1

i have created a webpage using xpages. I not sure how to use Access control rules to force user to go login page and check for "address book" account.

Below will be the sample page i created using xpages.

  1. Submit button to check address book whether this person is exist or not Submit

  2. Anonymous to request for an email address for their address book. This one will by pass the validation and go to the request page but only "Anonymous can access". Apply

  3. Login...Go to "Approved page", but before that, user need to go to server login screen to login his user account.Login1 server login

Desmond Sim
  • 211
  • 2
  • 19

1 Answers1

2

You lock down the database to enforce the authentication access:

  • Edit the ACL (File - Application - Access Control) and set access for Anonymous to "No Access" but check "Read Public Documents"
  • Now you would need to authenticate for every page (which is not what you want), so you edit xpage properties and check "Available for public access Users" property for all pages a user shall be able to access unauthenticated
  • You might need to flag a few additional design elements too (check the official details)
  • While you are on it: customise your login page in domcfg.nsf

More on ACL basics: https://www.wissel.net/blog/2010/09/access-control-in-domino-the-basics.html

If your struggle, give me a call (the NRIC in the screenshot suggest you are in Singapore like me)

stwissel
  • 20,110
  • 6
  • 54
  • 101
  • Thanks. I try the one you suggest, it working but it take time to configure all form that related.So i use another way "ACL"entry(role) to logon page to control it. which i found on internet sources. http://www.xpagetips.com/2012/08/remember-you-can-use-xpage-acl-entries.html – Desmond Sim Jun 07 '17 at 08:39
  • That works too. Just make sure your security matches business requirements. A third option is to split the app into 2 databases: the open front-end and the access controlled backend. That also ensures your data's safety. Keep in mind one can bypass XPages when they know/guess your view names and use ?ReadViewEntries to see data – stwissel Jun 08 '17 at 02:00