I am trying to find out the "proper" way to do anonymous users. I've been 
looking through the docs, and mail list archives and I'm seeing conflicting 
- or vague info.

Imagine say I have a public web enabled database where most people can 
search and view for free without registration as a user. Admin Users do 
need to be a registered and logged in user to perform administration functions.

I initially made all my screens and actions subclasses of SecureScreen and 
SecureAction by following the newapp example but of course some pages don't 
have to be secure. I have two choices as far as I can see.

Option 1)
I can change the relevant java classes to be subclasses of VelocityScreen 
and Velocity Action.

Option 2)
I can ammend the isAuthorized method of SecureScreen and SecureAction so 
that the user is automatically logged in as "Visitor" a special user I 
create for the normal user.

Are either of these correct?

With option 1 : does the user have a session ?
With option 2 : do the users have separate sessions or do they share one?

I am currently trying option 2 but I seem to have problems with sessions 
not working properly....



PS I am using TUrbine 2.1 and Tomcat 4.0.something in case that makes a big 
difference....

Here is an example of the modified "isAuthorized" I am trying.

    protected boolean isAuthorized( RunData data )  throws Exception
     {
         boolean isAuthorized = false;
         AccessControlList acl = data.getACL();
         if (acl==null || ! acl.hasRole("turbine_root"))
         {
             try{
                 Log.info("Attempting to setup a default login");
                 // Alex's suggestion -->
                 TurbineUser anonUser = (TurbineUser) TurbineSecurity.
                     getAuthenticatedUser("visitor","visitor");
                 if(anonUser != null) {
                     Log.info("Attempting to login as user visitor");
                     anonUser.setHasLoggedIn(new Boolean(true));
                     data.setUser(anonUser);
                 }else {
                     Log.info("but unfortunately we redirect to the login 
screen")
                   data.setScreenTemplate(
                     TurbineResources.getString("template.login"));
                    isAuthorized = false;
                 }
             } catch (Exception e) {
               Log.error("When trying to set user as anonymous : " + 
e.toString());
             }
         }
         else if(acl.hasRole("turbine_root"))
         {
             isAuthorized = true;
         }
         return isAuthorized;
     }

Alex



Openweb Analysts Ltd, London: Software For Complex Websites 
http://www.OWAL.co.uk/
Free Consultancy for London Companies thinking of Open Source Software.


--
To unsubscribe, e-mail:   <mailto:[EMAIL PROTECTED]>
For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>

Reply via email to