Issue
The current Liferay DXP portal properties file contains the following for the "check-auth-token" parameter:
# # Set this to true to enable authentication token security checks. The # checks can be disabled for specific actions via the property # "auth.token.ignore.actions" or for specific portlets via the init # parameter "check-auth-token" in portlet.xml. # auth.token.check.enabled=true
As OSGi portlets lack a portlet.xml file the "check-auth-token" parameter can not be used.
Environment
- Liferay DXP 7.0
- Liferay DXP 7.1
- Liferay DXP 7.2
Resolution
To disable the check for a specific portlet, the following property can be set within the @Component annotation of the corresponding portlet class:
@Component(
property = {
javax.portlet.init-param.check-auth-token=false,
// Other properties
},
service = Portlet.class
)
public class MyPortletClass { ... }