Projects tigase _server server-core Issues #131
enable setting domain filter default policy in config file (#131)
Closed
tom quas opened 1 decade ago

goal: enforce default policy on a per-virtual-host basis by defining the required rule in the server config file. in my case, this would be Domains.OWN for all users of a particular domain.

actual: class DomainFilter implements a fallback to Domains.ALL (rev 2909: DomainFilter:getDomains:409)

expected: have a config file option to set the default policy. the value should be applied if there's no related entry in the user repository, just as implemented today.

sample syntax:

  allowed-domains[virthost1]=OWN
  allowed-domains[virthost2]=ALL
Artur Hefczyc commented 1 decade ago

Good idea, thanks. We might also make it a part of the domain specific configuration in the admin commands for domain management.

tom quas commented 1 decade ago

in the same context, i came across another problem: while running multiple domains on a server, i need to restrict communication of each user in a domain to level OWN. that would be the default configuration requested above. however, users of one domain use additional domains, such as muc.domain and pubsub.domain, which they just can't with level Domains.OWN. is there a need to introduce another level Domains.SUBDOMAIN which allows that?

Artur Hefczyc commented 1 decade ago

The whole topic could be implemented, at least partially, as an extension to current VHost configuration. We keep adding more and more vhost level configuration options. Perhaps it would be good to think of some more generic way to extend vhost management logic.

Anyway, a default configuration for communication for all users within one domain could be/should be made as a part of vhost setup, manageable via XMPP ad-hoc commands.

As for the subdomains. This makes sense, but I am not entirely certain if this is safe enough. But should not hurt to have one more option.

Artur Hefczyc commented 1 decade ago

Wojciech, could you please work on this? I think we could have both - one global setting for a default domain filtering and then per vhost filtering so we could change this on the vhost level easily.

This can be actually quite easily implemented in the same way I have recently added TLS required support per vhost level. Most of the work has been done within VHostItem.java file, which allows to modify tls requires property and also uses a default global setting on creation time.

Then, the DomainFilter can make use of the vhost settings.

Artur Hefczyc commented 1 decade ago

Applied in changeset tigase-server|commit:fa1bd359bd5f4b7d68e558803202a5904645386a.

tom quas commented 1 decade ago

great, thx.

Artur Hefczyc commented 1 decade ago

Applied in changeset heliostech:commit:fa1bd359bd5f4b7d68e558803202a5904645386a.

RĂ©da Housni Alaoui commented 1 decade ago

Hi everyone,

I installed the latest 5.2.0-beta3 of Tigase Server with two Vhosts and defined in my init.properties:

--domain-filter-policy=OWN

As expected, users are limited to their own domains when they try to communicate with other domains.

But the MUC component became unreachable for all of my users on both of my domains.

How to use this filter and allow users to reach their domain's Multi User Chat component (so they can search and join their domain's chatrooms) ?

Best regards.

Artur Hefczyc commented 1 decade ago

Hm, I suppose we should have another option called OWN_SUBDOMAINS or something like that. Please file a feature request with description and we will work on this.

Referenced from commit 1 year ago
Fixed a bug #131, not tested yet.
git-svn-id: file:///home/svn/repos/tigase-server/trunk@2653 7d282ba1-3ae6-0310-8f9b-c9008a0864d2
kobit committed 1 decade ago
issue 1 of 1
Type
New Feature
Priority
Normal
Assignee
RedmineID
715
Version
tigase-server-5.2.0
Estimation
16h
Issue Votes (0)
Watchers (0)
Reference
tigase/_server/server-core#131
Please wait...
Page is in error, reload to recover