Problem : When we are facing issue like “Invalid authentication token” during submission of form, such as given below log info.

INFO  [PortalImpl:4873] Current URL /web/guest/bla-bla?p_auth=YoaGw6u5&p_p_id=portlet_id&p_p_lifecycle=1&p_p_state=normal&p_p_mo
de=view&p_p_col_id=column-2&p_p_col_count=1&_portlet_id_javax.portlet.action=addAction generates exception: Invalid authentication token
INFO  [PortalImpl:4890] Invalid authentication token


Solution :  We can resolve this in three ways.

For Custom/Plugin portlet, use the below code in action class

public class ActionNamePortlet extends MVCPortlet {

//Ignore code

     * To by-pass authentication token for non-logged in user.
     * Error: Invalid authentication token
     * @return
    protected boolean isCheckMethodOnProcessAction() {

    private static final boolean CHECK_METHOD_ON_PROCESS_ACTION = false;




Place the below code in plugin portelt portlet.xml file



Note : This can be used for plugin portlet as well as Liferay OOTB portelt.

Place the below code in liferay portal-ext.propertes.

    # Set a list of comma delimited portlet ids that will not be checked for an
    # authentication token.



If we have a requirement to disable “authentication token security checks” for portal, then place the below code in file.

Note : Not suggesting to go for this solution for specific portlet

## Authentication Token

    # Set this to true to enable authentication token security checks. The
    # checks can be disabled for specific actions via the property
    # “auth.token.ignore.actions” or for specific portlets via the init
    # parameter “check-auth-token” in portlet.xml.




Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.

%d bloggers like this: