Uploaded image for project: '[Read Only] - Hippo Site Toolkit 2'
  1. [Read Only] - Hippo Site Toolkit 2
  2. HSTTWO-2954

Code cleanup wrt checking if site authentication skipped option in SecurityValve

    XMLWordPrintable

Details

    • Improvement
    • Status: Closed
    • Normal
    • Resolution: Fixed
    • None
    • 2.28.01
    • None
    • None

    Description

      With HSTTWO-2229, the following was added in SecurityValve#checkAccess()
      method:

      if (requestContext.isCmsRequest())

      { if (requestContext.getResolvedMount().getMount().getVirtualHost().getVirtualHosts().isChannelMngrSiteAuthenticationSkipped()) { log.debug("Overriding authentication requirement because cms request"); return; }

      }

      But, basically #checkAccess() method is responsible for authorization (by
      throwing security exception when disallowed), not authentication.
      That's how it has been implemented.

      HSTTWO-2229 seems about skipping authentication when
      the request is from cms and the property is set.

      So, the skipping code should be located outside #checkAccess() (Probably rather in the beginning of #invoke()).

      Attachments

        Issue Links

          is a result of

          Improvement - An improvement or enhancement to an existing feature or task. HSTTWO-2229 Viewing authenticated pages via the channel manager should optionally bypass the JAAS authentication

          • Normal - Normal priority, tasks to be done before next intermediate release
          • Closed

          Activity

            People

              jsheriff Junaidh Kadhar Sheriff
              wko Woonsan Ko (Inactive)
              Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: