Details
-
Bug
-
Resolution: Fixed
-
Critical
-
3.0.1
-
None
-
+ JDK 5.0_10
+ Tomcat 5.5.20
+ Magnolia deployed using the WAR-files (magnoliaAuthor.war, magnoliaPublic.war) as they are packaged with this version
Description
There is no user logged into the Magnolia system on the public instance by default.
Both methods return null by default:
info.magnolia.cms.security.Authenticator#getUserId(HttpServletRequest)
info.magnolia.cms.security.Authenticator#getUser(HttpServletRequest)
My proposal:
Add a new parameter to the server configuration to define the user who's logged into the system by default ('anonymous' on installation). The Authenticator should return this user (even when no HttpSession is created). The AccessManager must decide based on this user's roles.
Checklists
Acceptance criteria
Attachments
Issue Links
- is depended upon by
-
MAGNOLIA-1293 Role ACL is ignored on public instance
-
- Closed
-
- is related to
-
MAGNOLIA-1162 ACL based on URLs
-
- Closed
-