[ http://jira.magnolia.info/browse/MAGNOLIA-1162?page=comments#action_13851
]
Sameer Charles commented on MAGNOLIA-1162:
------------------------------------------
Split current security filter in to:
- BaseSecurityFilter
- URISecurityFilter (responsible to control URI)
- ContentSecurityFilter (responsible to control access on JCR)
- LogoutFilter
- ForceLoginFilter (handling form or basic authentication check MAGNOLIA-1385)
This will give us full freedom on how to manage access control, you can create
your own SecurityFilter based on BaseSecurityFilter which will provide basic
methods like callbacks for login Or you can choose to create completely custom
security filters.
Above changes (together with MAGNOLIA-1434) will remove configurations like
server->SecureURIList/UnsecureURI since all Unsecure URI will be simply
bypassed by security filter(s) as configred in Filter configuration.
> ACL based on URLs
> -----------------
>
> Key: MAGNOLIA-1162
> URL: http://jira.magnolia.info/browse/MAGNOLIA-1162
> Project: Magnolia
> Issue Type: Improvement
> Components: security
> Affects Versions: 3.0.2
> Reporter: Grégory Joseph
> Assigned To: Sameer Charles
> Fix For: 3.1
>
>
> Next to the ACLs for website(repository), config, etc, we should have ACLs to
> secure parts of the website based on URLs patterns.
> (i.e give access to users to the /tmp/fckeditor path without having such a
> path in the website repository itself and without abusing the repo/website
> ACLs)
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators:
http://jira.magnolia.info/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira
----------------------------------------------------------------
for list details see
http://www.magnolia.info/en/developer.html
----------------------------------------------------------------
