Check user permissions

After describing the user permission definition, different methods of checking user permissions are presented below.

The definition of permissions only makes sense if these permissions are also evaluated and considered during document provision.

This requires a runtime component which enables checking. To carry out a check, the user has to be identified and his/her groups determined. This function is provided by the FirstSpirit DynamicPersonalization module.

Another logical consequence is the need to generate an effect from the permission evaluation – i.e. a reaction. Sometimes the reaction occurs within the scope of personalization.

This involves parts of a page or even the complete page being protected by special tags (FirstSpirit Personalization tags ). This reaction type is only possible with JSP pages. This method cannot be used to protect pure HTML pages, PDF documents or images. For this reason the module FirstSpirit Security is available in addition to this concept (see Checking access rights). This module prevents document or file provision, depending on the permission configuration, on the HTTP server layer. A solution limited to media from the Media-Store and linked to the permission component is available as a “secure media” concept (see Secure Media concept). For more information about Protection of personalized content.

There is an analogy of the permission component in the runtime system (target/actual comparison of the permission configuration of the object with the user configuration) (see Checking access rights). Basically, it is important to use the same group hierarchy relations.

For these purposes a filter will be used, capable of managing the provision of non-active documents. This multi-access-control filter can be configured to the needs of the project.

These mechanisms are described in detail under Checking access rights.