't install even though it is being installed on the required version. The following information appears in the patching-tool info file. Product information: * DXP version:...
Structures showing as 'Not Translated' after upgrading to 7.4+
legacy Troubleshooting
Issue After upgrading from Liferay DXP 7.3 (or prior versions) to 7.4, some Web Content Structures are showing as not translated in the UI, even though the translations exist in the database. The structure's fields...
Unable to Create Liferay Module Project Fragments and Start DXP 2025.Q1.0 Quarterly Release (LTS) in Liferay Developer Studio 3.10.2
Troubleshooting
Issue In Liferay Developer Studio (version 3.10.2), when navigating to File > New > Liferay Module Project Fragment, nothing happens. The popup window for creating the fragment does not appear....
Default Language not being applied to not translated content
legacy Troubleshooting
Issue There is an undesirable behavior present when creating an object and utilizing the language translation. The content is empty instead of showcasing the content translated. Steps to reproduce: Instance Settings...
Login URL Parameters Reported as Security Threat
legacy Troubleshooting
Issue Vulnerability Assessment and Penetration Testing (VAPT) reports the parameters passed in the login request as a security threat. How can these parameters be removed or mitigated? Environment Liferay DXP 7.4+...
How can I use environment variables to get the URL of other CX micro-services?
legacy How To
Issue Currently we can access the dynamic urls for DXP using the following variables. "LIFERAY_ROUTES_CLIENT_EXTENSION": "/etc/liferay/lxc/ext-init-metadata", "LIFERAY_ROUTES_DXP": "/etc/liferay/lxc/dxp-metadata" Is...
"Copy Page" button doesn't copy the page contents properly
legacy Troubleshooting
Issue We have observed that the "Copy Page" button in the kebab menu of the pages search result screen does not work as expected. The content of the source and destination pages are changed during the copy process. ...
Can I add internal vocabularies through the Site Initializer?
legacy
Issue We use the site initializer to create sites and we want to use internal vocabularies to categorize content. Environment DXP 7.4 Resolution This is not available out of the box in 7.4, but this feature has...
Calendar Widget displays Custom fields differently
legacy Troubleshooting
Issue When users create Custom fields via Control Panel → Custom Fields → Calendar Events,  Custom Fields are not displayed in the same way as Native/Non-Custom fields when viewing Calendar Event details.  Environment...
User profile is visible when accessing the /web/test
legacy Troubleshooting
Issue When accessing localhost:8080/web/test, the user profile is visible to guest users. The concern is that the user data being accessible to guest users poses a security threat. Environment Liferay DXP 7.4...
How to create a Clay Dropdown Menu with Button in Liferay 2024.Q2
legacy How To
Issue Cannot create a dropdown menu with checkboxes and an Apply button that is used to save the selection in the menu using Clay UI. Environment DXP 7.4 2024.Q2 Resolution You can add button functionality to modul by...