Save as Word Document | Find | English | Portugues(Brasil)

Safe modules in XMLNuke
How does validation for secure modules work?

How does the validation and access process work for modules that require user authentication?

Table of contents
1. How does validation for secure modules work?
2. Creating Users and Associating Roles
3. How to configure a module?
4. Creating your own Login module
5. How to create your own validation mechanism

On this page
What is a secure module?
Security elements in XMLNuke


What is a secure module?

A secure module is a module which requires some type of authentication before it can run. XMLNuke implements a mechanism which, if the context is not authenticated, automatically deviates the execution to a Login module until the process is validated.

It can be illustrated using the figure below:

Image

  1. The request is sent to the module
  2. The context is not authenticated, the execution is deviated to a Login module
  3. The context is already authenticated and the execution proceeds normally to the module
  4. The context is already authenticated, but the credentials are not authorized to execute the module and an error message is generated
  5. Once authenticated and validated, it can make requests

Security elements in XMLNuke

XMLNuke has the following security elements:

  • Administrator: Has UNRESTRICTED access to ALL the modules
  • Site: A user can be associated to one or more sites. Some configurations require that a user to be associated to a site in order to gain access.
  • Role: A generic definition, normally associated with a user. For example: editor or designer. Configuration of the module may oblige the user to belong to one of these roles to gain access.
Image

The possible configurations are:

  • OnlyAdministrator: Only the Administrator may access it.
  • OnlyAuthenticated: The user must authenticate through a password to gain access to the module.
  • OnlyRole: The user must have the role specified by the module
  • OnlySite: The user must be associated to the current site to gain access to the module
  • CurrentSiteAndRole: The user must have the role specified by the module and must be associated to the current site to access the module.

Next
Creating Users and Associating Roles