Hi Robert, the concept of a "role" seems to be a concept introduced by magnolia. At least it is not something that sounds familiar with respect to Jackrabbit or the JCR spec.
So I would recommend that either the magnolia guys that are lurking on this list are helping you directly or to post this question to a magnola user-list. regards, david On 1/4/07, Robert Gacki <[EMAIL PROTECTED]> wrote:
Hello, I'm stuck to secure pages on a website using the Magnolia Community Edition (3.0.1). As far as I understood the security concept, access to nodes can be limited via the role configuration. My scenario is like: Role: anonymous Website -> Read Only for "/" Website -> Deny Access for "/secured" Role: canAccessSecuredPages Website -> Read Only for "/secured" When I visit the page as a anonymous user (not authenticated, user and userID are null?!), I still can see all contents of "/secured". Even the Read-permission is granted, so I started wondering about this anonymous user and your security concept at all. Can somebody please explain, how security can be applied without touching Config->/server/secureURIList ? Why is there no anonymous user when not being authenticated to the Magnolia system? Thanks, Robert Gacki
