I'm really sorry. I just selected the wrong address. Next time, it will be related to Jackrabbit, I promise ;)
Regards, Robert -----Ursprüngliche Nachricht----- Von: David Nuescheler [mailto:[EMAIL PROTECTED] Gesendet: Donnerstag, 4. Januar 2007 12:42 An: [email protected] Betreff: Re: Role and security concept and access limitation to pages Hi Robert, the concept of a "role" seems to be a concept introduced by magnolia. At least it is not something that sounds familiar with respect to Jackrabbit or the JCR spec. So I would recommend that either the magnolia guys that are lurking on this list are helping you directly or to post this question to a magnola user-list. regards, david On 1/4/07, Robert Gacki <[EMAIL PROTECTED]> wrote: > Hello, > > I'm stuck to secure pages on a website using the Magnolia Community Edition > (3.0.1). As far as I understood the security concept, access to nodes can be > limited via the role configuration. My scenario is like: > > Role: anonymous > Website -> Read Only for "/" > Website -> Deny Access for "/secured" > > Role: canAccessSecuredPages > Website -> Read Only for "/secured" > > When I visit the page as a anonymous user (not authenticated, user and > userID are null?!), I still can see all contents of "/secured". Even the > Read-permission is granted, so I started wondering about this anonymous user > and your security concept at all. Can somebody please explain, how security > can be applied without touching Config->/server/secureURIList ? Why is there > no anonymous user when not being authenticated to the Magnolia system? > > Thanks, > Robert Gacki > >
