Access Control

The Whitebeam system makes it very easy to restrict access to certain pages (or subsections of pages) of an application by using <rb:authenticate> tags in conjunction with the Contacts template. In the simplest use of the feature when a user attempts to access the protected page the browser will prompt him to enter a username and password. If the username and password is valid for the group specified in the authenticate tag, access will be allowed. For example a page could be protected as follows

<rb:authenticate domain="Redbourne example"
                 community="user" mandatory="no" >
  <html>
    ...the rest of the page
  </html>
</rb:authenticate>

The domain is simply a text string that is displayed by the browser in the login form automatically displayed. If the browser supplies an 'authorization' header then the browser provided username and password is validated against the specified 'community'. The community parameter specifies a unique name (held in the contacts template as a uName) which may be a Community, an Individual or an OU (Organisational Unit) held in the database. If mandatory is 'yes' then the browser provided username and password must match against a member of the specified community. If it does not match then the section of the page contained within the tag is not executed. If mandatory is 'no' then the page is executed anyway allowing the pattern page to programmatically deal with the error.

An example of the use of mandatory set to no would be a page that requires a username and password but that presents the user with a self registration page if the user does not have a logon. Authorisation status can be checked by comparing rb.security.auth.status()="AuthOK" and appropriate action taken.

Note: A Whitebeam library is available to provide alternative access control methods, seen on many Internet sites. Details of this can be found in the Tutorials section