Wednesday, February 12, 2014

To by-pass authentication token for non-logged in user (Liferay Error: Invalid authentication token)

Problem : When we are facing issue like "Invalid authentication token" during submission of form, such as given below log info.

INFO  [PortalImpl:4873] Current URL /web/guest/bla-bla?p_auth=YoaGw6u5&p_p_id=portlet_id&p_p_lifecycle=1&p_p_state=normal&p_p_mo
de=view&p_p_col_id=column-2&p_p_col_count=1&_portlet_id_javax.portlet.action=addAction generates exception: Invalid authentication token
INFO  [PortalImpl:4890] Invalid authentication token


Solution :  We can resolve this in three ways.

For Custom/Plugin portlet, use the below code in action class

public class ActionNamePortlet extends MVCPortlet {

//Ignore code

     * To by-pass authentication token for non-logged in user.
     * Error: Invalid authentication token
     * @return
    protected boolean isCheckMethodOnProcessAction() {

    private static final boolean CHECK_METHOD_ON_PROCESS_ACTION = false;




Place the below code in plugin portelt portlet.xml file



Note : This can be used for plugin portlet as well as Liferay OOTB portelt.

Place the below code in liferay portal-ext.propertes.

    # Set a list of comma delimited portlet ids that will not be checked for an
    # authentication token.



If we have a requirement to disable "authentication token security checks" for portal, then place the below code in file.

Note : Not suggesting to go for this solution for specific portlet

## Authentication Token

    # Set this to true to enable authentication token security checks. The
    # checks can be disabled for specific actions via the property
    # "auth.token.ignore.actions" or for specific portlets via the init
    # parameter "check-auth-token" in portlet.xml.