...
| Advanced Tables - Table Plus |
|---|
| heading | 0 |
|---|
| enableHeadingAttributes | false |
|---|
| enableSorting | false |
|---|
| class | m5-configuration-tree |
|---|
| enableHighlighting | false |
|---|
|
Node name | Value |
|---|
| |
| | |
| | |
| | |
| | travel-demo.magnolia-cms.com | | |
| | |
| | |
| | /travel | | website | | |
| | |
| | |
| | |
| | |
| | |
| | sportstation.magnolia-cms.com | | |
| | |
| | |
| | |
| | ../travel |
|
Cross-site security filter
...
| Advanced Tables - Table Plus |
|---|
| heading | 0 |
|---|
| enableHeadingAttributes | false |
|---|
| enableSorting | false |
|---|
| class | m5-configuration-tree |
|---|
| enableHighlighting | false |
|---|
|
Node name | Value |
|---|
| |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | true | | .* | | .* | | info.magnolia.multisite.filters.CrossSiteSecurityFilter | | true |
|
...
The example resolvers below grant access to the travel site via www.via https://travel-demo.magnolia-cms.com/ and to the sportstation site via www.via https://sportstation.magnolia-cms.com/. This is adequate to prevent cross-site access. If a user requests the travel site via www.https://sportstation.magnolia-cms.com/
| Advanced Tables - Table Plus |
|---|
| heading | 0 |
|---|
| enableHeadingAttributes | false |
|---|
| enableSorting | false |
|---|
| class | m5-configuration-tree |
|---|
| enableHighlighting | false |
|---|
|
Node name | Value |
|---|
| |
| | |
| | |
| | |
| | |
| | |
| | false | | .* | | .* | | |
| | true | | travel-demo.magnolia-cms.com | | travel | | |
| | true | | sportstation.magnolia-cms.com | | sportstation |
|
You can test cross-site security by adding these configurations on the public site and requesting content at httpat https://sportstation.magnolia-cms.com:8080/magnoliaPublic/travel.html or http or https://travel-demo.magnolia-cms.com:8080/magnoliaPublic/sportstation. html. The requests should result in 404 errors.
...
- On the public instance, create a new role, for example
cross-site - Assign the following ACL to the role.
- Now when the anonymous requests content at httpat
https://travel-demo.magnolia-cms.com:8080/magnoliaPublic/sportstation.html the sportstation the standard login form is displayed.
...
- Multisite filter (
| Javadoc |
|---|
| 0 | info.magnolia.multisite.filters.MultiSiteFilter |
|---|
| className | info.magnolia.multisite.filters.MultiSiteFilter |
|---|
| renderType | asynchronous |
|---|
|
) initializes multidomain support and makes domain related properties available in the aggregation state. This filter finds a domain name that matches a name configured in a site definition. - Cross site security filter (
| Javadoc |
|---|
| 0 | info.magnolia.multisite.filters.CrossSiteSecurityFilter |
|---|
| className | info.magnolia.multisite.filters.CrossSiteSecurityFilter |
|---|
| renderType | asynchronous |
|---|
|
) handles cross-site security. It controls site access based on registered resolvers. This filter imports a | Javadoc |
|---|
| 0 | info.magnolia.multisite.CrossSiteAccessResolver |
|---|
| className | info.magnolia.multisite.CrossSiteAccessResolver |
|---|
| renderType | asynchronous |
|---|
|
that makes a number of properties available in the filter configuration. - Site URI security filter (
| Javadoc |
|---|
| 0 | info.magnolia.multisite.filters.SiteUriSecurityFilter |
|---|
| className | info.magnolia.multisite.filters.SiteUriSecurityFilter |
|---|
| renderType | asynchronous |
|---|
|
) provides site-aware URI security. This filter extends the Community Edition URI security filter that checks if the current user has permissions to the requested resource. The following permissions are taken into consideration: - URI ACLs of the user's roles.
- URI ACLs of the roles in the user's groups.