Details
-
Task
-
Resolution: Fixed
-
Neutral
-
None
-
6.2
-
None
-
None
-
-
Empty show more show less
-
Empty show more show less
Description
The SiteUriSecurityFilter mentions that when a request is mapped to a site then we need to check two permissions in order to grant access.
On the page Roles and Access control we do mention something about this in the section Site-aware ACLs. Above that section in Web Access we do have a screenshot of the anonymous role where you can see two ACLS being set for the protected "member" section of the travel demo.
What we need is more clarity in the documentation about why you need to have two rules. Take the example of whitelisting. Let's say I wanted to whitelist the sportstation site on demo public (currently we use blacklisting). Using the about page as an example:
The following rules are needed to access https://sportstation.magnolia-cms.com/about.html
Deny *
Get <sportstation>/about
Get /about
Checklists
Attachments
Issue Links
- relates to
-
MGNLSITE-191 Discovery: Clarify ACL requirements for SiteUriSecurityFilter
-
- Closed
-