Tuesday, April 7, 2015

[Liferay] Access Liferay Services in Theme or Web Content using Velocity

Sometime, we need to get some data in our web contents. Well, using velocity, we can get the data we want. Create a simple structure and a template. You can assign that structure to some web content later.

Make sure your template script is VM. The below lines of code are for reference, they should help you to get the actual requirement done.

To get namespace of the portlet,
#set ($namespace = $request.get('portlet-namespace'))

To get company id
#set($companyId = $getterUtil.getLong($request.get("theme-display").get("company-id")))

In the line above you also get themeDisplay which can get you many more things. We have $request object here.

To get user service we can use $serviceLocator.
#set($userLocalService = $serviceLocator.findService("com.liferay.portal.service.UserLocalService"))

If you're unable to get $serviceLocator check portal-ext.properties for the property below and set accordingly.

# Set a comma delimited list of variables the Velocity engine cannot
# have access to. This will affect Dynamic Data List templates, Journal
# templates, and Portlet Display templates.
#
velocity.engine.restricted.variables=serviceLocator

Get user from the service
#set($user = $userLocalService.getUserByScreenName($companyId, "kravigupta"))

Get phone service
#set($phoneLocalService = $serviceLocator.findService("com.liferay.portal.service.PhoneLocalService"))

Get all phone numbers of user
#set($userPhones = $phoneLocalService.getPhones($companyId, "com.liferay.portal.model.Contact", $user.getContact().getContactId()))

You can even use validator
#if($validator.isNull($user))
<div>The user is null.</div>
#end

Hope this helps.


Posted by at No comments:

Thursday, April 2, 2015

[Iframe] X-Frame-Options : website does not permit framing


One of my friends, working on a project wanted to load another website in an iframe. But kept getting error similar to

Load denied by X-Frame-Options: http://some-website.com/dashboard/home does not permit framing. 

There is a meta tag for HTML that you can include which prevents embedding your site on other sites. For example Someone might use this blog on their own site using iframe. If I want that anyone can embed this site, I could use the meta tag below.

<meta http-equiv="X-Frame-Options" content="allow">

 As explained by Mozilla.

The X-Frame-Options HTTP response header can be used to indicate whether or not a browser should be allowed to render a page in a <frame>, <iframe> or <object> . Sites can use this to avoid clickjacking attacks, by ensuring that their content is not embedded into other sites.

 X-Frame-Options can have three values - DENY, SAMEORIGIN, ALLOW-FROM uri. The values explain themselves very well.

To configure this on Apache modify configuration ( httpd.conf )as below -

Header always append X-Frame-Options SAMEORIGIN

In case you do not have access to httpd.conf file.. you can also use .htaccess as below-

Header append X-FRAME-OPTIONS "SAMEORIGIN"

Well, that was fun :) we'll learn more on clickjacking more in another post.. stay tuned.

Until next time.

Ref : https://developer.mozilla.org/en-US/docs/Web/HTTP/X-Frame-Options

Posted by at No comments:
Subscribe to: Posts (Atom)