Skip to content. | Skip to navigation

Personal tools
Sections
You are here: Home Topics HTTP
Navigation
 

HTTP

Mar 25, 2010

Giving roles to visitors using HTTP headers

by keul — last modified Mar 25, 2010 11:45 AM
Filed Under:

In a recent project we need to provide different roles to users, basing this choice to host name used to reach the Plone site

What's up?

The Plone site I'm describing here is quite normal, but customer ask us to give some special additional permissions to users that reach the Plone site from an internal domain.

In facts the wanna be still anonymous (forcing no-one to authenticate) but be able to see some documents in a special "Published internally" state.

How tho give this permission to anonymous users?

AutoRole?

I never used AutoRole before, but its clear that the idea behind is what we need. AutoRole is an interesting PAS plugin provide additional roles automatically using the IP of the client that is not what we really wanna there.
It also works well with anonymous users making some magic inside the plugin!

AutoRoleFromHost?

You can find on the Plone SVN our first attempt to use the AutoRole idea for our needs. Changing some lines of codes here and there we changed roles provided relying on HTTP_HOST used.

Problem
The HTTP_HOST works only when the client reach directly the Zope server (not exacly, but we have no controls on the Apache of that company)... and we wanna put Varnish in front of it.
Limit
What if tomorrow I need to give somewhere an additional role to users that use a specific browser, or something else? I can't spend all of my live developing AutoRoleFromSomething products!

AutoRoleFromHostHeader!

The best choice we found is to look at HTTP Header in general, making what header and what value completely configurable.

We developed and released AutoRoleFromHostHeader. Similar to AutoRole, but  you can configure it like this:

HTTP Header;regexp;role,[role,]

To make it the most general as possible, the value of the header is used as a regular expression.

Using this you can reproduce some of the AutoRole features, but you can also make something like this:

HTTP_X_FORWARDED_HOST;special\.hostname\.it;SpecialAnonymous
HTTP_USER_AGENT;(MSIE|Internet\ Explorer);BrowserlessVisitor

 

Comments: 0

Sep 16, 2009

Single sign-on HTTP su Lotus Domino in ambiente Windows

by Fabio Pignatti — last modified Sep 16, 2009 12:00 AM
Filed Under:

Come realizzare SSO su HTTP in ambiente Windows per applicativi Lotus Domino

Durante lo scorso Lotusphere 2009 a Orlando avevo assistito ad una interessante sessione in cui venivano spiegati i piani e le modalità di integrazione tra ambienti Windows e Lotus Domino.

Di particolare interesse una dichiarazione rilasciata dalle persone IBM in merito al SSO HTTP: " Ragazzi, abbiamo intenzione di farla e lo standard che utilizzeremo è SPNEGO." Wow mi son detto! Con questo risolvo un bel po di situazioni ... peccato che non hanno annunciato quando sarà rilasciata.

Bene il "quando" è domani, o meglio la prossima release (8.5.1). Basti guardare la documentazione tecnica già presente sui wiki ufficiali IBM.

Windows single sign-on for web clients - Lotus Domino 8.5.1 Documentation

 

 

Comments: 0