Development

Configure Authorization and Authentication in Liferay 6.2

Out of several portal technologies and tools, Liferay, written in Java, is a free and open source enterprise software product that provides web content management and application management. As an essential component, authorization and authentication are almost always needed for each type of enterprise system tool. In the past few weeks, we completed some security configuration. It’s quite easy to configure the related parameter with Liferay’s graphic UI.
Authorization
Instead of ‘authorization’, Liferay uses the term ‘permission’  in its application and documentation. Similar to other application systems, Liferay has been implementing the role based security control mode in portlets, pages, and applications.

In this model, there are associations and assignments setup between objects:

  • User is associated with a group;
  • Group is associated with a role;
  • Role is directly assigned to the permission of objects such as portlet, application, site, and pages etc;

As a result, the user or group is indirectly assigned to the Liferay objects permission. The following is an example of the permission setting on web content. Role_C is an admin and granted all permissions.

Role Add Discussion Delete Delete Discussion Expire Permissions Update Update Discussion View
Role_A X X X X
Role_B X
Role_C X X X X X X X X

To achieve the expected security control in your organization, you will need a logical model to plan out each level and type of security. For example: who can view/edit which objects and content. With this logical mapping, you can easily implement it in the Liferay portal.
Authentication
Authentication is another pillar in the security setting. Liferay supports integration with existing security tools such as LDAP, AD, CAS, Facebook, NTLM, OpenID, Open SSO and SiteMinder. We just finished the Liferay integration with CAS which is an enterprise single sign-on service for the Web (quoted from https://www.apereo.org/projects/cas):

  • An open and well-documented protocol
  • An open-source Java server component
  • A library of clients for Java, .Net, PHP, Perl, Apache, uPortal, and others

In this example, we will configure CAS and Active Directory in two parts. The steps are the followings:

  1. Go to Liferay Control Panel -> Configuration -> Portal Settings -> Authentication
  2. Go to CAS tab and configure as below
Configuration
Enabled Checked
Import from LDAP Checked
Login URL http://gdccas
Logout URL http://gdccas
Server Name localhost:8080
Server URL http://gdccas
No Such User Redirect URL localhost:8080
  1. Go to LDAP tab, create a new LDAP server and configure as below
Configuration
Enabled Checked
Required Checked
Server Name Perficient LDAP
Base Provider URL *.*.*.*:389
Bsae DN OU=Employees,DC=your company,DC=com
Principle CN=you user name,OU=Employees,DC=your company,DC=com
Credentials your password
  1. Configure user search filter, you can refer to AD filter format
  2. Save your configuration

Now you can reboot the application server and access your home page. It will direct you to a CAS page and it will load all LDAP users into the Liferay user repository during startup to keep Liferay users synchronized from LDAP server.

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Kent Jiang

Currently I was working in Perficient China GDC located in Hangzhou as a Lead Technical Consultant. I have been with 8 years experience in IT industry across Java, CRM and BI technologies. My interested tech area includes business analytic s, project planning, MDM, quality assurance etc

More from this Author

Subscribe to the Weekly Blog Digest:

Sign Up
Follow Us
TwitterLinkedinFacebookYoutubeInstagram