[MAGNOLIA-1617] Extract ip security out of URISecurityFilter Created: 03/Jul/07  Updated: 05/Jun/23  Resolved: 14/Jan/22

Status: Closed
Project: Magnolia
Component/s: security
Affects Version/s: 3.1 M1
Fix Version/s: None

Type: Task Priority: Major
Reporter: Magnolia International Assignee: Unassigned
Resolution: Won't Do Votes: 0
Labels: ipconfig, tech-debt
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Issue Links:
Relates
relates to MAGNOLIA-7957 Support IP ranges in IPSecurityManager Closed
dependency
depends upon MAGNOLIA-1671 Review the Server and Listener(ip con... Closed
is depended upon by MAGNOLIA-7959 Extract IP security out of core Selected
relation
is related to MAGNOLIA-5530 info.magnolia.cms.security.Lock is no... Closed
supersession
is superseded by MAGNOLIA-2460 security: ip protection should suppor... Closed
Template:
Acceptance criteria:
Empty
Task DoR:
Empty
Date of First Response:

 Description   

MAGNOLIA-1671 did some refactoring around IPSecurityManager.

Its usage should now be moved out of URISecurityFilter (doesn't use user permissions, has little to do with URIs).

IPSecurityManager could be improved (support ranges, ...)*(1)

(1) these potential improvements should be a separate task.



 Comments   
Comment by Magnolia International [ 29/Oct/07 ]

Refactoring of the two "Listener" classes done with MAGNOLIA-1671
The usage of it in URISecurityFilter should maybe be changed: since it does response.sendErrorCode, the response is "commited" and that seems to be the reason why the login form can't be displayed.

Comment by Michael Mühlebach [ 04/Nov/15 ]

Given the thousands of other issues we have open that are more highly requested, we won't be able to address this issue in the foreseeable future. Instead we will focus on issues with a higher impact, and more votes.
Thanks for taking the time to raise this issue. As you are no doubt aware this issue has been on our backlog for some time now with very little movement.
I'm going to close this to set expectations so the issue doesn't stay open for years with few updates. If the issue is still relevant please feel free to reopen it or create a new issue.

Comment by Eric Hähner [ 05/Jun/23 ]

Hi, 

there is a TODO comment that mentions this ticket. Maybe you can remove this comment if the task won't be solved.

https://git.magnolia-cms.com/projects/PLATFORM/repos/main/browse/magnolia-core/src/main/java/info/magnolia/cms/security/URISecurityFilter.java#70

Kind regards

Eric

Generated at Mon Feb 12 03:28:39 CET 2024 using Jira 9.4.2#940002-sha1:46d1a51de284217efdcb32434eab47a99af2938b.