Hello Magnolians!
Playing with multisite and URISecurityFilter I think we found something
not so much clear.
In the configuration you can find also on demo-public, there is a
restricted area. The trick to hide a site area to anonymous users is to
deny (on anonymous role) URL on
- /demo-project/members-area/protected*
At this point, if an anonymous user try to enter there, the uriSecurity
filter start to play, looking into his patterns.
And found the pattern "public", matches the
"/demo-project/members-area/protected*" string and redirect to what
specified in location nodeData, "/demo-project/members-area/login.html".
Everything clear, but what happen if I try to map the demo-project site
behind Apache or simply with file hosts on Windows?
The uri to that page is now only "/members-area/protected", so the chain
is broken and even anonymous user can access restricted area.
***
This is very important in a multisite environment. I think that at
uriSecurity filter we should already know which site we are using, isn't it?
If Basel friends are working to fix the not-domain mapping site
resolution, maybe this thought can be helpful. But I'm pretty sure that
they already have found how to solve this situation, maybe with a
reverse brainstorming ;-)
Anyway, good work to all Magnolia, multisite start to rock!!!
HTH,
Matteo
----------------------------------------------------------------
For list details see
http://www.magnolia-cms.com/home/community/mailing-lists.html
To unsubscribe, E-mail to: <[email protected]>
----------------------------------------------------------------