MUGLE

Files should not be served if user is not logged in

Bug #787092 reported by Matt Giuca on 2011-05-23

This bug affects 1 person

Affects		Status	Importance	Assigned to	Milestone
	MUGLE	Triaged	High	Unassigned	MUGLE 0.2

Bug Description

This means that 'null' is passed if the app asks for user info, and bizarrely, creates a "null user" user-game-profile and stores things there.

Instead, it should force the user to log in.

Matt Giuca (mgiuca) on 2011-05-26

Changed in mugle:
milestone:	none → 0.2

Revision history for this message

Prageeth Silva (prageethsilva) wrote on 2011-11-15:

Adding the following to the web.xml file should do the trick

<security-constraint>
    <web-resource-collection>
      <url-pattern>/*</url-pattern>
    </web-resource-collection>
    <auth-constraint>
       <role-name>*</role-name>
    </auth-constraint>
</security-constraint>

Basically accessing any url in the url-pattern ("/*" is the entire website) forces a user (of role any, which includes normal users too; only other option is admin as app specific users can't be used) to be logged in.

Report a bug

This report contains Public information

Everyone can see this information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.