【问题标题】:Liferay: [SecurityPortletContainerWrapper:630] Reject process actionLiferay:[SecurityPortletContainerWrapper:630] 拒绝进程操作
【发布时间】:2017-06-29 15:26:15
【问题描述】:

我正在尝试在 Liferay 中上传文件,但我厌倦了上传“大”文件大小(超过 2MB)。带日志

[SecurityPortletContainerWrapper:630] 拒绝进程操作

<%@ include file="/init.jsp"%>
<portlet:actionURL var="intergrateURL" name="intergrate" />
<aui:form method="post" action="<%=intergrateURL.toString() %>" 
enctype="multipart/form-data">
     <aui:input name="messagContent1" />
     <aui:input name="messagContent2" />
     <aui:input name="uploadFileHere" type="file"/>
     <aui:button value="submit" type="submit"/>
</aui:form>

Portlet 操作:

public class IntergratePortlet extends MVCPortlet {

public void intergrate(ActionRequest actionRequest,
        ActionResponse actionResponse) {

    UploadPortletRequest uploadPortletRequest = PortalUtil
            .getUploadPortletRequest(actionRequest);

    String messageContent1 = uploadPortletRequest.getFullFileName("uploadFileHere");
    String messageContent2 = ParamUtil.getString(actionRequest,
            "messagContent2");

    InputStream fileInputStream = null;
    byte[] fileByteArray; 

    MessageContentBean messageContentBean = new MessageContentBean();

    messageContentBean.setMessageContent1(messageContent1);
    messageContentBean.setMessageContent2(messageContent2);

    try {
        fileInputStream = uploadPortletRequest.getFileAsStream("uploadFileHere");
        fileByteArray = ReceiveMessage.convertInputStreamToByteArray(fileInputStream);
        messageContentBean.setFileMessage(fileByteArray);
    } catch (IOException e) {
        e.printStackTrace();
    }
    SendJmsMessage sendJmsMessage = new SendJmsMessage();
    sendJmsMessage.doSendMessage("103.74.121.22", messageContentBean);
    // sendJmsMessage.doSendMessage("127.0.0.1", messageContentBean);
}

}

【问题讨论】:

    标签: java liferay-6


    【解决方案1】:

    有两种选择:

    选项 1:

    将以下内容添加到您的 portlet.xml 以禁用 liferay 的 csrf 保护:

        <init-param>
            <name>check-auth-token</name>
            <value>false</value>
        </init-param>
    

    选项 2:

    更改 ${liferay_installed_dir}/portal-ext.properties 以添加以下内容:

    auth.token.ignore.portlets=${form}_WAR_${portlet}

    建议您使用“Option 1”,详情可参考this post

    关于如何禁用每个操作的 CSRF,请搜索 liferay 官方文档/wiki 关键字:

    • “portlet.add.default.resource.check.whitelist”
    • “portlet.add.default.resource.check.whitelist.action”

    【讨论】:

      猜你喜欢
      • 2017-07-12
      • 1970-01-01
      • 2018-02-06
      • 1970-01-01
      • 1970-01-01
      • 1970-01-01
      • 1970-01-01
      • 2021-10-07
      • 1970-01-01
      相关资源
      最近更新 更多