[MGNLSTK-1036] securityCallback is not working for custom pattern: PUR pattern not working Created: 25/May/12 Updated: 06/Feb/13 Resolved: 04/Dec/12 |
|
| Status: | Closed |
| Project: | Magnolia Standard Templating Kit (closed) |
| Component/s: | demoproject |
| Affects Version/s: | None |
| Fix Version/s: | 2.0.7 |
| Type: | Bug | Priority: | Critical |
| Reporter: | Christian Ringele | Assignee: | Ondrej Chytil |
| Resolution: | Fixed | Votes: | 0 |
| Labels: | None | ||
| Remaining Estimate: | Not Specified | ||
| Time Spent: | Not Specified | ||
| Original Estimate: | Not Specified | ||
| Issue Links: |
|
||||||||||||||||||||
| Template: |
|
||||||||||||||||||||
| Acceptance criteria: |
Empty
|
||||||||||||||||||||
| Date of First Response: | |||||||||||||||||||||
| Description |
|
After setting the ACL of the PUR right ( Seems as the public securityCallback pattern is ignored. Besides: |
| Comments |
| Comment by Christian Ringele [ 25/May/12 ] |
|
Only with correct ACL this behavior will show up. |
| Comment by Milan Divilek [ 20/Jun/12 ] |
|
This issue is caused because info.magnolia.cms.security.SecurityCallbackFilter.selectClientCallback(HttpServletRequest) doesn't choose the best clientCallback, but the first one. And there is the same issue like in |
| Comment by Ondrej Chytil [ 29/Nov/12 ] |
|
Issue was actually fixed by security changes introduced in 4.5.6 version. Setting for demo-project was updated now in anonymous role ACL and securityCallback filter. |
| Comment by Daniel Lipp [ 30/Nov/12 ] |
|
To be verified: fix was not working on master - one could no longer log in. |
| Comment by Ondrej Chytil [ 30/Nov/12 ] |
|
Master branch update with config which respects changes done in |
| Comment by Jan Haderka [ 02/Dec/12 ] |
|
On master you are changing node to property for security callback. However there should be update task that changes all config nodes for securityCallbacks to properties in core already. So your update task here should be just renaming the property. Also what if that old node/property didn't exist at all? You should create it in such case. |
| Comment by Jan Haderka [ 04/Dec/12 ] |
|
Link this ticket with N2B ticket mentioned in commit comments. You can close it as resolved afterwards. |