1. Home
  2. Portal
  3. Unable to use Web Screenlet in liferay CE 7.2 and above

Unable to use Web Screenlet in liferay CE 7.2 and above

Nikita Dubina, modified 5 Years ago.
Unable to use Web Screenlet in liferay CE 7.2 and above
New Member Posts: 4 Join Date: 3/6/20 Recent Posts
Hello,
I'm trying to use Liferay Screenlets for developing mobile application and get some problem:I made simple Hybrid application for android like as in course video from Liferay University. In application I have 2 activities the first one contains Login Screenlet, the second one contains Web Screenlet. All is the same like in sample application from course (https://university.liferay.com/mobile-development/203968).

When I try to run this application on Liferay CE 7.0 or 7.1, it's works fine. After login I can see the page with authorized user icon in header. But when I try to use Liferay CE 7.2 or 7.3, user cannot be authorized... I made some investigation work and find out this: in Liferay 7.2/7.3 struts action /c/portal/login uses CSRF token. In log file of portal I got this warning:

2020-03-16 06:19:20.482 WARN  [http-nio-8080-exec-3][code_jsp:?] {code="500", msg="", uri=/c/portal/login}
javax.servlet.ServletException: com.liferay.portal.kernel.security.auth.PrincipalException$MustHaveValidCSRFToken: User 0 did not provide a valid CSRF token for com.liferay.portal.action.LoginAction

I tried to add this struts to auth.public.paths and in other properties, but it cannot solve this problem.

I suppose that Liferay Screens may uses calls of /c/portal/login in other screenlets to... If this decision is right, then Liferay Screens can't work properly on portals with version CE 7.2 and above.

So, my question is simple actually. Will there be a new version of Liferay Screens for supporting 7.2 CE and above portal versions?
thumbnail
Victor Galan, modified 5 Years ago.
RE: Unable to use Web Screenlet in liferay CE 7.2 and above
Regular Member Posts: 144 Join Date: 6/14/16 Recent Posts
Hey!
The login method used by the WebScreenlet was a bit delicate, so it got extra protection from 7.2 onward.
Although it is not recommended, you can disable that protection adding auth.token.ignore.origins=com.liferay.portal.action.LoginAction to the portal-ext.properties fileThanks
Nikita Dubina, modified 5 Years ago.
RE: Unable to use Web Screenlet in liferay CE 7.2 and above
New Member Posts: 4 Join Date: 3/6/20 Recent Posts
Hi, Victor!
Thanks for your answer! But if this method was "a bit delicate" and got extra protection from 7.2 I have a question to Liferay Screens team: Will there be a fix for new authentication method in Liferay Screens for Web Screenlet? I don't want to disable this protection actually.
thumbnail
Victor Galan, modified 5 Years ago.
RE: Unable to use Web Screenlet in liferay CE 7.2 and above
Regular Member Posts: 144 Join Date: 6/14/16 Recent Posts
Hey, it is not recommended if you are not going to use the WebScreenlet, but for the webscreenlet to work you need that property 
Nikita Dubina, modified 5 Years ago.
RE: Unable to use Web Screenlet in liferay CE 7.2 and above
New Member Posts: 4 Join Date: 3/6/20 Recent Posts
Hello,Victor, I fully understand that I can use this property, but in Liferay 7.2 and above this authorization method has got extra protection. If I add this property I’ll probably lose this protection for my portal instance... This is not good for me. I’m concern about security and not sure if it is safe  to open them. So Lifersy Screens and Web Screenlet in particular was developed by Liferay, I can suggest that Liferay Screens develop team knows about this issue for authorization. There are no info about solution of this problem in official documentation. One gets the impression that Liferay Screens will not be supported in future. I have a bad experience with other Liferay products...