[MAGNOLIA-4061] ACL: longest rule does not win Created: 21/Dec/11 Updated: 28/Mar/12 Resolved: 28/Mar/12 |
|
| Status: | Closed |
| Project: | Magnolia |
| Component/s: | core |
| Affects Version/s: | None |
| Fix Version/s: | 4.5.2 |
| Type: | Bug | Priority: | Critical |
| Reporter: | Samuel Schmitt | Assignee: | Jan Haderka |
| Resolution: | Obsolete | Votes: | 0 |
| Labels: | None | ||
| Remaining Estimate: | Not Specified | ||
| Time Spent: | Not Specified | ||
| Original Estimate: | Not Specified | ||
| Attachments: |
|
||||
| Issue Links: |
|
||||
| Template: |
|
||||
| Acceptance criteria: |
Empty
|
||||
| Task DoD: |
[ ]*
Doc/release notes changes? Comment present?
[ ]*
Downstream builds green?
[ ]*
Solution information and context easily available?
[ ]*
Tests
[ ]*
FixVersion filled and not yet released
[ ] 
Architecture Decision Record (ADR)
|
||||
| Bug DoR: |
[ ]*
Steps to reproduce, expected, and actual results filled
[ ]*
Affected version filled
|
||||
| Date of First Response: | |||||
| Description |
|
From the original security config I add these changes: With this config, I should be able to open the page /demo-project/members-area.html, but it's not the case. I'm redirected to the login form. If in Website, I add R/W to /, then I'm able to open the page. It seems like the longest rule does not win. |
| Comments |
| Comment by Espen Jervidalo [ 13/Mar/12 ] |
|
While trying to reproduce this issue my log got flooded with following messages: 2012-03-13 15:22:34,346 WARN ia.module.admininterface.dialogs.ACLSDialogControl: A deprecated class or method was used: Use IoC!. Check the following trace: info.magnolia.module.admininterface.AdminInterfaceModule.getInstance(AdminInterfaceModule.java:103), info.magnolia.module.admininterface.dialogs.ACLSDialogControl.<init>(ACLSDialogControl.java:76), the full stracktrace will be logged in debug mode in the info.magnolia.cms.util.DeprecationUtil category. and 2012-03-13 15:45:07,928 ERROR info.magnolia.module.cache.filter.CacheFilter : A request started to cache but failed with an exception (AccessDeniedException: cannot read item 1be12547-ad82-4c83-8396-213466ceb003). [url=http://localhost:8080/magnoliaPublic/demo-project/members-area.html], [key=DefaultCacheKey{uri='/demo-project/members-area.html', serverName='localhost', locale='en', channel='desktop', params={}', secure='false'}] |
| Comment by Jan Haderka [ 14/Mar/12 ] |
|
Should be fixed already by SCRUM-909. Recheck. |
| Comment by Espen Jervidalo [ 21/Mar/12 ] |
|
I rechecked with current trunk. The exceptions are still thrown.
The exception should not print the whole stacktrace. Why is the Login-Screen shown? Some problem with accessing the parent node? |
| Comment by Jan Haderka [ 28/Mar/12 ] |
|
Tested again on 4.5.1. Behavior is consistent. The reason why pages are not accessible is because STK/Demo Project pages need to access Site Root page in order to render properly. Since they are not allowed access, ContentSecurityFilter will redirect to login page. |