|
tom quas opened 1 decade ago
|
|
Good idea, thanks. We might also make it a part of the domain specific configuration in the admin commands for domain management. |
|
|
in the same context, i came across another problem: while running multiple domains on a server, i need to restrict communication of each user in a domain to level OWN. that would be the default configuration requested above. however, users of one domain use additional domains, such as muc.domain and pubsub.domain, which they just can't with level Domains.OWN. is there a need to introduce another level Domains.SUBDOMAIN which allows that? |
|
|
The whole topic could be implemented, at least partially, as an extension to current VHost configuration. We keep adding more and more vhost level configuration options. Perhaps it would be good to think of some more generic way to extend vhost management logic. Anyway, a default configuration for communication for all users within one domain could be/should be made as a part of vhost setup, manageable via XMPP ad-hoc commands. As for the subdomains. This makes sense, but I am not entirely certain if this is safe enough. But should not hurt to have one more option. |
|
|
Wojciech, could you please work on this? I think we could have both - one global setting for a default domain filtering and then per vhost filtering so we could change this on the vhost level easily. This can be actually quite easily implemented in the same way I have recently added TLS required support per vhost level. Most of the work has been done within VHostItem.java file, which allows to modify tls requires property and also uses a default global setting on creation time. Then, the DomainFilter can make use of the vhost settings. |
|
|
Applied in changeset tigase-server|commit:fa1bd359bd5f4b7d68e558803202a5904645386a. |
|
|
great, thx. |
|
|
Applied in changeset heliostech:commit:fa1bd359bd5f4b7d68e558803202a5904645386a. |
|
Hi everyone, I installed the latest 5.2.0-beta3 of Tigase Server with two Vhosts and defined in my init.properties: --domain-filter-policy=OWN As expected, users are limited to their own domains when they try to communicate with other domains. But the MUC component became unreachable for all of my users on both of my domains. How to use this filter and allow users to reach their domain's Multi User Chat component (so they can search and join their domain's chatrooms) ? Best regards. |
|
|
Hm, I suppose we should have another option called OWN_SUBDOMAINS or something like that. Please file a feature request with description and we will work on this. |
|
Referenced from commit 1 year ago
|
| Type |
New Feature
|
| Priority |
Normal
|
| Assignee | |
| RedmineID |
715
|
| Version |
tigase-server-5.2.0
|
| Estimation |
16h
|
goal: enforce default policy on a per-virtual-host basis by defining the required rule in the server config file. in my case, this would be Domains.OWN for all users of a particular domain.
actual: class DomainFilter implements a fallback to Domains.ALL (rev 2909: DomainFilter:getDomains:409)
expected: have a config file option to set the default policy. the value should be applied if there's no related entry in the user repository, just as implemented today.
sample syntax: