[FORGE-321] Spring Security: support for brXM v13.2+ - Issues

XML

Word

Printable

Details

Type: Improvement
Status: Closed
Priority: Normal
Resolution: Fixed
Affects Version/s: None
Fix Version/s: hst-spring-security-support-2.1.0
Component/s: HST Spring Security Support
Labels:
- client-service-team

Description

While verifying the hst-springsec for upcoming v14, I found a few issues in its essentials plugin which already make it break on v13/v13.2:

the essentials plugin classes ExcludeArtifactsInstruction and FilterMappingsInstruction incorrectly are (still) using the essentials Module.SITE while instead they should be using (as of v13) Module.SITE_WEBAPP
as of ~~HSTTWO-4613~~ (v13.2.2+) the CMS ChannelManager now invokes an additional rest endpoint at _cmssessioncontext, which therefore needs to be added to the default pass-through patterns in applicationContext-security.xml:
```
<http pattern="/_cmssessioncontext/**" security="none"/>
```

Besides this, it seems the essentials plugin is still WIP?
At least it's version is still on 1.0.0-SNAPSHOT in the master branch, and using outdated dependency versions ...

(for the record: after fixing the above myself locally, so far it looks like it then also 'just works' with v14 )

Attachments

Activity

People

Assignee:: Jeroen Hoffman

Reporter:: Ate Douma

Votes:: 0 Vote for this issue

Watchers:: 4 Start watching this issue

Dates

Created:: 17/Oct/19 5:47 PM

Updated:: 17/Dec/19 12:58 PM

Resolved:: 17/Dec/19 12:58 PM