Expand my Community achievements bar.

SOLVED

CUG enabling for protecting pages breaks other components

Avatar

Level 5

Hi , We have implemented login functionality like geometrixx site in our existing website(with close to 700+ pages).

We want to show protected pages only to logged in user, every user who is registered gets assigned a group/ CUG lets say "listed users".

now in page hierarchy I have products page and under product page I have 8 products pages.somewhere On homepage I have a nav bar component which fetches all product children pages and shows a left nav bar with 8 entries.

If I enable CUG in a way that only "listed users" should have access to 2 out of 8 product pages, any access to direct links are redirected to login page. Which is fine.

But the  nav bar component which earlier used to show all 8 product pages now shows only 6 pages.

The main idea behind putting pages behind login is lead generation.So if non logged in users dont see the link itself where would they click to get redirected to login page and subsequently feel like registering with our site.

Requirement is that my existing nav bar should continue showing 8 links and on click of 2 protected page links, he should get login/ register option.

We are using most of things Out of the Box(CQ 5.6.1).

any pointers helping in how do we achieve this awould be great help ? PS: i have given a nav bar as one such component affected in existing site like this there could be many more components fetching their content from site hierarchy and stand chance to get broken in such case.

 

thanks in advance.

1 Accepted Solution

Avatar

Correct answer by
Employee Advisor

Hi,

yes, a solution could be to have a service in the background which operates on a privileged session doing the rendering of the nav bar items. Privileged should not mean "admin session", because that's too privileged then. Rather create a service-user, which is allowed to read the complete /content area of your repository. And instead of coding this into the component itself, rather extract it from the component and build an OSGI service for it.

When you say "it's not a single component" you should actually know quite well, which component is supposed to have this behaviour, so this must not be a challenge.

kind regards,
Jörg

View solution in original post

3 Replies

Avatar

Level 5

I guess what ever works as of now is similar to geometrixx navigation component which list the child pages based on the resource resolver permission and hence only 6 out 8 are displayed ( as  2 links are for listed users) and geometrixx menu is just a reference example

in case you need all  the 8 menu build a separate menu component which does not have any direct  resource resolver reference and completely authored with menu items and link possible multi filed or menu item fragments  (component)

and when the user clicks the additional 2 links which are for listed users either a 403 could happen and possible need to be extended for a custom login screen redirection 

Avatar

Level 5

Thank you Jorg and Sri,

So how about I enable CUG for those 2 pages and in allowed CUGs include "Listed users" and administrators both.

If in the nav bar component the code is getting loginAdministrative session to fetch child nodes of product page.

Since admin session has now access to read all 8 pages the component should list all 8 pages and list 8 pages in nav bar.Should such approach work?

And as mentioned its not just about 1 component, If I have to go and change each such affected component ,there would be lot of them, moreover to find the ones affected would itself be a big challenge.

Also it would be great help Jorg if you could put some more light on having service as easiest way you mentioned.

 

Best regards,

Avatar

Correct answer by
Employee Advisor

Hi,

yes, a solution could be to have a service in the background which operates on a privileged session doing the rendering of the nav bar items. Privileged should not mean "admin session", because that's too privileged then. Rather create a service-user, which is allowed to read the complete /content area of your repository. And instead of coding this into the component itself, rather extract it from the component and build an OSGI service for it.

When you say "it's not a single component" you should actually know quite well, which component is supposed to have this behaviour, so this must not be a challenge.

kind regards,
Jörg