Jahia Dev Forum > How to protect certain...

0 (0 Good)
0 (0 Bad)

How to protect certain pages?

by  shanelindsay »  2011/06/07 20:44

I have a "How to" question for template developers out there. We have a small site built in Jahia 6.1. Most of these pages are open to the public with no problem, but there are some pages (a second-level page, plus all its child pages) which we want to protect by first making the user "register" before they can see them. Registration in this case is simply to fill out a form so that we can store their contact info. We then put a cookie on their machine so that it remembers their registration.

I'm not sure of the best way to do this. If I was writing a standalone J2EE app, I could add authorization constraints using JAAS, or put a servlet filter in front of the URL to redirect to a registration page if it does not find the cookie. But in Jahia, this solution seems troublesome, because I would have to modify the WEB-INF/web.xml for these constraints. This doesn't seem like the right approach, because then I am introducing business logic into the Jahia platform itself. Since the Jahia platform could be hosting multiple virtual sites, this doesn't feel right.

The other solution (which I have currently implemented) is to add the logic directly into the JSP templates. By checking a content object to see if this particular page is "protected" or not, I can then check the cookie and redirect them to a registration page. This approach is also very problematic, for the following reasons:

A) JSPs are not the right place for this kind of logic
B) I have to do all sorts of tricks to disable caching for this page, since it needs to evaluate this cookie for every user, for every page request.

It works, but I really do not like this approach as it is not very clean. There must be a better way to do this. Anybody have any ideas?

Thanks!

  • How to protect certain pages?
    2011/07/08 14:15

    shanelindsay <p> I have a &quot;How to&quot; question for template developers out there. We have a small site built in Jahia 6.1. Most of these pages are open to the public with no problem, but there are some pages (a second-level page, plus all its child pages) which we want to protect by first making the user &quot;register&quot; before they can see them. Registration in this case is simply to fill out a form so that we can store their contact info. We then put a cookie on their machine so that it remembers their registration.<br /> <br /> I&#39;m not sure of the best way to do this. If I was writing a standalone J2EE app, I could add authorization constraints using JAAS, or put a servlet filter in front of the URL to redirect to a registration page if it does not find the cookie. But in Jahia, this solution seems troublesome, because I would have to modify the WEB-INF/web.xml for these constraints. This doesn&#39;t seem like the right approach, because then I am introducing business logic into the Jahia platform itself. Since the Jahia platform could be hosting multiple virtual sites, this doesn&#39;t feel right.<br /> <br /> The other solution (which I have currently implemented) is to add the logic directly into the JSP templates. By checking a content object to see if this particular page is &quot;protected&quot; or not, I can then check the cookie and redirect them to a registration page. This approach is also very problematic, for the following reasons:<br /> <br /> A) JSPs are not the right place for this kind of logic<br /> B) I have to do all sorts of tricks to disable caching for this page, since it needs to evaluate this cookie for every user, for every page request.<br /> <br /> It works, but I really do not like this approach as it is not very clean. There must be a better way to do this. Anybody have any ideas?<br /> <br /> Thanks!</p>

  • Number of messages  1
    Registration date Jun 7, 2011
    Contact
    Share
    Feedback

    Get in touch

    Whether you are a current user or if you are just evaluating Jahia, we are here to help.

    Contact us

    Share this page