On 29.04.2010 18:31, Matteo Pelucco wrote:
Playing with multisite and URISecurityFilter I think we found something not so much clear. In the configuration you can find also on demo-public, there is a restricted area. The trick to hide a site area to anonymous users is to deny (on anonymous role) URL on - /demo-project/members-area/protected* At this point, if an anonymous user try to enter there, the uriSecurity filter start to play, looking into his patterns. And found the pattern "public", matches the "/demo-project/members-area/protected*" string and redirect to what specified in location nodeData, "/demo-project/members-area/login.html". Everything clear, but what happen if I try to map the demo-project site behind Apache or simply with file hosts on Windows? The uri to that page is now only "/members-area/protected", so the chain is broken and even anonymous user can access restricted area. ***
Are there news on this topic? May it have been fixed in 4.3.2 release? Matteo ---------------------------------------------------------------- For list details see http://www.magnolia-cms.com/home/community/mailing-lists.html To unsubscribe, E-mail to: <[email protected]> ----------------------------------------------------------------
