CODEWITHSUNDEEP
xpages
user1186272
user1186272

Reputation: 97

Xpage authentication

I have an application that will have anonymous access on all the xpages except a couple. I need to force the user to login for those xpages. Is using the beforepageload event to check and redirecting the user to logon page the right way or is there a better way?

Upvotes: 3

Views: 5024

Answers (5)

Daniel F
Daniel F

Reputation: 134

You could also take a look here:

http://www.ovalbusinesssolutions.co.uk/thoughts/securing-your-xpages-website-using-public-access-2

If you uncheck the box "Available to Public Access Users" (by default it is unchecked) for the XPages where you want to force a log-in, the user will be automatically routed to the login and after the successful login, back to the XPage he tried to open.

Upvotes: 0

AndrewG10i
AndrewG10i

Reputation: 681

I fully support the answer provided by: Matt White

The best solution would be to add an ACL to the XPages

In my XPages App I'm using the following code:

<?xml version="1.0" encoding="UTF-8"?>
<xp:view xmlns:xp="http://www.ibm.com/xsp/core">

  <xp:this.acl>
    <xp:acl>
       <xp:this.entries>
          <xp:aclEntry type="ANONYMOUS" right="READER"></xp:aclEntry>
          <xp:aclEntry type="DEFAULT" right="EDITOR"></xp:aclEntry>
       </xp:this.entries>
    </xp:acl>
 </xp:this.acl>

...XPage content here...

</xp:view>

It performs just perfect! Try it! )

Upvotes: 4

Matt White
Matt White

Reputation: 700

The best solution would be to add an ACL to the XPages which require the user to login, then you're not reliant on your own code but can let the server do the work for you.

To add an ACL, go to the All Properties of the XPage and look for the Access Control section. Then you can add one or more configurations to define who has what access - e.g. Anonymous has no access, or people in a group or role have access etc.

Matt

Upvotes: 10

BestCoder.NET
BestCoder.NET

Reputation: 43

You can use following samples for solution.

1- OpenNTF - Xpages Dojo Login Custom Control Project

2- LotusNotus.Com from Serdar Basegmez - Authenticating Notes users for Web apps automatically...

Upvotes: 1

Declan Lynch
Declan Lynch

Reputation: 3345

Yes this would be a valid way to do it and is how I handle the situation in a couple of my own apps.

This is the code that I use

if (context.getUser().getCommonName() == "Anonymous"){
   sessionScope.put("entryPage",context.getUrl().getPath() + context.getUrl().getQueryString())
   context.redirectToPage("/login.xsp");
}

I have this setup as a function that I just call from the beforePageLoad event. I'm redirecting to another XPage but you could also redirect to the database.nsf?login which will use the authentication type setup on the server.

Upvotes: 8

Related Questions