[opencms-dev] Password protected areas of the website.

Joachim Arrasz info at arrasz.de
Wed Aug 13 07:45:01 CEST 2003 

Good Morning Guys,

1.) you`re right the Forum at http://synyx.de/board is down, but will
today surely work again.
2.) I`ve implemented a kind of ACL (AccessControlList) for performing
things like a html based Backoffice in a Webpage. It`s based on Webusers
and build upon this table a ACL Object which is included with the
mastertemplate into the page. So each time a bosy with secure Content is
provided it work`s against this ACL-Object.
Hope this helps

Kind Regards

Achim

P.S On http://www.synyx.de is a first shoot from the Calendar Frontend
included, which may be helpful for backoffice functions. I just have to
implement the functionality for linking the dates... :-)

Questions about OpenCMS?
--> www.synyx.de/board


> M Butcher>
> On Tue, 2003-08-12 at 22:18, Ben Rometsch wrote:
>> The template solution does not seem that bad an idea to me. Am I to
>> assume that there's no standard way within OpenCMS of defining a
>> subsection of the VFS tree with a certain user group priveledge?
>
> There may be -- it uses UNIX-like permissions -- but because of the
> nature of the project I was working on, I never explored that method
> thoroughly. The question would be whether or not you could make
> WebUsers members of a group with read permissions to a resource (file
> or dir), while marking it off limits to regular users.
>
>> Would I be right in saying that the authentication templates that you
>> use simply perform a sanity check on the WebUser object in the
>> session? I have just started using opencms and am still finding my
>> feet. Would it be possible for you to post a fragment of the template
>> code to demonstrate?
>>
>
> Exactly. Roughly, it checks to make sure that the user object (which is
> in the session, though that is transparent to the JSP) is valid (and
> not Guest). A really simple version of this method would be:
>
> CmsJspActionElement cms = new CmsJspActionElement(pageContext, request,
> response);
>
> if("Guest".equals(cms.user("name")) {
>  //redirect or force login or something...
> }
>
> // do rest of page...
>
>
> I think I also add some checks to make sure the user is valid (maybe
> CmsObject.readUser()... can't remember).
>
> Anyway, it's simple, straightforward, and not very pretty, but it
> works.
>
> Matt
>
>> Ben
>>
>> -----Original Message-----
>> From: opencms-dev-admin at opencms.org
>> [mailto:opencms-dev-admin at opencms.org] On Behalf Of M Butcher
>> Sent: 13 August 2003 14:16
>> To: opencms-dev at opencms.org
>> Subject: RE: [opencms-dev] Password protected areas of the website.
>>
>> On Tue, 2003-08-12 at 21:17, Ben Rometsch wrote:
>> > Hi Matt,
>> >
>> > Thanks for the fast response. Would I be right in saying that I can
>> > create a new User Group within OpenCMS with no permissions, create
>> > users of that group, and then write my own JSP script to handle the
>> > log in functionality on the actual website? I.e. create a session
>> > scoped CmsUser object on login and check for its existence in the
>> > session within the password protected area, redirecting if it does
>> > not
>> exist?
>>
>> I leave my webusers in the Guest group, though you could create
>> another group if you wanted. Then, I use JSPs as you suggested to
>> verify that the user is logged in (as someone other than Guest).
>> Really, all of the scoping is handled within OpenCMS, so all you need
>> is a) a way to log in, and b) a way to mark a group of pages as
>> "Members Only". a) is easy enough, since just about all of the
>> functionality you need is provided in the CmsObject and CmsUser
>> classes. As for b), there are a lot of ways to do it -- some probably
>> better than others. My way is pretty ugly, design wise, but I have a
>> specific set of templates that require authentication, and all member
>> content uses those templates. A better (or at least prettier) method
>> would be to set up some sort of access control mechanism for VFS
>> directories.
>>
>> >
>> > Just out of interest, is there an OpenCMS forum or IRC channel?
>> >
>>
>> There was a forum at http://synyx.de/board/, but it seems to be down
>> right now. AFAIK, there is no IRC... However, if someone started
>> one...
>>
>> > Ben
>> >
>> > -----Original Message-----
>> > From: opencms-dev-admin at opencms.org
>> > [mailto:opencms-dev-admin at opencms.org]
>> > On Behalf Of M Butcher
>> > Sent: 13 August 2003 13:34
>> > To: opencms-dev at opencms.org
>> > Subject: Re: [opencms-dev] Password protected areas of the website.
>> >
>> > Use WebUsers (not to be confused with the WebUser table which is for
>> >  storing additional info).
>> >
>> > Take a look at the Javadocs for the com.opencms.file.CmsObject
>> > (readWebUser, createWebUser, etc.) and com.opencms.file.CmsUser
>> >
>> > In short, a webuser is stored in the same table as regular users,
>> > but  1) does not have permissions to use the CMS and 2) does not
>> > have much  of the permissions that regular users have. We use
>> > webusers for  exactly the purpose you are talking about.
>> >
>> > Now, there are also other ways of achieving the same results with
>> > standard HTTP auth and some tweaks to your code. If webuser won't
>> > work, you may want to look at building an external mechanism.
>> >
>> > Hope that helps,
>> >
>> > Matt
>> >
>> > _______________________________________________
>> > This mail is send to you from the opencms-dev mailing list To change
>> >  your list options, or to unsubscribe from the list, please visit
>> > http://mail.opencms.org/mailman/listinfo/opencms-dev
>> --
>> M Butcher <mbutcher at grcomputing.net>
>> _______________________________________________
>> This mail is send to you from the opencms-dev mailing list To change
>> your list options, or to unsubscribe from the list, please visit
>> http://mail.opencms.org/mailman/listinfo/opencms-dev
>>
>> _______________________________________________
>> This mail is send to you from the opencms-dev mailing list
>> To change your list options, or to unsubscribe from the list, please
>> visit http://mail.opencms.org/mailman/listinfo/opencms-dev
> --
> M Butcher <mbutcher at grcomputing.net>
> _______________________________________________
> This mail is send to you from the opencms-dev mailing list
> To change your list options, or to unsubscribe from the list, please
> visit http://mail.opencms.org/mailman/listinfo/opencms-dev

More information about the opencms-dev mailing list