AccessControlBasedOnHttpHeaderValues < Support

Question

I'm a complete Twiki newbie. Is it possible to restrict access to a topic based on a value of an HTTP header? I see it's easy enough to do so based on the Twiki assigned group of a user, but I'm interested in a value (set securely) by a Web server plug-in to identify what groups the user belongs to.

Thanks, Scott

Environment

TWiki version:	TWikiRelease04x01x02
TWiki plugins:	DefaultPlugin, EmptyPlugin, InterwikiPlugin
Server OS:
Web server:
Perl version:
Client OS:
Web Browser:
Categories:	Authorisation

-- ScottTomilson - 20 Jul 2007

Answer

If you answer a question - or someone answered one of your questions - please remember to edit the page and set the status to answered. The status selector is below the edit box.

This is not possible in a secure, easy-to-use way.

HTTP headers are available to authors of TWiki topics with the %HTTP{...}% variable. So authors could, in principle, expand the topic's content only if the variable contains a certain value using either %IF{...}% constructs or the SpreadSheetPlugin. Neither one looks really compelling to me.

More in the spirit of upcoming TWiki releases would be to write an own login manager and user mapper. These components are sort of pluggable, so you could roll out your own which converts information from arbitrary HTTP headers to authorisation information.

-- HaraldJoerg - 20 Jul 2007

It looks like this is answered.

-- PeterThoeny - 03 Sep 2007

WebForm
SupportStatus	AnsweredQuestions

Topic revision: r3 - 2007-09-03 - PeterThoeny

Account
- Log In
- Register User

Edit
Attach

Ideas, requests, problems regarding TWiki? Send feedback. Ask community in the support forum.
Copyright © 1999-2026 by the contributing authors. All material on this collaboration platform is the property of the contributing authors.