[opencms-dev] How to create a website accesible by username and password
Arian Abrahantes Quintana
Arian.Abrahantes.Quintana at cern.ch
Mon Jul 19 11:41:01 CEST 2004
hi guys,
I looked in Uwe Konig's post -thanks for your reply to my previous message, I think I didn't say thank you before- of july 2nd which acknowledge some problems with login and password secure areas in a web site managed by Opencms (I am using OpenCMS 5.0) then I followed some guidelines posted by Jeff Greer in the mail archive to build a jsp file which suppose to deal with login permissions to opencms-based-websites, in fact Jeff's code does it very well. I made some few changes on the script, none at all in Tomcat's (4.1.29) configuration file and I could achieve a password protected area, or documents, just including it in my jsp template and a simple logic that checks for the user ID and group before show the body content of the requested document... I have check it with Netscape (Mozilla 1.0.2) and IE6 none problem has arised -Konqueror plays some dirty tricks-. So far I could login and logout different users without any exception from the server...
My password-secure template looks like this... By default (read: user's first visit) the user ID is "Guest".
<%@ page session="true" import="com.opencms.flex.jsp.*,java.lang.*,java.util.*,com.opencms.flex.util.CmsMessages" %>
<%@ page import = "com.opencms.core.*,com.opencms.file.*" %>
<%
// a lot of lines...
%>
<%
cms.include("../elements/loginpage",null,properties);
//Look in the link for the example of the login in JSP format
//http://mail.opencms.org/pipermail/opencms-dev/2004q2/011608.html
%>
<%
// the body element
if(cms.user("name").equals("Guest"))
{
out.println("<h1>You're logged as Guest. You have no access to this document...Please login...</h1>");
}
else if (cms.template("body"))
{
cms.include(null, "body");
}
//you could check any properties you like (cms.user("properties") fully documented in the in the taglib documentation)
%>
<%
//The template goes on and on...
%>
So in this way I could eventually create a Group of users (in Opencms workplace) and checking it in the conditional. I must admit that this algorithm is not the optimum choice. If I used it in this way then I'll have to write a different condition (read: a new template) for every zone I want to protect from different webusers of the site. For sure a suitable logic condition it is not difficult to write but it is not elegant if you have several Project managers and several users groups in your website. But improving the logic condition the situation might be better I just haven't had time to think about it and have in mind that I am a beginner in Java and Opencms. For sure the mailing list may help us with some good and interesting ideas and, of course, point the security holes this conception might have...
Hoping that this will help... best regards,
arian
-----Original Message-----
From: opencms-dev-admin at opencms.org on behalf of Uwe König
Sent: Thu 7/15/2004 10:24 AM
To: opencms-dev at opencms.org
Cc:
Subject: Re: [opencms-dev] How to create a website accesible by username and password
Hi,
see my post from July 2nd this year. I received (private) mails
acknowledging the problem, which unfortunately still remains.
Best regards,
Uwe König
_______________________________________________
This mail is send to you from the opencms-dev mailing list
To change your list options, or to unsubscribe from the list, please visit
http://mail.opencms.org/mailman/listinfo/opencms-dev
-------------- next part --------------
A non-text attachment was scrubbed...
Name: winmail.dat
Type: application/ms-tnef
Size: 7962 bytes
Desc: not available
URL: <https://webmail.opencms.org/pipermail/opencms-dev/attachments/20040719/ad7bfdbd/attachment.bin>
More information about the opencms-dev
mailing list