[opencms-dev] Password protected areas of the website.

M Butcher mbutcher at grcomputing.net
Wed Aug 13 06:05:02 CEST 2003


On Tue, 2003-08-12 at 21:17, Ben Rometsch wrote:
> Hi Matt, 
> 
> Thanks for the fast response. Would I be right in saying that I can create a
> new User Group within OpenCMS with no permissions, create users of that
> group, and then write my own JSP script to handle the log in functionality
> on the actual website? I.e. create a session scoped CmsUser object on login
> and check for its existence in the session within the password protected
> area, redirecting if it does not exist?

I leave my webusers in the Guest group, though you could create another
group if you wanted. Then, I use JSPs as you suggested to verify that
the user is logged in (as someone other than Guest). Really, all of the
scoping is handled within OpenCMS, so all you need is a) a way to log
in, and b) a way to mark a group of pages as "Members Only". a) is easy
enough, since just about all of the functionality you need is provided
in the CmsObject and CmsUser classes. As for b), there are a lot of ways
to do it -- some probably better than others. My way is pretty ugly,
design wise, but I have a specific set of templates that require
authentication, and all member content uses those templates. A better
(or at least prettier) method would be to set up some sort of access
control mechanism for VFS directories.

> 
> Just out of interest, is there an OpenCMS forum or IRC channel?
> 

There was a forum at http://synyx.de/board/, but it seems to be down
right now. AFAIK, there is no IRC... However, if someone started one...

> Ben
> 
> -----Original Message-----
> From: opencms-dev-admin at opencms.org [mailto:opencms-dev-admin at opencms.org]
> On Behalf Of M Butcher
> Sent: 13 August 2003 13:34
> To: opencms-dev at opencms.org
> Subject: Re: [opencms-dev] Password protected areas of the website.
> 
> Use WebUsers (not to be confused with the WebUser table which is for storing
> additional info).
> 
> Take a look at the Javadocs for the com.opencms.file.CmsObject (readWebUser,
> createWebUser, etc.) and com.opencms.file.CmsUser
> 
> In short, a webuser is stored in the same table as regular users, but 1)
> does not have permissions to use the CMS and 2) does not have much of the
> permissions that regular users have. We use webusers for exactly the purpose
> you are talking about.
> 
> Now, there are also other ways of achieving the same results with standard
> HTTP auth and some tweaks to your code. If webuser won't work, you may want
> to look at building an external mechanism.
> 
> Hope that helps,
> 
> Matt
> 
> _______________________________________________
> This mail is send to you from the opencms-dev mailing list
> To change your list options, or to unsubscribe from the list, please visit
> http://mail.opencms.org/mailman/listinfo/opencms-dev
-- 
M Butcher <mbutcher at grcomputing.net>



More information about the opencms-dev mailing list