Add SecureToken V2 support to MCRFileNodeServlet

Description

It would be great if we could implement SecureToken V2 for MCRFileNodeServlet. This would prevent deep linking of files that a readable to public access. This feature should opperate on specific file extensions only and should return "403 - FORBIDDEN" if either the wrong token is submitted or missing.
This should be a opt-in feature, that is disabled by default.

Environment

None

Activity

Thomas Scheffler
September 24, 2015 at 9:49 AM

fixed NPE and use URI to support "rtmp" scheme and some refactorings

Thomas Scheffler
September 18, 2015 at 12:21 PM

added MCRSecureTokenV2Filter, see JavaDoc for configuration options

Thomas Scheffler
September 16, 2015 at 1:57 PM

added MCRSecureTokenV2 class to generate hash codes and URLs

Resize issue view side panel

Fixed

Details

Assignee

Thomas Scheffler

Reporter

Thomas Scheffler

URL

Components

Fix versions

2015.11

Priority

Medium

Created September 16, 2015 at 9:21 AM

Updated November 6, 2015 at 3:10 PM

Resolved November 6, 2015 at 3:10 PM