Hi Greg, Yes, it is about the public instance. I need to get deeper in the system to decide whether I'll provide a patch. For the moment, I will report the issue.
Thanks so far, Robert -----Ursprüngliche Nachricht----- Von: [email protected] [mailto:[EMAIL PROTECTED] Gesendet: Donnerstag, 4. Januar 2007 14:27 An: [email protected] Betreff: Re: [magnolia-user] Role and security concept and access limitation to pages Hi Robert, On Jan 4, 2007, at 12:46 , Robert Gacki wrote: <snip> > When I visit the page as a anonymous user (not authenticated, user and > userID are null?!), I still can see all contents of "/secured". I assume you're talking about a "public" instance of Magnolia ? (as opposed to the author instance) > Even the > Read-permission is granted, so I started wondering about this > anonymous user > and your security concept at all. Can somebody please explain, how > security > can be applied without touching Config->/server/secureURIList ? Why > is there > no anonymous user when not being authenticated to the Magnolia system? If it is indeed a public instance, this could be a bug in the system, because there *should* be an anonymous user. In that case, please report on jira (http://jira.magnolia.info) with all necessary info to reproduce the problem systematically, making it easier (i.e faster) for us to fix it. We'll also gladly accept patches, obviously ;) thanks ! greg ---------------------------------------------------------------- for list details see http://www.magnolia.info/en/magnolia/developer.html ---------------------------------------------------------------- ---------------------------------------------------------------- for list details see http://www.magnolia.info/en/magnolia/developer.html ----------------------------------------------------------------
