[MAGNOLIA-464] Move access check to filter Created: 20/Jun/05  Updated: 20/Jul/05  Resolved: 20/Jul/05

Status: Closed
Project: Magnolia
Component/s: core
Affects Version/s: 2.1 Final
Fix Version/s: 2.1 Final

Type: Bug Priority: Major
Reporter: Fabrizio Giustina Assignee: Boris Kraft
Resolution: Fixed Votes: 0
Labels: None
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Template:
Acceptance criteria:
Empty
Task DoD:
[ ]* Doc/release notes changes? Comment present?
[ ]* Downstream builds green?
[ ]* Solution information and context easily available?
[ ]* Tests
[ ]* FixVersion filled and not yet released
[ ]  Architecture Decision Record (ADR)
Bug DoR:
[ ]* Steps to reproduce, expected, and actual results filled
[ ]* Affected version filled
Date of First Response:

 Description   

Security checks are actually done in EntryServlet and Spool, but other resources are not properly checked.
Security checks should be removed form servlets and moved to a generic j2ee filter. Be sure to not to break activation.



 Comments   
Comment by Fabrizio Giustina [ 20/Jun/05 ]

work started. Filter is in svn but temporarily disabled in web.xml for testing.

Comment by Fabrizio Giustina [ 20/Jun/05 ]

no problems found using the new filter. Access check is now removed from servlet and filter is enabled. Any servlet/resource now obey to the magnolia secure uri list.

Please test it and report any eventual problem.

Comment by Philipp Bracher [ 14/Jul/05 ]

No problems seen so far. Should we make an RC2?

Comment by Boris Kraft [ 20/Jul/05 ]

Change fix version to RC2

Generated at Mon Feb 12 03:17:41 CET 2024 using Jira 9.4.2#940002-sha1:46d1a51de284217efdcb32434eab47a99af2938b.