[MAGNOLIA-7958] Sound defaults for IPConfig rules Created: 09/Dec/20  Updated: 09/Dec/20

Status: Accepted
Project: Magnolia
Component/s: security
Affects Version/s: 6.2.5
Fix Version/s: None

Type: Improvement Priority: Neutral
Reporter: Mikaël Geljić Assignee: Unassigned
Resolution: Unresolved Votes: 0
Labels: ipconfig
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Issue Links:
Relates
relates to MAGNOLIA-7957 Support IP ranges in IPSecurityManager Closed
Template:
Acceptance criteria:
Empty
Task DoD:
[ ]* Doc/release notes changes? Comment present?
[ ]* Downstream builds green?
[ ]* Solution information and context easily available?
[ ]* Tests
[ ]* FixVersion filled and not yet released
[ ]  Architecture Decision Record (ADR)

 Description   

IPSecurityManagerImpl has been backed by a mere HashMap (fixed IP or * -> rule) forever.

Although not a widely used feature (and trend goes further towards filtering IPs on a higher level, in front of Magnolia itself), it is quite error prone in its current incarnation.

In particular, introducing new rules or cloning from the default wildcard rule through the Admincentral should not lock the user out before filling in meaningful values.

Options:

  • better defaults in Rule, in particular non-empty allowed methods, unless explicitly configured empty.
  • new flag applyToAdmincentral (false by default) to be able to configure first, then apply

 


Generated at Mon Feb 12 04:28:20 CET 2024 using Jira 9.4.2#940002-sha1:46d1a51de284217efdcb32434eab47a99af2938b.