Liferay- a free and open source enterprise portal software product has one of the most flexible Web Content Management System (WCM). The WCM in Liferay offers a number of features to the users to build websites and portals. It includes assembly of themes, portlets, pages, common navigation and many more. One such important feature is Staging feature of Liferay WCM that we are going to discuss here.
Staging Concept in Liferay:
The concept of Staging is quite simple- you can modify the site behind the scenes and publish all the updates in just one shot. The Liferay staging environment provides you an interface to make changes on a specialized staging area. Once you are done with the changes, you can publish all the changes at once on your site. Liferay provides the site administrators with two different ways for setting up staging- Local Live and Remote Live.
Local Live Staging:
In the Local Live Staging, both the staging environment and the live environment are being hosted on the same server. The site administrators can enable Staging for a site via the Site Settings UI. Navigate to the Site Administration → Configuration page of your site, make sure Site Settings is highlighted in the left menu, and click on Staging listed under the Advanced tab. Under Staging Type, select either Local Live or Remote Live and additional options appear. Staging allows changes to be made in a staging environment so that work can be reviewed, possibly using a workflow, before it’s published to a live site.
Remote Live Staging:
In this, the remote (live) Liferay server and the local (staging) Liferay server should be completely separate systems. When Remote Live staging is enabled, all the necessary information is transferred over the network connecting the two servers.
You need to specify an authentication key to be shared by your current and your remote server and enable each Liferay server’s tunneling servlet authentication verifier. You can make all of these configurations in your Liferay servers’ portal-ext.properties files.
Your first step should be to add the following lines to your current Liferay server’s portal-ext.properties file:
tunnel.servlet.hosts.allowed=127.0.0.1,SERVER_IP,[Remote server IP address] axis.servlet.hosts.allowed=127.0.0.1,SERVER_IP,192.168.0.16,[Remote server IP address] tunneling.servlet.shared.secret=[secret] auth.verifier.TunnelingServletAuthVerifier.hosts.allowed=
Then add the following lines to your remote Liferay server’s portal-ext.properties file:
tunnel.servlet.hosts.allowed=127.0.0.1,SERVER_IP,[Local server IP address] axis.servlet.hosts.allowed=127.0.0.1,SERVER_IP,192.168.0.16,[Local server IP address] tunneling.servlet.shared.secret=[secret] auth.verifier.TunnelingServletAuthVerifier.hosts.allowed=
Remote Live Staging Issue with Custom Field
When you add custom field with the Remote Live Staging, an error is being generated. It has been explained below in detail.
- While creating “Group of Text Values” custom field in Web Content, there is a need to enable logger for this to classes.
com.liferay.portal.lar to ALL com.thoughtworks.xstream.XStream to ALL
- Now do remote publish from local server to remote server and select web content.
- Now see log in remote server you will get this following error
[PortletDataContextImpl:2291][/api/liferay/do] com.thoughtworks.xstream.converters.ConversionException: [Ljava.lang.String; : [Ljava.lang.String;
--- Debugging information ---- _message : [Ljava.lang.String; _cause-exception : com.thoughtworks.xstream.security.ForbiddenClassException _cause-message : [Ljava.lang.String; _class : java.util.HashMap _required-type : java.util.HashMap _converter-type : com.thoughtworks.xstream.converters.collections.MapConverter _path : /map/entry/string-array _line number : 4 _version : 1.4.7 ------------------------------- [Sanitized]
As in Liferay 6.2 they added some permission like “PrimitiveTypePermission”,” AnyTypePermission” etc…
To solve this issue we need to add this custom field classes in whitelist. Adding custom field classes in remote server portal-ext file for whitelist classes need to add this “staging.xstream.class.whitelist” property in server.
Security Feature in Liferay 6.2:
Some Liferay portlets allow you to export or import portlet data. These include many of Liferay’s collaborative applications, such as the Blogs, Wiki, and Message Boards portlets. As a result, in order to prevent malicious code from being imported into your portal, Liferay restricts external classes from being serialized/deserialized. If you need a class serialized/deserialized during the import of a LAR, you must whitelist that class.
You can list your classes in portal-ext.properties or in the given plugin by creating a portal.properties file with the proper settings and a liferay-hook.xml that contains a <portal-properties> element to let the deploy framework recognize and merge the property configuration with the default ones.
Thus, this is how one can solve staging issue with their Liferay portal development.