Hi All,
I'm confused about how Magnolia 3.0.1 controls access to non-
repository resources like /docroot/whatever or even a servlet like /
ActivationServlet. My setup is like;
- SecureURI: /*
- UnsecureURI: /docroot*
- Create new role with R/O on /$
- Create new user with that role
- Login, try to view something from /docroot/samples and you get a
403 access denied
I would expect that because I specified /docroot* in the unsecure URI
list my request would go through. This does not seem to be the case
and I was even more surprised when I added another ACL to the role:
- R/O on /docroot*
This lets the request through! I thought role ACLs only affected
website (Repository) content?
Happy 2007,
Tom Duffey
----------------------------------------------------------------
for list details see
http://www.magnolia.info/en/magnolia/developer.html
----------------------------------------------------------------
