My Oracle Support Banner

Documents in a Hidden Portal can be Accessed as Public User (Doc ID 2920700.1)

Last updated on AUGUST 10, 2024

Applies to:

Oracle WebCenter Portal - Version 12.2.1.3.0 and later
Oracle WebCenter Portal for OCI - Version 12.2.1.4_24.2 and later
Information in this document applies to any platform.

Symptoms


ACTUAL BEHAVIOR

Accessing the "Enterprise Libraries" folder using the content server connection from WebCenter Portal as public user shows the folder for a private/hidden portal.


EXPECTED BEHAVIOR

Do not expect the private/hidden folder to be shown to public users.


STEPS

The issue can be reproduced with the following steps:

  1. Connect to WebCenter Portal and navigate to the Documents page of the affected portal.
     
  2.  Select a document and click the "Get Link" icon.
     
  3. Note down the links:
     
    View Document: https://<HOST>:<PORT>/webcenter/portal/wccdoc?dDocName=<DOCNAME>
    Download Native File: https://<HOST>:<PORT>/webcenter/wccproxy/d?dDocName=<DOCNAME>
    Additional Link: https://<HOST>:<PORT>/webcenter/content/conn/WebCenterSpaces-ucm/path/Enterprise Libraries/<AFFECTED_PORTAL_FOLDER>/<FILENAME>
      
     
  4. Test the links as public user: 

    View Document Link -> This link opens document properties (unexpected)
    Download Native File -> This link downloads the document (unexpected)
    Additional Link -> This link downloads the document (unexpected)
      
     
  5. Open this URL as public user:
     
    https://<HOST>:<PORT>/webcenter/content/conn/iPortalContent/path/Enterprise Libraries/
     
    This link will show all public portal folders as expected, but it also shows the affected private/hidden portal (unexpected).
     
     
  6. Connect to the content server UI.
     
    • Go to : Enterprise Libraries -> <AFFECTED_PORTAL_FOLDER>
       
    • Navigate to a subfolder in the portal and then get the document information of a file in the folder.
       
    • Note down the following URLs at the bottom of the page:
       
      Web Location
      Native File
       
    • Test the URLs as public user:
       
      You will get prompted for login.
      It does not matter who authenticates (e.g. a non-member of the portal) the file *IS* downloaded.

 

 

Changes

 

Cause

To view full details, sign in with your My Oracle Support account.

Don't have a My Oracle Support account? Click to get started!

In this Document
Symptoms
Changes
Cause
Solution


My Oracle Support provides customers with access to over a million knowledge articles and a vibrant support community of peers and Oracle experts.