Issue
- When not logged in, and user attempts to navigate to private page's URL, instead of being prompted to log in, a 'Not Found' page is seen instead.
Environment
- DXP 7.4
Resolution
-
In DXP 7.3, when users are not logged in and they navigate to a private page's URL, they are prompted to login. This behavior is controlled by the portal property
auth.login.prompt.enabled
, which is set to true by default in DXP 7.3. -
If
auth.login.prompt.enabled
is set to false, the expected behavior is for all users that have no entitlements to view the resource to be informed that a requested resource is not found, with no prompts for login. -
However, the
auth.login.prompt.enabled
is no longer available in DXP 7.4, and is disabled by default to comply with OWASP best practices. (Change applied by LPS-141291) -
To re-enable the login prompt for privates pages in DXP 7.4, depending on the scope you'd like to set the behavior for (System, Instance, or Site), additional configuration in the Control Panel must be set.
-
For System Level scope, the following instructions can be used:
- Navigate to Control Panel > System Settings > Login
- Check the 'Prompt Enabled' checkbox.
- Click Save.
-
For System Level scope, the following instructions can be used:
Additional Information
Conteúdo Excluesivo para Assinantes
Uma Subscrição do Liferay Enterprise fornece acesso a mais de 1.500 artigos que incluem práticas recomendadas, solução de problemas e outras soluções valiosas. Faça login para obter acesso completo.
Entrar