Help coderanch get a
new server
by contributing to the fundraiser
  • Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other Pie Elite all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Ron McLeod
  • Paul Clapham
  • Devaka Cooray
  • Liutauras Vilda
Sheriffs:
  • Jeanne Boyarsky
  • paul wheaton
  • Henry Wong
Saloon Keepers:
  • Stephan van Hulst
  • Tim Holloway
  • Tim Moores
  • Carey Brown
  • Mikalai Zaikin
Bartenders:
  • Lou Hamers
  • Piet Souris
  • Frits Walraven

Restricting ALL access to jForum webapp

 
Ranch Hand
Posts: 17424
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
I would like to restrict ALL access to only registered user (except for the RSS feed listing new topics) - I am using the SSO functionality to authenticate users using an external DB- Is there a clean way to restrict access to only registered users or would i need to create a filter to do that?

If a filter is needed, how can I ensure that it is called after the SSO authenticator does its business? Anyone has an example of how I can do this.

Thanks
Jean
[originally posted on jforum.net by jvence]
 
Migrated From Jforum.net
Ranch Hand
Posts: 17424
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
I haven't tried it myself, but you might consider creating a "Restricted" user group. Move user "Anonymous" to that group, then turn off all access to the forums for the "Restricted" user group. (You would change the permissions by clicking on the "Permissions" link for the group, then using the SHIFT key to highlight every forum and category under the "Restrict {AREA}" select boxes.)

Let us know if that works for you.
[originally posted on jforum.net by jbanes]
 
Migrated From Jforum.net
Ranch Hand
Posts: 17424
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
What if I want to write a filter (to allow RSS request thru) - How can I check from the filter is the user is logged in correctly?
[originally posted on jforum.net by jvence]
 
Migrated From Jforum.net
Ranch Hand
Posts: 17424
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator

jvence wrote:What if I want to write a filter (to allow RSS request thru) - How can I check from the filter is the user is logged in correctly?


That would require you to modify the source code so that the RSS feed passes the information through.

---HOWEVER---

That would make all the content open to pretty much anyone who wanted to read it. If your goal is to allow public perusal, but not posting, then just lock the Anonymous account.

Edit: I just noticed that it was only the New Topic feed you wanted. Again, you have to go back to the code. There's no good way of doing this (that I'm aware of) using the standard security restrictions of JForum.
[originally posted on jforum.net by jbanes]
 
Migrated From Jforum.net
Ranch Hand
Posts: 17424
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Well if I want to use a filter, do you know how I can figure out from the filter wether a specific request is coming in from a user that is logged in?

jbanes wrote:

jvence wrote:What if I want to write a filter (to allow RSS request thru) - How can I check from the filter is the user is logged in correctly?


That would require you to modify the source code so that the RSS feed passes the information through.

---HOWEVER---

That would make all the content open to pretty much anyone who wanted to read it. If your goal is to allow public perusal, but not posting, then just lock the Anonymous account.

Edit: I just noticed that it was only the New Topic feed you wanted. Again, you have to go back to the code. There's no good way of doing this (that I'm aware of) using the standard security restrictions of JForum.


[originally posted on jforum.net by jvence]
 
Migrated From Jforum.net
Ranch Hand
Posts: 17424
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
I'm going to try this approach but I don't seem to have an 'Anonymous' user.


jbanes wrote:I haven't tried it myself, but you might consider creating a "Restricted" user group. Move user "Anonymous" to that group, then turn off all access to the forums for the "Restricted" user group. (You would change the permissions by clicking on the "Permissions" link for the group, then using the SHIFT key to highlight every forum and category under the "Restrict {AREA}" select boxes.)

Let us know if that works for you.


[originally posted on jforum.net by jvence]
 
Migrated From Jforum.net
Ranch Hand
Posts: 17424
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator

jvence wrote:I'm going to try this approach but I don't seem to have an 'Anonymous' user.


Are you sure about that? Because it's the first user that the forum creates upon install. The forum assigns it to anyone who isn't logged in. Here's a screenshot of the Users in the admin console after a fresh install:


[originally posted on jforum.net by jbanes]
reply
    Bookmark Topic Watch Topic
  • New Topic