Site Map

Home

Application Guide
Reference
	Installation
	Configuration
	XML Markup
		authenticate
		block
		cachecontrol
		eval
		false
		header
		include
		insertblock
		insertdebug
		macrotag
		marksession
		nomacro
		noscript
		parser
		redirect
		repeatfor
		return
		script
		if
		test
		true
		xmp
		eval
		id
		marksession
		test
	JavaScript Classes
	ROM
	Templates
	Environment
	Dev Process
	Tools
	External Links
	Example libraries
Community
Contact Whitebeam
To-Do
Download
Credits
Licence
Whitebeam Users

Definition of Whitebeam XML Tags

rb:authenticate

Apply password protection for a page

Body

The rb:authenticate body can contain any other XML markup.

Attributes

Attribute	Required	Description
community	required	identify the set of people against which the username and password are to be validated. This may select a Community, a single individual or an OU (Organisational Unit).
domain	implied	This is a text string that is sent to the browswer with the authentication failed header. The text is displayed by the browser in the login form automatically displayed. If the domain is not specified the Presentation Engine will generate an error.
mandatory	implied	yes or no. Selects the action to take if the authentication headers are present but the embedded usename and password do not match any credentials held in the specified community. Seel below for details.

Remarks

The authenticate tag regulates HTTP authentication methods.

This tag allows an integration partner to 'protect' either an entire page or a subsection of a page such that it can only be seen by authorised people. The tag is used to surround an XML subtree - which typically comprises the entire document. When the Presentation Engine encounters this tag it looks for a 'Authorization' HTTP header. If the header is not found then the server returns a 'Autorization Failed' response (code 401) to the web browser, which will in turn cause the browser to prompt for username and password.

In order to send the authorization failed the Presentation Engine must specify a 'domain'. This is simply a text string that is displayed by the browser in the login form automatically displayed. If the domain is not specified the Presentation Engine will generate an error.

If the 'Authorization' header is present then the Presentation Engine extracts the browser provided username and password and validates these values against the specified 'community' (mandatory XML attribute for this tag). Validation makes use of user information held in the contacts template. Specifically the Presentation Engine makes a call to rb.contact.validate().

The 'community' parameter is used to identify the set of people against which the username and password are to be validated. This may select a Community, a single individual or an OU (Organisational Unit).

The behaviour of the tag depends on the value of the 'mandatory' attribute. This takes a value of 'yes' or 'no', the default if the attribute is absent is 'yes'.

mandatory='yes' (default)

If mandatory is 'yes' then the browser provided username and password must match against a member of the specified community. If it doesn't then the section of XML contained within the tag is not executed.

mandatory='no'

If 'mandatory' is no then the XML subtree is executed anyway - allowing the Pattern Page to programmatically deal with the error. An example would be a page that requires a username and password but that if it doesn't get one it presents the user with a self registration page.

In order for the integration partner to programmatically deal with this situation the Presentation Engine makes the values provided by the user available through the Redbourne Object Model via the system template methods under rb.security

Whitebeam release 1.3.36

View XML source of this page

(loadtime : 11ms)