[MAGNOLIA-7959] Extract IP security out of core Created: 09/Dec/20  Updated: 09/Dec/20

Status: Selected
Project: Magnolia
Component/s: security
Affects Version/s: 6.2.5
Fix Version/s: None

Type: Task Priority: Neutral
Reporter: Mikaël Geljić Assignee: Unassigned
Resolution: Unresolved Votes: 0
Labels: ipconfig, mpc
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Issue Links:
dependency
depends upon MAGNOLIA-1617 Extract ip security out of URISecurit... Closed
Template:
Acceptance criteria:
Empty
Task DoR:
Empty

 Description   

IPSecurityManager / IPConfig is not a widely used feature. Trend goes further towards filtering IPs on a higher level, in front of Magnolia itself, at least for IP concerns. On the other hand, allowed-method concerns should leverage CORS to control resource access.

Therefore I'm proposing to deprecate the IPSecurityManager, and extract it along with its filter to a new community module, outside of magnolia-core.

The new module should consider external file-based configuration instead (in order to decouple from runtime changes and recover from lock-out scenarios).


Generated at Mon Feb 12 04:28:21 CET 2024 using Jira 9.4.2#940002-sha1:46d1a51de284217efdcb32434eab47a99af2938b.