Introduction / User permission configuration / Protection of personalized project content / Secure Media concept
Secure Media concept
A concept which users are already familiar with are the so-called “Secure Media”. Here specific files of the Media Store are protected against unauthorised access:
- ithin FirstSpirit Preview generation via a servlet (Preview Servlet)
- within the Live system via a filter (Multi-Access Control Filter)
Both mechanisms, both the servlet and the filter, check the user's permissions before delivery.
Secure media within FirstSpirit preview
Within the FirstSpirit preview, secure access can be defined for a single media directory by going to the Permissions area under the project properties. Here, you define which folder in the media store is to be used as a secure media folder. All the content within the folder is then protected against unauthorized access within the FirstSpirit preview (but nowhere else!). The secure media can only be accessed within the preview once the user has been successfully authenticated against the “FirstSpirit DynamicPersonalization” module (cf. FirstSpirit DynamicPersonalization) and only if that user has the relevant access permissions.
Delivery of the media (within the folder) is prevented via a servlet (“Preview Servlet”) within the preview generation. The task of the preview servlet is to monitor access permissions when a preview is requested (see FirstSpirit-Client, Server and preview generation). The user rights are evaluated which are deposited for an object in the input components for user rights. The preview servlet checks against the PermissionService. The permissions deposited here correspond to the information deposited for an object in the Access Control database but are more up to date (“Current” status).
The preview servlet is available via the standard web application fs5preview. Configuration settings extending beyond definition of the secure media folder are not necessary.
Installation of the web application FirstSpirit Security WebApp is not necessary in the “Preview” web area.
Secure media within the live system
 |
The “FirstSpirit Security” module requires configuration changes (when in the “live” state), since secure access is no longer limited only to media and now includes all project content. The secure media principle refers only to the project preview. If media are to be protected in the live state as well, more steps are necessary. |
To protect secure media within the live system, the FirstSpirit security module must be installed and configuration of a separate filter adapted to the secure media directory is required (see Multi-Access-Control-Filters). In this case, the permissions are not monitored by the preview servlet, but are instead based on information from the Access Control Database (see Access Control Database).
For more information, see the FirstSpirit security module documentation.