[magnolia-dev] [JIRA] Created: (MAGNOLIA-3863) An additional security filter which handles callbacks on behalf of the existing UriSecurityFilter and ContentSecurityFilter

Wed, 19 Oct 2011 10:57:14 -0700 

An additional security filter which handles callbacks on behalf of the existing 
UriSecurityFilter and ContentSecurityFilter
---------------------------------------------------------------------------------------------------------------------------

                 Key: MAGNOLIA-3863
                 URL: http://jira.magnolia-cms.com/browse/MAGNOLIA-3863
             Project: Magnolia
          Issue Type: New Feature
      Security Level: Public
          Components: core, security
            Reporter: Grégory Joseph
            Assignee: Grégory Joseph
             Fix For: 4.5


Rationale: we currently have 2 security filters, which among other things have 
duplicated configuration (the "callback", which presents the client with a 
login form). On top of this, with MAGNOLIA-3858, we realized there are cases 
where we also need to handle an {{AccessDeniedException}} which can be thrown 
between those two filters (i.e from a servlet; example: the RSS servlet, which 
wraps an {{AccessDeniedException}} when the content it needs to access to 
generate a feed is not authorized for the current user).

Implementation:
* the 2 existing filters will not execute the callbacks anymore. They will 
merely set a {{401}} or {{403}} http code in the response.
* the new filter, place in front of those two, will check the response's 
status, as well as catch {{AccessDeniedException}}s that might have been thrown 
down the filter chain, and execute an appropriate callback.

This way, any component down the filter chain can set a {{401}} or {{403}} 
response code, or throw an {{AccessDeniedException}}, and we'll send an 
appropriate response to the user.

TBD: how does this behave if rendering has begun ? It is expected that an 
{{AccessDeniedException}} or other exception happening at that level would not 
be let up the chain.

-- 
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: 
http://jira.magnolia-cms.com/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira




----------------------------------------------------------------
For list details see
http://www.magnolia-cms.com/community/mailing-lists.html
To unsubscribe, E-mail to: <[email protected]>
----------------------------------------------------------------

Reply via email to