Hi everybody,
this is the first time I see such a problem, but maybe you have
already met it.
Environment: a new project, using magnolia 4.4.4 and a few modules,
data, blossom, opemind's media, observation. My code is in a couple of
extra modules (which at some point I even try removing entirely).
Symptoms: everything starts correctly, no errors nor exception, no
special warning at the startup, webapp seems ok, anonymous user can see
the public home page. But superuser can't login, no matter what. There
is nothing in my code that alters superuser or its role, the password
seems correct, but when logging in the superuser is always sent back to
the login, without any error shown or exception logged. (If logging with
wrong password, there is the right error in the login screen)
I started digging why a seemingly regular project could have such a
problem... The superuser is logged in correctly, all roles and acls are
loaded and everything seems fine, but the uriSecurity filter just stop
the user. I tried (out of desperation) to disable it and superuser can
see the menu and operate correctly, so it seems just a security problem.
I double checked the superuser role acls, even forced the import from
the original file at startup, but nothing changed. While debugging I
noticed something: the URISecurityFilter class has two attributes,
URI_REPOSITORY and URI_WORKSPACE. The latter is "default" and it is
passed to the method MgnlContext.getAccessManager(), which is called
with both parameters.
But in the JCRAuthorizationModule, the setACL() registers the acls using
as workspace name this instruction:
workspaceName = ContentRepository.getDefaultWorkspace(name);
Which in my project stores the uri repository as "uri_uri" and not
"uri_default" as the URISecurityFilter is expecting it. I notice that
just a few acls are set as "x_default", most of them are set as "x_x".
All the other points in the code calls the
MgnlContext.getAccessManager() method with just one parameter
(repositoryId), and the workspace is always get internally with
ContentRepository.getDefaultWorkspace(repositoryId), but the URISecurity
seems to be the only exception in the whole Magnolia codebase.
Should I look into my code and see if something is altering the default
workspaceId behaviour? Or I hit some kind of one-in-a-gazillion bug? I'm
really puzzled by this...
I'll let you know if I found something, but if you have any idea, it's
more than welcome!
Regards, Danilo.
----------------------------------------------------------------
For list details see
http://www.magnolia-cms.com/community/mailing-lists.html
To unsubscribe, E-mail to: <[email protected]>
----------------------------------------------------------------
