Developing a Whitebeam Application

Site Map
 
Home
 
Application Guide
  Quick Start
    Introduction
    Application
    Administration
    Source
    Structure
    Forms Data
    Sessions
    Access Ctrl
    Templates
    Files
    Debug
    File Loc
    Hints+Tips
  PHP and ASP
  Writing Apps
  Applications
  Tutorials
  Samples
Reference
Community
Contact Whitebeam
To-Do
Download
Credits
Licence
Whitebeam Users
 
 
 

Developing a Whitebeam Application

Access Control

The Whitebeam system makes it very easy to restrict access to certain pages (or subsections of pages) of an application by using <rb:authenticate> tags in conjunction with the Contacts template. In the simplest use of the feature when a user attempts to access the protected page the browser will prompt him to enter a username and password. If the username and password is valid for the group specified in the authenticate tag, access will be allowed. For example a page could be protected as follows

<rb:authenticate domain="Redbourne example"
                 community="user" mandatory="no" >
  <html>
    ...the rest of the page
  </html>
</rb:authenticate>

The domain is simply a text string that is displayed by the browser in the login form automatically displayed. If the browser supplies an 'authorization' header then the browser provided username and password is validated against the specified 'community'. The community parameter specifies a unique name (held in the contacts template as a uName) which may be a Community, an Individual or an OU (Organisational Unit) held in the database. If mandatory is 'yes' then the browser provided username and password must match against a member of the specified community. If it does not match then the section of the page contained within the tag is not executed. If mandatory is 'no' then the page is executed anyway allowing the pattern page to programmatically deal with the error.

An example of the use of mandatory set to no would be a page that requires a username and password but that presents the user with a self registration page if the user does not have a logon. Authorisation status can be checked by comparing rb.security.auth.status()="AuthOK" and appropriate action taken.

Note: A Whitebeam library is available to provide alternative access control methods, seen on many Internet sites. Details of this can be found in the Tutorials section

Whitebeam release 1.3.36
(loadtime : 11ms)