[opencms-dev] Can't find params in request object
Arian Abrahantes Quintana
Arian.Abrahantes.Quintana at cern.ch
Tue Jul 27 01:04:01 CEST 2004
Hi,
It's a bit late but I'm still working ;). You are right about html file it was also a file like that where I was working. I followed an idea posted in the mailing list so I have to make credits of someone else (sorry I can''t find the name in this very moment). I posted something like this a few days ago... Here you can find my pretty basic idea based only in opencms users database (read: from administrators to guest). I didn't inclue the jsp file cause you an everybody has access to it just check the link embebed in my text but you're a bit familiar with it:
I looked in Uwe Konig's post -thanks for your reply to my previous message, I think I didn't say thank you before- of july 2nd which acknowledge some problems with login and password secure areas in a web site managed by Opencms (I am using OpenCMS 5.0) then I followed some guidelines posted by Jeff Greer in the mail archive to build a jsp file which suppose to deal with login permissions to opencms-based-websites, in fact Jeff's code does it very well. I made some few changes on the script, none at all in Tomcat's (4.1.29) configuration file and I could achieve a password protected area, or documents, just including it in my jsp template and a simple logic that checks for the user ID and group before show the body content of the requested document... I have check it with Netscape (Mozilla 1.0.2) and IE6 none problem has arised -Konqueror plays some dirty tricks-. So far I could login and logout different users without any exception from the server...
My password-secure template looks like this... By default (read: user's first visit) the user ID is "Guest".
<%@ page session="true" import="com.opencms.flex.jsp.*,java.lang.*,java.util.*,com.opencms.flex.util.CmsMessages" %>
<%@ page import = "com.opencms.core.*,com.opencms.file.*" %>
<%
// a lot of lines...
%>
<%
cms.include("../elements/loginpage",null,properties);
//Look in the link for the example of the login in JSP format
//http://mail.opencms.org/pipermail/opencms-dev/2004q2/011608.html
%>
<%
// the body element
if(cms.user("name").equals("Guest"))
{
out.println("<h1>You're logged as Guest. You have no access to this document...Please login...</h1>");
}
else if (cms.template("body"))
{
cms.include(null, "body");
}
//you could check any properties you like (cms.user("properties") fully documented in the in the taglib documentation)
%>
<%
//The template goes on and on...
%>
So in this way I could eventually create a Group of users (in Opencms workplace) and checking it in the conditional. I must admit that this algorithm is not the optimum choice. If I used it in this way then I'll have to write a different condition (read: a new template) for every zone I want to protect from different webusers of the site. For sure a suitable logic condition it is not difficult to write but it is not elegant if you have several Project managers and several users groups in your website. But improving the logic condition the situation might be better I just haven't had time to think about it and have in mind that I am a beginner in Java and Opencms. For sure the mailing list may help us with some good and interesting ideas and, of course, point the security holes this conception might have...
What's missing? I think nothing Jeff's code do it by itself....(http://mail.opencms.org/pipermail/opencms-dev/2004q2/011608.html). Basically this will fulfill your demand, at least I hope so...
best regards,
arian
-------------- next part --------------
A non-text attachment was scrubbed...
Name: winmail.dat
Type: application/ms-tnef
Size: 7390 bytes
Desc: not available
URL: <https://webmail.opencms.org/pipermail/opencms-dev/attachments/20040727/acb17f02/attachment.bin>
More information about the opencms-dev
mailing list