[MAGNOLIA-1476] allow using a magnolia page as a login page Created: 22/Apr/07 Updated: 23/Jan/13 Resolved: 11/Dec/09 |
|
| Status: | Closed |
| Project: | Magnolia |
| Component/s: | security |
| Affects Version/s: | 3.0.2 |
| Fix Version/s: | 3.6.4 |
| Type: | Improvement | Priority: | Major |
| Reporter: | Fabrizio Giustina | Assignee: | Fabrizio Giustina |
| Resolution: | Fixed | Votes: | 0 |
| Labels: | None | ||
| Remaining Estimate: | Not Specified | ||
| Time Spent: | Not Specified | ||
| Original Estimate: | Not Specified | ||
| Issue Links: |
|
||||||||
| Template: |
|
||||||||
| Acceptance criteria: |
Empty
|
||||||||
| Task DoD: |
[ ]*
Doc/release notes changes? Comment present?
[ ]*
Downstream builds green?
[ ]*
Solution information and context easily available?
[ ]*
Tests
[ ]*
FixVersion filled and not yet released
[ ] 
Architecture Decision Record (ADR)
|
||||||||
| Date of First Response: | |||||||||
| Description |
|
This could be useful for website where magnolia security is used also on the public instance: I already have some code for this that I will try to integrate soon, these are a couple of details about how it works:
|
| Comments |
| Comment by Magnolia International [ 31/Jan/08 ] |
|
This might actually be solved (or partially) with the public user registration module. |
| Comment by Philipp Bärfuss [ 11/Dec/09 ] |
|
This is working: proofed by the new PUR integration into STK |
| Comment by Magnolia International [ 15/Jan/10 ] |
|
example: one can setup a info.magnolia.cms.security.auth.callback.RedirectClientCallback to redirect to any page for login. Additionally, one could setup a info.magnolia.cms.security.auth.callback.CompositeCallback that will use the regular FormClientCallback for all /.magnolia* stuff and a RedirectClientCallback for anything public/pages. |
| Comment by Fabrizio Giustina [ 15/Jan/10 ] |
|
mh, I don't think the redirectCallback is enough... so the result should be:
|
| Comment by Magnolia International [ 15/Jan/10 ] |
|
It should be fairly straightforward to implement a ForwardingClientCallback instead, but I'm not convinced that's a good solution wrt SEO etc (the same login page could show up with both 200 and 401) The redirectClientCallback can use url parameters, so all that's left to do is something along the lines of <form action="${request.backto}" ...> in your login page. |
| Comment by Fabrizio Giustina [ 15/Jan/10 ] |
|
there is no problem for SEO if it's a protected page and if it's properly returned as a 401 (anyway, it's not worst than indexing a redirect). Anyway, I already implemented a ForwardCallback in the past, do you think it's good to have it in the list of available callback in Magnolia? I can clean it up and commit, or I can keep it in some utility module... |
| Comment by Magnolia International [ 15/Jan/10 ] |
|
Sure, I don't see why not; specific jira issue |