Problem : When we are facing issue like “Invalid authentication token” during submission of form, such as given below log info.

INFO  [PortalImpl:4873] Current URL /web/guest/bla-bla?p_auth=YoaGw6u5&p_p_id=portlet_id&p_p_lifecycle=1&p_p_state=normal&p_p_mo
de=view&p_p_col_id=column-2&p_p_col_count=1&_portlet_id_javax.portlet.action=addAction generates exception: Invalid authentication token
INFO  [PortalImpl:4890] Invalid authentication token

 

Solution :  We can resolve this in three ways.

For Custom/Plugin portlet, use the below code in action class

public class ActionNamePortlet extends MVCPortlet {

//Ignore code

/**
     * To by-pass authentication token for non-logged in user.
     * Error: Invalid authentication token
     * @return
     */
    protected boolean isCheckMethodOnProcessAction() {
        return CHECK_METHOD_ON_PROCESS_ACTION;
    }

    private static final boolean CHECK_METHOD_ON_PROCESS_ACTION = false;

}

OR

 

Place the below code in plugin portelt portlet.xml file

<init-param>
            <name>check-auth-token</name>
            <value>false</value>
</init-param>

OR

Note : This can be used for plugin portlet as well as Liferay OOTB portelt.

Place the below code in liferay portal-ext.propertes.

#
    # Set a list of comma delimited portlet ids that will not be checked for an
    # authentication token.
    #
    auth.token.ignore.portlets=82,portlet_id

 

 

If we have a requirement to disable “authentication token security checks” for portal, then place the below code in portal-ext.properties file.

Note : Not suggesting to go for this solution for specific portlet

##
## Authentication Token
##

    #
    # Set this to true to enable authentication token security checks. The
    # checks can be disabled for specific actions via the property
    # “auth.token.ignore.actions” or for specific portlets via the init
    # parameter “check-auth-token” in portlet.xml.
    #
    auth.token.check.enabled=false

 

 

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.

%d bloggers like this: