[opencms-dev] Re: Access protected pages from embedded application

[Thomas März]

"Judith Schindler" <Judith.Schindler at communardo.de> writes:

> We have embedded OpenCms into a web application using a ServletFilter.
> The filter opens an URL-stream to OpenCms and get the (html-)content -
> every OpenCms page contains a placeholder, which will be substituted
> with the (html-)content of the application.
> This means that OpenCms will only be called by the filter. 
>
> Now I got a problem accessing protected pages of the website: A login
> into OpenCms by the client is not possible, because the access is done
> by the ServletFilter (or am I missing something here?)
>
> Is it possible to change the behaviour of OpenCms to check every time a
> page is accessed, if the client is authenticated or not - without log in
> by the user (client)?

I use a similar approach, but vice versa.

Instead of opening a new request to OpenCms I'd forward the
original HttpServletRequest to OpenCms and wrap the
response, since OpenCms does the access control out of the
box. With this approach you could also login users and
OpenCms will apply the correct ACLs.

The only problem I have is getting a CmsObject for the
current request in a Filter via the CmsFlexController.
I worked around with it with JSP (Filter, JSP with Login, Redirect).


Regards,
Thomas