Multiple Security Domains do not work together in Hippo 10 and 11

13 views
Skip to first unread message

Ramesh Balasekaran

unread,
Apr 25, 2017, 1:28:47 PM4/25/17
to Hippo Community
Before upgrading to Hippo 10, I had two security domains created to be used as a combination. 

1. One Security domain provided access to root folder and had facet rules to exclude a sub folder
2. Second Security domain provided access to the sub folder.

With this setup we were able to create role which gave access to the root folder but not to sub folder and a role which gave access to the subfolder. 
When both the roles where given to a user the root folder and subfolder access was provided. 
This was working till we upgraded to Hippo 10. now the combination does not work.

Example of the setup

Content:
+HippoGreen
   +Home
   +Subsite

Configuration:

+ hippo:configuration

    + hippo:domains

        + hippogreenViewier

            |   + access to HippoGreen

            |   + exclude access to HippoGreen/Subsite

        + hippogreenSubsiteViewier

            |   + access to HippoGreen/Subsite


two roles hippogreenViewier and hippogreenSubsiteViewier was created. If a user was given hippogreenViewier, the folder hippoGreen was visible but subsite folder was not visible. and if user was given both hippogreenViewier and hippogreenSubsiteViewier the user has access to both HippoGreen and Subsite folder. With upgrade to 10 this setup is not working. 

Ard Schrijvers

unread,
Apr 26, 2017, 3:59:59 AM4/26/17
to hippo-c...@googlegroups.com
Hey Ramesh,
I don't recall something we changed that might have caused this to
stop working since version 10. Also we didn't get this report before.
Would it be possible that you provide an archetype project that
reproduces the issue you face? Then I can take a look whether it is
indeed incorrect since version 10.

Wrt

> + hippogreenViewier
>
> | + access to HippoGreen
>
> | + exclude access to HippoGreen/Subsite
>
> + hippogreenSubsiteViewier
>
> | + access to HippoGreen/Subsite


Would it be possible that you provide an xml export of this part? Then
I can take a look at it. Wrt to the 'exclude access to
HippoGreen/Subsite', are you using the jcr:path for that? That is by
far preferable since version 10. If you come from version 9, you
probably don't use jcr:path for that (but hippo:paths which is no
longer recommended to use), see [1]. However, still your setup should
work in version 10 so I am curious what might be wrong

Regards Ard

[1] https://www.onehippo.org/library/concepts/security/domains.html

>
> --
> Hippo Community Group: The place for all discussions and announcements about
> Hippo CMS (and HST, repository etc. etc.)
>
> To post to this group, send email to hippo-c...@googlegroups.com
> RSS:
> https://groups.google.com/group/hippo-community/feed/rss_v2_0_msgs.xml?num=50
> ---
> You received this message because you are subscribed to the Google Groups
> "Hippo Community" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to hippo-communi...@googlegroups.com.
> Visit this group at https://groups.google.com/group/hippo-community.
> For more options, visit https://groups.google.com/d/optout.



--
Hippo Netherlands, Oosteinde 11, 1017 WT Amsterdam, Netherlands
Hippo USA, Inc. 71 Summer Street, 2nd Floor Boston, MA 02110, United
states of America.

US +1 877 414 4776 (toll free)
Europe +31(0)20 522 4466
www.onehippo.com
Reply all
Reply to author
Forward
0 new messages