[opencms-dev] Password protected areas of the website.

Ben Rometsch ben at solidstategroup.com
Wed Aug 13 06:39:01 CEST 2003 

The template solution does not seem that bad an idea to me. Am I to assume
that there's no standard way within OpenCMS of defining a subsection of the
VFS tree with a certain user group priveledge? 

Would I be right in saying that the authentication templates that you use
simply perform a sanity check on the WebUser object in the session? I have
just started using opencms and am still finding my feet. Would it be
possible for you to post a fragment of the template code to demonstrate?

Ben

-----Original Message-----
From: opencms-dev-admin at opencms.org [mailto:opencms-dev-admin at opencms.org]
On Behalf Of M Butcher
Sent: 13 August 2003 14:16
To: opencms-dev at opencms.org
Subject: RE: [opencms-dev] Password protected areas of the website.

On Tue, 2003-08-12 at 21:17, Ben Rometsch wrote:
> Hi Matt,
> 
> Thanks for the fast response. Would I be right in saying that I can 
> create a new User Group within OpenCMS with no permissions, create 
> users of that group, and then write my own JSP script to handle the 
> log in functionality on the actual website? I.e. create a session 
> scoped CmsUser object on login and check for its existence in the 
> session within the password protected area, redirecting if it does not
exist?

I leave my webusers in the Guest group, though you could create another
group if you wanted. Then, I use JSPs as you suggested to verify that the
user is logged in (as someone other than Guest). Really, all of the scoping
is handled within OpenCMS, so all you need is a) a way to log in, and b) a
way to mark a group of pages as "Members Only". a) is easy enough, since
just about all of the functionality you need is provided in the CmsObject
and CmsUser classes. As for b), there are a lot of ways to do it -- some
probably better than others. My way is pretty ugly, design wise, but I have
a specific set of templates that require authentication, and all member
content uses those templates. A better (or at least prettier) method would
be to set up some sort of access control mechanism for VFS directories.

> 
> Just out of interest, is there an OpenCMS forum or IRC channel?
> 

There was a forum at http://synyx.de/board/, but it seems to be down right
now. AFAIK, there is no IRC... However, if someone started one...

> Ben
> 
> -----Original Message-----
> From: opencms-dev-admin at opencms.org 
> [mailto:opencms-dev-admin at opencms.org]
> On Behalf Of M Butcher
> Sent: 13 August 2003 13:34
> To: opencms-dev at opencms.org
> Subject: Re: [opencms-dev] Password protected areas of the website.
> 
> Use WebUsers (not to be confused with the WebUser table which is for 
> storing additional info).
> 
> Take a look at the Javadocs for the com.opencms.file.CmsObject 
> (readWebUser, createWebUser, etc.) and com.opencms.file.CmsUser
> 
> In short, a webuser is stored in the same table as regular users, but 
> 1) does not have permissions to use the CMS and 2) does not have much 
> of the permissions that regular users have. We use webusers for 
> exactly the purpose you are talking about.
> 
> Now, there are also other ways of achieving the same results with 
> standard HTTP auth and some tweaks to your code. If webuser won't 
> work, you may want to look at building an external mechanism.
> 
> Hope that helps,
> 
> Matt
> 
> _______________________________________________
> This mail is send to you from the opencms-dev mailing list To change 
> your list options, or to unsubscribe from the list, please visit 
> http://mail.opencms.org/mailman/listinfo/opencms-dev
--
M Butcher <mbutcher at grcomputing.net>
_______________________________________________
This mail is send to you from the opencms-dev mailing list To change your
list options, or to unsubscribe from the list, please visit
http://mail.opencms.org/mailman/listinfo/opencms-dev

More information about the opencms-dev mailing list