How to restrict access to specific area of website?
Permalink
I have a Flash-based web app that uses an Oracle database to login users. The app's user guides are HTML webpages designed with concrete5. Only users having active subscriptions can access these webpages.
How can I setup concrete5 to restrict access to these webpages when the user's information (and all the business logic data) resides in an Oracle database? That is, users are not registered in the concrete5 website.
For example, I can create a Java Servlet that accepts as input a username and password and outputs a Boolean variable that is "true" when the user is permitted to access the restricted website area and "false" otherwise. This Servlet will access the Oracle database and perform the necessary checks. However, it would require that whenever someone visits a restricted section of the website, regardless of entry point into that section, that concrete5 shows them a login page and then sends the user's login name and password to the Java Servlet, wait for a response, then permit or deny access accordingly. If permission is granted, concrete5 thereafter allows the person access to all such pages in the restricted section (e.g. it doesn't repeatedly show the login page for each new link).
Is this or anything else possible within concrete5?
How can I setup concrete5 to restrict access to these webpages when the user's information (and all the business logic data) resides in an Oracle database? That is, users are not registered in the concrete5 website.
For example, I can create a Java Servlet that accepts as input a username and password and outputs a Boolean variable that is "true" when the user is permitted to access the restricted website area and "false" otherwise. This Servlet will access the Oracle database and perform the necessary checks. However, it would require that whenever someone visits a restricted section of the website, regardless of entry point into that section, that concrete5 shows them a login page and then sends the user's login name and password to the Java Servlet, wait for a response, then permit or deny access accordingly. If permission is granted, concrete5 thereafter allows the person access to all such pages in the restricted section (e.g. it doesn't repeatedly show the login page for each new link).
Is this or anything else possible within concrete5?
I'm not using any special packing in Oracle or elsewhere to handle logins. I simply open a window from the web app to obtain a name and password.
As far as concrete5 is concerned, it has to submit a request to a Java Servlet (which is simply a POST to a URL address), and wait for a response (e.g. it will return a Boolean value where "true" means proceed to webpage and "false" means do not proceed), then manage which parts of the website users can access based on this.
I see this basically as 100% concrete5 work, except for the Java Servlet that I can write.
I just don't know concrete5 well enough to figure it out. I thought there might be a simple way to connect to concrete5's Permissions code somehow. Sounds like from what you're saying this is not easy. I'll have to figure out a non-concrete5 solution then. Thanks for your input.
As far as concrete5 is concerned, it has to submit a request to a Java Servlet (which is simply a POST to a URL address), and wait for a response (e.g. it will return a Boolean value where "true" means proceed to webpage and "false" means do not proceed), then manage which parts of the website users can access based on this.
I see this basically as 100% concrete5 work, except for the Java Servlet that I can write.
I just don't know concrete5 well enough to figure it out. I thought there might be a simple way to connect to concrete5's Permissions code somehow. Sounds like from what you're saying this is not easy. I'll have to figure out a non-concrete5 solution then. Thanks for your input.
The only thing this reminds me of is doing single sign on with oracle authentication provider. I don't know if that's what you're using or if you really just have logins in a DB somewhere. I know ClearWire hacked a oracle authentication provider layer into concrete5 very early in the game, so it can be done, but it'll certainly be easier in 5.7 (in progress now) which will have a cleaned up authentication layer.
i think what you're describing in the post sounds a bit more DIY and probably is something that you or someone pretty familiar with how your system is built should be working on.