Hi Fabrice, Some answers inline:
> -----Ursprüngliche Nachricht----- > Von: [email protected] [mailto:user-list-owner@magnolia- > cms.com] Im Auftrag von Fabrice Lazzari (via Magnolia Forums) > Gesendet: Montag, 20. Jänner 2014 16:50 > An: Magnolia User List > Betreff: [magnolia-user] Image variation and URL > > Hi magnolians, > > We're running Magnolia EE 4.5.11. > > It seems the image variation thing always generate the images under the > path > ${contextPath}/.imaging/${generatorName}/${workspace}/${imagePath}. > Yes, this is the pattern of the default STK imaging generator. > We're running in a multisite environment, having 3 applications running > under: > - ${contextPath]/Application1 > - ${contextPath}/Application2 > - ${contextPath}/Application3 > Each application has its own protected area, defining the roles allowed to > come in (web.xml). We have our corporate login servlet defined in there as > well. > You should also set up magnolia ACLs if possible... don't rely only on the web security configuration. > I'm sure you already understood the problem: a user having the right to > enter the Application1 is not allowed to see the pictures under > ${contextPath}/.imaging ! He's only access to ${contextPath]/Application1 ! > > I can imagine 2 solutions: > > 1. Define ${contextPath}/.imaging as a public area => all our pictures are now > public. Bad :o( ! > Ok, but you clearly don't like this solution... so we should find a better solution!! > 2. Configure somehow magnolia in the way that the images are generated > under - ${contextPath]/Application1/.imaging, > ${contextPath]/Application2/.imaging and > ${contextPath]/Application3/.imaging. > These URLs are recognized from the imaging module, I get to my pictures if I > paste such a one in my browser ! But is it possible to configure how the links > to the pictures are built ? > Idea #1: Leave the generation and imaging system as it is, and try to solve it using the magnolia permissions. You can set ACLs for the imaging workspace (where the generated images get cached). You can set URL-Permissions for GET, POST for URLs beginning like: /.imaging/stk/website/Application1 - so you can deny the image access to anonymous, and grant it to your application roles. Then there will be one more point to test: the cache. Make sure cached images (created by an authorized user) are not returned to unauthorized users. I don't know offhand if they will or not, best to try it out. Idea #2: Write your own .imaging generator. The imaging generator can be configured to serve from a different path (eg /Application1/.secure-imaging/...) and you can configure it to read its parameters in a different way. In effect writing your own generator will let you take control of the generated URLs, and generate them the way you need for your security model... Regards from Vienna, Richard > Sure you can help, thanks a lot ! > Fabrice > > -- > Context is everything: http://forum.magnolia- > cms.com/forum/thread.html?threadId=871e4fc3-d8eb-4c50-9232- > 1c2610739504 > > > ---------------------------------------------------------------- > For list details, see http://www.magnolia-cms.com/community/mailing- > lists.html > Alternatively, use our forums: http://forum.magnolia-cms.com/ > To unsubscribe, E-mail to: <[email protected]> > ---------------------------------------------------------------- ---------------------------------------------------------------- For list details, see http://www.magnolia-cms.com/community/mailing-lists.html Alternatively, use our forums: http://forum.magnolia-cms.com/ To unsubscribe, E-mail to: <[email protected]> ----------------------------------------------------------------
