[MAGNOLIA-3914] Site aware ACL - port Created: 13/Dec/11  Updated: 02/Oct/12  Resolved: 02/Oct/12

Status: Closed
Project: Magnolia
Component/s: None
Affects Version/s: None
Fix Version/s: 4.5.5

Type: Bug Priority: Critical
Reporter: Ondrej Chytil Assignee: Unassigned
Resolution: Obsolete Votes: 0
Labels: None
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Issue Links:
relation
is related to MAGNOLIA-4449 Protected Page does not redirect to t... Closed
is related to MAGNOLIA-3915 URI Permission assignment does not re... Closed
is related to MGNLETK-66 URI Permission assignment does not re... Closed
is related to MGNLETK-85 Site security handling Closed
Template:
Acceptance criteria:
Empty
Task DoD:
[ ]* Doc/release notes changes? Comment present?
[ ]* Downstream builds green?
[ ]* Solution information and context easily available?
[ ]* Tests
[ ]* FixVersion filled and not yet released
[ ]  Architecture Decision Record (ADR)
Bug DoR:
[ ]* Steps to reproduce, expected, and actual results filled
[ ]* Affected version filled
Date of First Response:

 Description   

MAGNOLIA-3915 and MGNLETK-66 cannot be ported by simple merge. Moreover ACLs in 4.5 seem to not work properly all the time (tested with deny access on URL) - needs deeper investigation.



 Comments   
Comment by Jan Haderka [ 09/Jul/12 ]

Can we solve this in a separate filter, executed after multisite or merge site or any other filter manipulating site

Such filter would use resolved site and ensure that access is allowed only if urls that belong to domains configured for the site otherwise denies access.

Check is applied to all request.

Filter should have optional parameter, setting which allows all access for default site - ie via unmapped domain or that mapped specifically to default site (used in development or for author where correct configuration is not possible)

Q: do we need to allow exceptions?
Idts. not specific content can be exposed via uri mappings. Also custom impls of the filter can be made by clients to solve this

This would not solve problem of allowing access only for one specific site, but that can be again solved in either custom URISecurityFilter or in yet another filter.

Such solution would be imho most flexible and allow most freedom to users.

Comment by Ondrej Chytil [ 02/Oct/12 ]

Issue solved with impelementation of CrossSiteSecurityFilter in MGNLETK-85.

Generated at Mon Feb 12 03:50:54 CET 2024 using Jira 9.4.2#940002-sha1:46d1a51de284217efdcb32434eab47a99af2938b.