Question

I'm a complete Twiki newbie. Is it possible to restrict access to a topic based on a value of an HTTP header? I see it's easy enough to do so based on the Twiki assigned group of a user, but I'm interested in a value (set securely) by a Web server plug-in to identify what groups the user belongs to.

Thanks, Scott

Environment

-- ScottTomilson - 20 Jul 2007

Answer

If you answer a question - or have a question you asked answered by someone - please remember to edit the page and set the status to answered. The status is in a drop-down list below the edit box.

This is not possible in a secure, easy-to-use way.

HTTP headers are available to authors of TWiki topics with the %HTTP{...}% variable. So authors could, in principle, expand the topic's content only if the variable contains a certain value using either %IF{...}% constructs or the SpreadSheetPlugin. Neither one looks really compelling to me.

More in the spirit of upcoming TWiki releases would be to write an own login manager and user mapper. These components are sort of pluggable, so you could roll out your own which converts information from arbitrary HTTP headers to authorisation information.

-- HaraldJoerg - 20 Jul 2007

It looks like this is answered.

-- PeterThoeny - 03 Sep 2007