Submit Feedback
Legacy Knowledge Base
Published Jun. 30, 2025

User profile is visible when accessing the /web/test

Written By

Anushka Tiwari

How To articles are not official guidelines or officially supported documentation. They are community-contributed content and may not always reflect the latest updates to Liferay DXP. We welcome your feedback to improve How To articles!

While we make every effort to ensure this Knowledge Base is accurate, it may not always reflect the most recent updates or official guidelines.We appreciate your understanding and encourage you to reach out with any feedback or concerns.

Legacy Article

You are viewing an article from our legacy "FastTrack" publication program, made available for informational purposes. Articles in this program were published without a requirement for independent editing or verification and are provided"as is" without guarantee.

Before using any information from this article, independently verify its suitability for your situation and project.

Issue

  • When accessing localhost:8080/web/test, the user profile is visible to guest users. The concern is that the user data being accessible to guest users poses a security threat.
    0.png

Environment

  • Liferay DXP 7.4

Resolution

  • Add the below property in portal-ext.properties file and set this to 'false'; after adding the portal property, when you access the "localhost:8080/web/test", it will not show the user profile and will redirect to the 404 error page. 
    # Set whether or not public layouts are enabled. Set whether or not public
    # layouts should be auto created if a user has no public layouts. If public
    # layouts are not enabled, then the property
    # "layout.user.public.layouts.auto.create" is assumed to be false.
    #
    # Env: LIFERAY_LAYOUT_PERIOD_USER_PERIOD_PUBLIC_PERIOD_LAYOUTS_PERIOD_AUTO_PERIOD_CREATE
    # Env: LIFERAY_LAYOUT_PERIOD_USER_PERIOD_PUBLIC_PERIOD_LAYOUTS_PERIOD_ENABLED
    #
    layout.user.public.layouts.enabled=false
    Note:
    1. Configure the portal-ext.properties file with the above property and restart the server to see the changes.
    2. Check the behavior in the lower environment first; if everything works as expected, then move to the production as per your discretion.

Additional Information

  • Additionally, if there is no need to use the personal sites, the above property will prevent new sites from being created. However, it doesn’t change the existing user personal sites.
Did this article resolve your issue ?
Legacy Knowledge Base
Did this article resolve your issue ?