Files should not be served if user is not logged in
Bug #787092 reported by
Matt Giuca
This bug affects 1 person
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
MUGLE |
Triaged
|
High
|
Unassigned |
Bug Description
This means that 'null' is passed if the app asks for user info, and bizarrely, creates a "null user" user-game-profile and stores things there.
Instead, it should force the user to log in.
Changed in mugle: | |
milestone: | none → 0.2 |
To post a comment you must log in.
Adding the following to the web.xml file should do the trick
<security- constraint> resource- collection> url-pattern> /*</url- pattern> resource- collection> constraint>
<role-name> *</role- name> constraint> constraint>
<web-
<
</web-
<auth-
</auth-
</security-
Basically accessing any url in the url-pattern ("/*" is the entire website) forces a user (of role any, which includes normal users too; only other option is admin as app specific users can't be used) to be logged in.