[opencms-dev] Protecting "targetted" content

[mfoley5 at csc.com.au]

Hi All,

We are using OpenCms/Flex to deliver targetted content based on a "Role"
property we have added to certain documents.  Users log on to the site and
their role is stored in the session, and is used by JSP to determine
whether they get links to certain documents or not.  However, we do not
know how to prevent some unauthorised person from simply entering the URL
to the target resource, bypassing the JSP menu or JSP table of contents
page.

I know we can specify a custom template for those pages, which will perform
the check before delivering content, but we don't know how to do this for
MS Word documents, or other binary files.  e.g.
http://mysite.com/opencms/opencms/private/role1/ContractDetails.doc, or the
"export" version.

Has anybody done something like this, and if so, would you mind letting me
know how?

Thanks,
Mark

Mark Foley
__________________________________________________
CSC
212 Northbourne Ave, Braddon, ACT 2612
Ph: +61-2-62468487    Email: mfoley5 at csc.com.au
----------------------------------------------------------------------------------------

This email, including any attachments, is intended only for use by the
addressee(s) and may contain confidential and/or personal information and
may also be the subject of legal privilege. Any personal information
contained in this email is not to be used or disclosed for any purpose
other than the purpose for which you have received it. If you are not the
intended recipient, you must not disclose or use the information contained
in it. In this case, please let me know by return email, delete the message
permanently from your system and destroy any copies.
----------------------------------------------------------------------------------------