Hello, I'm stuck to secure pages on a website using the Magnolia Community Edition (3.0.1). As far as I understood the security concept, access to nodes can be limited via the role configuration. My scenario is like:
Role: anonymous Website -> Read Only for "/" Website -> Deny Access for "/secured" Role: canAccessSecuredPages Website -> Read Only for "/secured" When I visit the page as a anonymous user (not authenticated, user and userID are null?!), I still can see all contents of "/secured". Even the Read-permission is granted, so I started wondering about this anonymous user and your security concept at all. Can somebody please explain, how security can be applied without touching Config->/server/secureURIList ? Why is there no anonymous user when not being authenticated to the Magnolia system? Thanks for your help, Robert Gacki ---------------------------------------------------------------- for list details see http://www.magnolia.info/en/magnolia/developer.html ----------------------------------------------------------------
