On 29.04.2010 18:31, Matteo Pelucco wrote:

Playing with multisite and URISecurityFilter I think we found something
not so much clear.

In the configuration you can find also on demo-public, there is a
restricted area. The trick to hide a site area to anonymous users is to
deny (on anonymous role) URL on

- /demo-project/members-area/protected*

At this point, if an anonymous user try to enter there, the uriSecurity
filter start to play, looking into his patterns.
And found the pattern "public", matches the
"/demo-project/members-area/protected*" string and redirect to what
specified in location nodeData, "/demo-project/members-area/login.html".

Everything clear, but what happen if I try to map the demo-project site
behind Apache or simply with file hosts on Windows?

The uri to that page is now only "/members-area/protected", so the chain
is broken and even anonymous user can access restricted area.

***

Are there news on this topic?
May it have been fixed in 4.3.2 release?

Matteo


----------------------------------------------------------------
For list details see
http://www.magnolia-cms.com/home/community/mailing-lists.html
To unsubscribe, E-mail to: <[email protected]>
----------------------------------------------------------------

Reply via email to