Uploaded image for project: 'Documentation'
  1. Documentation
  2. DOCU-2722

Clarify ACL requirements for SiteUriSecurityFilter

    XMLWordPrintable

Details

    • Task
    • Resolution: Fixed
    • Neutral
    • None
    • 6.2
    • None
    • None

    Description

      The SiteUriSecurityFilter mentions that when a request is mapped to a site then we need to check two permissions in order to grant access.

      On the page Roles and Access control we do mention something about this in the section Site-aware ACLs. Above that section in Web Access we do have a screenshot of the anonymous role where you can see two ACLS being set for the protected "member" section of the travel demo.

      What we need is more clarity in the documentation about why you need to have two rules. Take the example of whitelisting. Let's say I wanted to whitelist the sportstation site on demo public (currently we use blacklisting). Using the about page as an example:

      The following rules are needed to access https://sportstation.magnolia-cms.com/about.html

      Deny *
      Get <sportstation>/about
      Get /about

      Checklists

        Acceptance criteria

        Attachments

          Issue Links

            Activity

              People

                amansell Alex Mansell
                rgange Richard Gange
                Votes:
                0 Vote for this issue
                Watchers:
                2 Start watching this issue

                Dates

                  Created:
                  Updated:
                  Resolved:

                  Checklists

                    Task DoR