[MGNLSTK-1036] securityCallback is not working for custom pattern: PUR pattern not working Created: 25/May/12  Updated: 06/Feb/13  Resolved: 04/Dec/12

Status: Closed
Project: Magnolia Standard Templating Kit (closed)
Component/s: demoproject
Affects Version/s: None
Fix Version/s: 2.0.7

Type: Bug Priority: Critical
Reporter: Christian Ringele Assignee: Ondrej Chytil
Resolution: Fixed Votes: 0
Labels: None
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Issue Links:
dependency
depends upon MAGNOLIA-4449 Protected Page does not redirect to t... Closed
relation
is related to MAGNOLIA-3861 node2bean: support for SimpleUrlPattern Closed
is related to MGNLSTK-1085 Security callback for demo-project lo... Closed
Template:
Acceptance criteria:
Empty
Date of First Response:

 Description   

After setting the ACL of the PUR right (MGNLPUR-68), the standard login form appears and not the PUR login form:
http://demopublic.magnolia-cms.com/demo-project/members-area/protected.html?something

Seems as the public securityCallback pattern is ignored.

Besides:
Its not viewable&changeable anymore, to what 'location' the default 'form' pattern is matched to.
So it can't be changed, and for beginners it can't be known where it will apply to.



 Comments   
Comment by Christian Ringele [ 25/May/12 ]

Only with correct ACL this behavior will show up.

Comment by Milan Divilek [ 20/Jun/12 ]

This issue is caused because info.magnolia.cms.security.SecurityCallbackFilter.selectClientCallback(HttpServletRequest) doesn't choose the best clientCallback, but the first one. And there is the same issue like in MAGNOLIA-4449. patternString for public clientCallback is setup to "/demo-project/members-area/protected*" but this doesn't match with current uri which doen't contain site definition name.

Comment by Ondrej Chytil [ 29/Nov/12 ]

Issue was actually fixed by security changes introduced in 4.5.6 version. Setting for demo-project was updated now in anonymous role ACL and securityCallback filter.

Comment by Daniel Lipp [ 30/Nov/12 ]

To be verified: fix was not working on master - one could no longer log in.

Comment by Ondrej Chytil [ 30/Nov/12 ]

Master branch update with config which respects changes done in MAGNOLIA-3861.

Comment by Jan Haderka [ 02/Dec/12 ]

On master you are changing node to property for security callback. However there should be update task that changes all config nodes for securityCallbacks to properties in core already. So your update task here should be just renaming the property. Also what if that old node/property didn't exist at all? You should create it in such case.

Comment by Jan Haderka [ 04/Dec/12 ]

Link this ticket with N2B ticket mentioned in commit comments. You can close it as resolved afterwards.

Generated at Mon Feb 12 07:32:46 CET 2024 using Jira 9.4.2#940002-sha1:46d1a51de284217efdcb32434eab47a99af2938b.