You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@roller.apache.org by Greg Hamer <ro...@gmail.com> on 2008/02/01 07:21:12 UTC
Setting Roller Instance To Require Login To View Entries ?
Is there currently a setting whereby Roller will allow blog entries to be
viewed only by logged users?
Essentially making the entire Roller instance Protected?
Thanks,
g
On Nov 28, 2007 7:40 AM, Dave <sn...@gmail.com> wrote:
> On Nov 28, 2007 10:24 AM, Thinkboy <ma...@gmail.com> wrote:
> > On 2007-11-26 22:44:57 +0800, Dave <sn...@gmail.com> said:
> >
> > > On Nov 21, 2007 5:47 AM, Thinkboy <ma...@gmail.com> wrote:
> > >> I am thinking how to set a certain blog as private , then whoever
> > >> trying to view this entry will be authenticated.
> > >
> > > What if weblog posts had the following levels of privacy:
> > >
> > > - Private: only members of the blog can see the entry
> > > - Protected: only logged in Roller users can see the entry
> > > - Public: everybody (including anonymous visitors) can see the entry
> > >
> > > Would that be sufficient?
> >
> > yes, this is exactly what I am thinking too (private, protected,
> > public) . i believe, it is a great feature!
> >
> > very appreciated that roller community does consider this in the near
> > future release. COOL! . :-D
>
> Despite the fact that I just spent a month or more reworking Roller's
> user/permissions management system (http://tinyurl.com/28br55 is now
> in trunk), I don't have an immediate requirement for private/protected
> weblogs or weblog entries and I don't think any of the other
> contributors do either. I *do* think these are important features,
> but I just don't have a requirement for them right now.
>
> So, if you really want protected/private blog posts, you might have to
> push pretty hard for it, i.e. look at the source code, understand the
> permission system, propose & discuss some solution(s) and if that goes
> well develop a patch.
>
> - Dave
>
Re: Setting Roller Instance To Require Login To View Entries ?
Posted by Greg Hamer <ro...@gmail.com>.
I am reposting the following from several months back.
We continue to have a requirement(s) for secure/private blogging
implementation with Roller.
Our implementation of Dave's initial suggestion (see below) did not work.
Might anyone be able to assist with any other possible Roller configuration
options?
Thank you in advance for your assistance.
Best regards,
g
On Fri, Feb 1, 2008 at 4:09 PM, Greg Hamer <ro...@gmail.com> wrote:
> Hi Dave,
>
> Thanks.
>
> Unfortunately, a loop is resulting after I "add the "/**" pattern below to
> the filterInvocationInterceptor". The loop results on the redirect to
> /roller-ui/login.rol
>
> Acegi is new to me. Can you suggest how I can exempt:
> /roller-ui/login.rol
> while leaving in the "/**" pattern?
>
> Best regards,
>
> g
>
>
>
> On Feb 1, 2008 12:59 PM, Dave <sn...@gmail.com> wrote:
>
>> On Feb 1, 2008 1:21 AM, Greg Hamer <ro...@gmail.com> wrote:
>>
>> > Is there currently a setting whereby Roller will allow blog entries to
>> be
>> > viewed only by logged users?
>> >
>> > Essentially making the entire Roller instance Protected?
>>
>>
>> There is no Roller configuration parameter, but since Roller uses Spring
>> Acegi for authentication, I think you could do that by modifying the
>> Spring
>> Acegi configuration file WEB-INF/security.xml.
>>
>> For example, what if you were to add the "/**" pattern below to the
>> filterInvocationInterceptor?
>>
>> <bean id="filterInvocationInterceptor" class="
>> org.acegisecurity.intercept.web.FilterSecurityInterceptor">
>> <property name="authenticationManager"
>> ref="authenticationManager"/>
>> <property name="accessDecisionManager"
>> ref="accessDecisionManager"/>
>> <property name="objectDefinitionSource">
>> <value>
>> <value>
>> PATTERN_TYPE_APACHE_ANT
>> /**=admin,editor
>>
>> I think that might do the trick.
>>
>> - Dave
>>
>>
Re: Setting Roller Instance To Require Login To View Entries ?
Posted by Greg Hamer <ro...@gmail.com>.
