[opencms-dev] Password protected areas of the website.

M Butcher mbutcher at grcomputing.net
Wed Aug 13 08:42:02 CEST 2003 

On Tue, 2003-08-12 at 23:27, Joachim Arrasz wrote:
> Good Morning Guys,

Actually... it's a late night, here. :(

> 1.) you`re right the Forum at http://synyx.de/board is down, but will
> today surely work again.

Good! I posted a question there a few days ago, and I wanted to see if
it had been answered. On the other hand, I spent a while looking at your
new site, and while my German isn't very good, I was pretty impressed
with it.

> 2.) I`ve implemented a kind of ACL (AccessControlList) for performing
> things like a html based Backoffice in a Webpage. It`s based on Webusers
> and build upon this table a ACL Object which is included with the
> mastertemplate into the page. So each time a bosy with secure Content is
> provided it work`s against this ACL-Object.
> Hope this helps

Interesting. How did you do the ACLs? Do you base the rules on the CMS
permissions or something else?

> P.S On http://www.synyx.de is a first shoot from the Calendar Frontend
> included, which may be helpful for backoffice functions. I just have to
> implement the functionality for linking the dates... :-)
> 

I was looking at it a bit tonight and wondering why you hadn't released
it as a module. ;-)

Matt

> > M Butcher>
> > On Tue, 2003-08-12 at 22:18, Ben Rometsch wrote:
> >> The template solution does not seem that bad an idea to me. Am I to
> >> assume that there's no standard way within OpenCMS of defining a
> >> subsection of the VFS tree with a certain user group priveledge?
> >
> > There may be -- it uses UNIX-like permissions -- but because of the
> > nature of the project I was working on, I never explored that method
> > thoroughly. The question would be whether or not you could make
> > WebUsers members of a group with read permissions to a resource (file
> > or dir), while marking it off limits to regular users.
> >
> >> Would I be right in saying that the authentication templates that you
> >> use simply perform a sanity check on the WebUser object in the
> >> session? I have just started using opencms and am still finding my
> >> feet. Would it be possible for you to post a fragment of the template
> >> code to demonstrate?
> >>
> >
> > Exactly. Roughly, it checks to make sure that the user object (which is
> > in the session, though that is transparent to the JSP) is valid (and
> > not Guest). A really simple version of this method would be:
> >
> > CmsJspActionElement cms = new CmsJspActionElement(pageContext, request,
> > response);
> >
> > if("Guest".equals(cms.user("name")) {
> >  //redirect or force login or something...
> > }
> >
> > // do rest of page...
> >
> >
> > I think I also add some checks to make sure the user is valid (maybe
> > CmsObject.readUser()... can't remember).
> >
> > Anyway, it's simple, straightforward, and not very pretty, but it
> > works.
> >
> > Matt
> >
> >> Ben
> >>
> >> -----Original Message-----
> >> From: opencms-dev-admin at opencms.org
> >> [mailto:opencms-dev-admin at opencms.org] On Behalf Of M Butcher
> >> Sent: 13 August 2003 14:16
> >> To: opencms-dev at opencms.org
> >> Subject: RE: [opencms-dev] Password protected areas of the website.
> >>
> >> On Tue, 2003-08-12 at 21:17, Ben Rometsch wrote:
> >> > Hi Matt,
> >> >
> >> > Thanks for the fast response. Would I be right in saying that I can
> >> > create a new User Group within OpenCMS with no permissions, create
> >> > users of that group, and then write my own JSP script to handle the
> >> > log in functionality on the actual website? I.e. create a session
> >> > scoped CmsUser object on login and check for its existence in the
> >> > session within the password protected area, redirecting if it does
> >> > not
> >> exist?
> >>
> >> I leave my webusers in the Guest group, though you could create
> >> another group if you wanted. Then, I use JSPs as you suggested to
> >> verify that the user is logged in (as someone other than Guest).
> >> Really, all of the scoping is handled within OpenCMS, so all you need
> >> is a) a way to log in, and b) a way to mark a group of pages as
> >> "Members Only". a) is easy enough, since just about all of the
> >> functionality you need is provided in the CmsObject and CmsUser
> >> classes. As for b), there are a lot of ways to do it -- some probably
> >> better than others. My way is pretty ugly, design wise, but I have a
> >> specific set of templates that require authentication, and all member
> >> content uses those templates. A better (or at least prettier) method
> >> would be to set up some sort of access control mechanism for VFS
> >> directories.
> >>
> >> >
> >> > Just out of interest, is there an OpenCMS forum or IRC channel?
> >> >
> >>
> >> There was a forum at http://synyx.de/board/, but it seems to be down
> >> right now. AFAIK, there is no IRC... However, if someone started
> >> one...
> >>
> >> > Ben
> >> >
> >> > -----Original Message-----
> >> > From: opencms-dev-admin at opencms.org
> >> > [mailto:opencms-dev-admin at opencms.org]
> >> > On Behalf Of M Butcher
> >> > Sent: 13 August 2003 13:34
> >> > To: opencms-dev at opencms.org
> >> > Subject: Re: [opencms-dev] Password protected areas of the website.
> >> >
> >> > Use WebUsers (not to be confused with the WebUser table which is for
> >> >  storing additional info).
> >> >
> >> > Take a look at the Javadocs for the com.opencms.file.CmsObject
> >> > (readWebUser, createWebUser, etc.) and com.opencms.file.CmsUser
> >> >
> >> > In short, a webuser is stored in the same table as regular users,
> >> > but  1) does not have permissions to use the CMS and 2) does not
> >> > have much  of the permissions that regular users have. We use
> >> > webusers for  exactly the purpose you are talking about.
> >> >
> >> > Now, there are also other ways of achieving the same results with
> >> > standard HTTP auth and some tweaks to your code. If webuser won't
> >> > work, you may want to look at building an external mechanism.
> >> >
> >> > Hope that helps,
> >> >
> >> > Matt
> >> >
> >> > _______________________________________________
> >> > This mail is send to you from the opencms-dev mailing list To change
> >> >  your list options, or to unsubscribe from the list, please visit
> >> > http://mail.opencms.org/mailman/listinfo/opencms-dev
> >> --
> >> M Butcher <mbutcher at grcomputing.net>
> >> _______________________________________________
> >> This mail is send to you from the opencms-dev mailing list To change
> >> your list options, or to unsubscribe from the list, please visit
> >> http://mail.opencms.org/mailman/listinfo/opencms-dev
> >>
> >> _______________________________________________
> >> This mail is send to you from the opencms-dev mailing list
> >> To change your list options, or to unsubscribe from the list, please
> >> visit http://mail.opencms.org/mailman/listinfo/opencms-dev
> > --
> > M Butcher <mbutcher at grcomputing.net>
> > _______________________________________________
> > This mail is send to you from the opencms-dev mailing list
> > To change your list options, or to unsubscribe from the list, please
> > visit http://mail.opencms.org/mailman/listinfo/opencms-dev
> 
> 
> 
> _______________________________________________
> This mail is send to you from the opencms-dev mailing list
> To change your list options, or to unsubscribe from the list, please visit
> http://mail.opencms.org/mailman/listinfo/opencms-dev
-- 
M Butcher <mbutcher at grcomputing.net>

More information about the opencms-dev mailing list