
IP-Based Roles
Project Title #
IP-Based Roles
Background #
In Liferay, a Role is a collection of permissions that can be "given" or assigned to one or more users. Once a user is "given" a role, she can do whatever the contained permissions allow her to do, such as edit a page, or delete a message board post.
There are three kinds of roles:
- Portal Roles
- Organization Roles
- Community Roles
These are called role scopes. Roles are used to define permissions across their scopes: across the portal, across an organization, or across a community. For example, consider a role which grants access to create a Message Board category. A Portal role would grant that access across the portal, wherever there was a Message Board portlet. A Community role would grant that access only within a single community. An Organization role would grant that access only within an Organization.
Currently, Users, User Groups, Communities, or Organizations can be members of a role.
Use Cases #
- Users connecting to a corporate homepage based on Liferay from the corporate intranet (e.g. a hard-wired port in a corporate office) should be presented with an intranet login form. Users coming to the site from the DMZ (such as a publically available wireless network on a company campus) should get public-only content and no ability to login or access private information.
The Problem #
Currently, roles can only be assigned to entities such as Users, User Groups, Communities, or Organizations. But before a user provides any credentials, there is no way of knowing who they are or what they should be able to access. It would be useful if users in a specific network category (Based on IP) could be automatically given one or more roles to help in content serving before they even log in.
The Solution #
For this project, a configurable range of IP addresses can be assigned a particular Role. When a user comes to the site from a given IP address, it is checked against the configured list, and if a match is made, that user is dynamically given the role(s) specified.
Skills Needed #
- Required: Java, JSP, Networking
- Nice to have: Struts, Liferay
Prerequisites #
None.
Deliverables #
- Complete code changes to Liferay Portal 6.0.6 to allow administrators to assign one or more range of IP addresses to one or more pre-configured portal roles.
- Unit tests for all new and changed code.
- Documentation required to configure this option..
References #
Related Issues #
External References #
None.