Hi Dave,
Thanks.
Unfortunately, a loop is resulting after I "add the "/**" pattern below to
the filterInvocationInterceptor". The loop results on the redirect to
/roller-ui/login.rol
Acegi is new to me. Can you suggest how I can exempt:
/roller-ui/login.rol
while leaving in the "/**" pattern?
Best regards,
g
On Feb 1, 2008 12:59 PM, Dave <sn...@gmail.com> wrote:
> On Feb 1, 2008 1:21 AM, Greg Hamer <ro...@gmail.com> wrote:
>
> > Is there currently a setting whereby Roller will allow blog entries to
> be
> > viewed only by logged users?
> >
> > Essentially making the entire Roller instance Protected?
>
>
> There is no Roller configuration parameter, but since Roller uses Spring
> Acegi for authenticatio, I think you could do that by modifying the Spring
> Acegi configuration file WEB-INF/security.xml.
>
> For example, what if you were to add the "/**" pattern below to the
> filterInvocationInterceptor?
>
> <bean id="filterInvocationInterceptor" class="
> org.acegisecurity.intercept.web.FilterSecurityInterceptor">
> <property name="authenticationManager"
> ref="authenticationManager"/>
> <property name="accessDecisionManager"
> ref="accessDecisionManager"/>
> <property name="objectDefinitionSource">
> <value>
> <value>
> PATTERN_TYPE_APACHE_ANT
> /**=admin,editor
>
> I think that might do the trick.
>
> - Dave
>
>
Re: Setting Roller Instance To Require Login To View Entries ?
Posted by Dave <sn...@gmail.com>.
On Feb 1, 2008 1:21 AM, Greg Hamer <ro...@gmail.com> wrote:
> Is there currently a setting whereby Roller will allow blog entries to be
> viewed only by logged users?
>
> Essentially making the entire Roller instance Protected?
There is no Roller configuration parameter, but since Roller uses Spring
Acegi for authenticatio, I think you could do that by modifying the Spring
Acegi configuration file WEB-INF/security.xml.
For example, what if you were to add the "/**" pattern below to the
filterInvocationInterceptor?
<bean id="filterInvocationInterceptor" class="
org.acegisecurity.intercept.web.FilterSecurityInterceptor">
<property name="authenticationManager" ref="authenticationManager"/>
<property name="accessDecisionManager" ref="accessDecisionManager"/>
<property name="objectDefinitionSource">
<value>
<value>
PATTERN_TYPE_APACHE_ANT
/**=admin,editor
I think that might do the trick.
- Dave
On Nov 28, 2007 7:40 AM, Dave <sn...@gmail.com> wrote:
>
> > On Nov 28, 2007 10:24 AM, Thinkboy <ma...@gmail.com> wrote:
> > > On 2007-11-26 22:44:57 +0800, Dave <sn...@gmail.com> said:
> > >
> > > > On Nov 21, 2007 5:47 AM, Thinkboy <ma...@gmail.com>
> wrote:
> > > >> I am thinking how to set a certain blog as private , then whoever
> > > >> trying to view this entry will be authenticated.
> > > >
> > > > What if weblog posts had the following levels of privacy:
> > > >
> > > > - Private: only members of the blog can see the entry
> > > > - Protected: only logged in Roller users can see the entry
> > > > - Public: everybody (including anonymous visitors) can see the entry
> > > >
> > > > Would that be sufficient?
> > >
> > > yes, this is exactly what I am thinking too (private, protected,
> > > public) . i believe, it is a great feature!
> > >
> > > very appreciated that roller community does consider this in the near
> > > future release. COOL! . :-D
> >
> > Despite the fact that I just spent a month or more reworking Roller's
> > user/permissions management system (http://tinyurl.com/28br55 is now
> > in trunk), I don't have an immediate requirement for private/protected
> > weblogs or weblog entries and I don't think any of the other
> > contributors do either. I *do* think these are important features,
> > but I just don't have a requirement for them right now.
> >
> > So, if you really want protected/private blog posts, you might have to
> > push pretty hard for it, i.e. look at the source code, understand the
> > permission system, propose & discuss some solution(s) and if that goes
> > well develop a patch.
> >
> > - Dave
> >
>