[opencms-dev] Password protected areas of the website.

Ben Rometsch ben at solidstategroup.com
Wed Aug 13 05:38:02 CEST 2003


Hi Matt, 

Thanks for the fast response. Would I be right in saying that I can create a
new User Group within OpenCMS with no permissions, create users of that
group, and then write my own JSP script to handle the log in functionality
on the actual website? I.e. create a session scoped CmsUser object on login
and check for its existence in the session within the password protected
area, redirecting if it does not exist?

Just out of interest, is there an OpenCMS forum or IRC channel?

Ben

-----Original Message-----
From: opencms-dev-admin at opencms.org [mailto:opencms-dev-admin at opencms.org]
On Behalf Of M Butcher
Sent: 13 August 2003 13:34
To: opencms-dev at opencms.org
Subject: Re: [opencms-dev] Password protected areas of the website.

Use WebUsers (not to be confused with the WebUser table which is for storing
additional info).

Take a look at the Javadocs for the com.opencms.file.CmsObject (readWebUser,
createWebUser, etc.) and com.opencms.file.CmsUser

In short, a webuser is stored in the same table as regular users, but 1)
does not have permissions to use the CMS and 2) does not have much of the
permissions that regular users have. We use webusers for exactly the purpose
you are talking about.

Now, there are also other ways of achieving the same results with standard
HTTP auth and some tweaks to your code. If webuser won't work, you may want
to look at building an external mechanism.

Hope that helps,

Matt




More information about the opencms-dev mailing list