[MAGNOLIA-3914] Site aware ACL - port Created: 13/Dec/11 Updated: 02/Oct/12 Resolved: 02/Oct/12 |
|
| Status: | Closed |
| Project: | Magnolia |
| Component/s: | None |
| Affects Version/s: | None |
| Fix Version/s: | 4.5.5 |
| Type: | Bug | Priority: | Critical |
| Reporter: | Ondrej Chytil | Assignee: | Unassigned |
| Resolution: | Obsolete | Votes: | 0 |
| Labels: | None | ||
| Remaining Estimate: | Not Specified | ||
| Time Spent: | Not Specified | ||
| Original Estimate: | Not Specified | ||
| Issue Links: |
|
||||||||||||||||||||
| Template: |
|
||||||||||||||||||||
| Acceptance criteria: |
Empty
|
||||||||||||||||||||
| Task DoD: |
[ ]*
Doc/release notes changes? Comment present?
[ ]*
Downstream builds green?
[ ]*
Solution information and context easily available?
[ ]*
Tests
[ ]*
FixVersion filled and not yet released
[ ] 
Architecture Decision Record (ADR)
|
||||||||||||||||||||
| Bug DoR: |
[ ]*
Steps to reproduce, expected, and actual results filled
[ ]*
Affected version filled
|
||||||||||||||||||||
| Date of First Response: | |||||||||||||||||||||
| Description |
|
|
| Comments |
| Comment by Jan Haderka [ 09/Jul/12 ] |
|
Can we solve this in a separate filter, executed after multisite or merge site or any other filter manipulating site Such filter would use resolved site and ensure that access is allowed only if urls that belong to domains configured for the site otherwise denies access. Check is applied to all request. Filter should have optional parameter, setting which allows all access for default site - ie via unmapped domain or that mapped specifically to default site (used in development or for author where correct configuration is not possible) Q: do we need to allow exceptions? This would not solve problem of allowing access only for one specific site, but that can be again solved in either custom URISecurityFilter or in yet another filter. Such solution would be imho most flexible and allow most freedom to users. |
| Comment by Ondrej Chytil [ 02/Oct/12 ] |
|
Issue solved with impelementation of CrossSiteSecurityFilter in |