[MAGNOLIA-4449] Protected Page does not redirect to the login page Created: 25/May/12  Updated: 12/Dec/12  Resolved: 12/Dec/12

Status: Closed
Project: Magnolia
Component/s: security
Affects Version/s: 4.4.6, 4.5, 4.5.7
Fix Version/s: 4.5.7

Type: Bug Priority: Critical
Reporter: Christian Ringele Assignee: Ondrej Chytil
Resolution: Duplicate Votes: 0
Labels: None
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Issue Links:
dependency
is depended upon by MGNLSTK-1036 securityCallback is not working for c... Closed
duplicate
is duplicated by MGNLPUR-66 Protected Page does not redirect to t... Closed
is duplicated by MGNLPUR-70 Protected Page does not redirect to P... Closed
relation
is related to MAGNOLIA-3914 Site aware ACL - port Closed
Template:
Acceptance criteria:
Empty
Task DoD:
[ ]* Doc/release notes changes? Comment present?
[ ]* Downstream builds green?
[ ]* Solution information and context easily available?
[ ]* Tests
[ ]* FixVersion filled and not yet released
[ ]  Architecture Decision Record (ADR)
Bug DoR:
[ ]* Steps to reproduce, expected, and actual results filled
[ ]* Affected version filled
Date of First Response:

 Description   

Anonymous role has deny access to /demo-project/members-area/protected* , this rule should be used in info.magnolia.cms.security.URISecurityFilter.isAuthorized(HttpServletRequest), but this doesn't happen due to this rule pattern doesn't match with current uri. info.magnolia.cms.core.AggregationState.getCurrentURI() has value "/members-area/protected" because info.magnolia.module.extendedtemplatingkit.filters.MultiSiteFilter removes site definition name from uri.



 Comments   
Comment by Christian Ringele [ 25/May/12 ]

Attention, page is cached cause it was not denied.
Use parameter to see if login appears when ACL is set right:
http://demopublic.magnolia-cms.com/demo-project/members-area/protected.html?something

Comment by Jan Haderka [ 26/May/12 ]

Last time I checked, protected page was bootstrapped by demo project, not by PUR, therefore also setting of roles needs to be done by the demo project.

Comment by Ondrej Chytil [ 29/Nov/12 ]

Fixed by MGNLSTK-1036.

Generated at Mon Feb 12 03:55:53 CET 2024 using Jira 9.4.2#940002-sha1:46d1a51de284217efdcb32434eab47a99af2938b.