Basic browser authenication
The easiest way to create access-controlled sites is to place them in an authenticaton realm and then set the permisions accordingy in the 4Suite repository.
Let's say you have the following structure in the repository
/app (world read access) /app/index.html (inherits access from container) /app/private (readable only to members of 4Suite group "users") /app/private/index.html (inherits access from container)
Let's say there is an HTTP server on port 8080, on host example.com. If a user accesses http://example.com:8080/app/index.html, the page is loaded directly. If a user accesses http://example.com:8080/app/private/index.html
By default, the browser dos not have enough information to give the user the opportunity to log in, so it just returns a mssage saying the access is unauthorized. In order to alow users to log in to view restricted content, you have to specify an authentication realm for the site. You can do this by placing an element such as the following following in the server config file:
<AuthName>Application private area</AuthName>
If a realm is specified and it is the first time the browser has received that challenge, it prompts the Web user for an authentication username and password for the realm. This process is probably familiar to most Web browser users. If the user successfully authenticates using the credentials of a 4Suite user in the "users" group, then the server grants the request.
Using the 4Suite authentication magic
If you would prefer to incoporate the authentication proces into the Web pages themselves (for example embedding a login form into a page), then you can 4Suite's authentication magic.
\[I plan to write more on this, but for now look at the exampl in the 4Suite demo server file: Ft/Server/Share/Demos/server.xml , which is used by the BuyerBase demo]