Combination View Flat View Tree View
Threads [ Previous | Next ]
toggle
Adrián Rodrigo
New user type: Logged but not registered user
June 23, 2011 9:50 AM
Answer

Adrián Rodrigo

Rank: New Member

Posts: 16

Join Date: February 3, 2009

Recent Posts

Hello,

There are several cases where a liferay portal doesn't need that users be registered in the database as liferay users. Many times you just probably need to ask for some kind of credentials and keep them into the session, but not register them in the database for future logins.

One of the cases could be a portal with public and private pages. Public pages contains news, events, content... Private pages have portlets which shows private information about the user. For getting into the private pages, users don't have to login with email/password but with their digital certificate.

The portlets from private pages will use these credentials to obtain data and show it to the user. Liferay portlets will know that this user is logged in and show content for logged users. These kind of users should have a new role to set the difference between guest users and registered users.

It will be a good feature to have in liferay!!

What do you think?

Regards!
David H Nebinger
RE: New user type: Logged but not registered user
June 23, 2011 11:25 AM
Answer

David H Nebinger

Rank: Liferay Legend

Posts: 6527

Join Date: September 1, 2006

Recent Posts

I think the difficulty here is the internals of LR itself.

For example, when you are looking at your own private page, you can add and remove portlets, move them around, etc. These changes only affect you, and not other people who have their own private pages.

The reason this works in LR is that in the database, your personal layout stuff is saved and tagged with your registered user id, created at registration time.

Even simple things that you might do, such as respond to a poll or comment on a blog post, these things are all tagged with your registered user id so that it can be tracked back to you.

Personalization of data presented within a portlet itself can be handled by the portlet developer. I have created a number of portlets like that, where the display of and availability of data depend upon who the authenticated, registered user is.

Because LR demands that a user is registered, as a portlet developer all I really know is that I'm getting the user's credentials and determining what to show them, so from a developer perspective it would have no real impact on my portlets to include such a concept.

But, as I said, there is a great deal of impact with respect to the LR internals...

That said, there's still some issues w/ your argument. If a user is providing some credentials, then you must already have some registered (saved) info on them to prove that they are who they say they are. So if you've registered that info, then you have a registered user anyway, right?

Or perhaps instead of the public/private pages on a user basis, instead you're wanting public/private site pages, where the public pages are visible to everyone but the private pages are only visible to authenticated users? You can already get that kind of thing using permissions (add a tab on your main page then remove guest visibility on it; only registered users could see the tab and get to the contents of the tab). And if the portlets on this limited tab use the user's credentials to determine what, if any, data to display, then you get your user-specific content. Add the disabling of user-specific public and private pages in portal-ext.properties, and you end up w/ a site that more or less implements this thing w/o really changing LR at all...
Hitoshi Ozawa
RE: New user type: Logged but not registered user
June 23, 2011 3:03 PM
Answer

Hitoshi Ozawa

Rank: Liferay Legend

Posts: 7990

Join Date: March 23, 2010

Recent Posts

Something like a one time user acount/password?

Liferay allows users to register themselves so it'll just be a matter of deleting these users when they logout.
Adrián Rodrigo
RE: New user type: Logged but not registered user
June 24, 2011 1:07 AM
Answer

Adrián Rodrigo

Rank: New Member

Posts: 16

Join Date: February 3, 2009

Recent Posts

Hello,

The thing is not to have the users in database. Of course you can implement user deletion after logout, but you will be savnig data you don't need, and deleting this data. A portal with thousands of visitors at day ¿why should have to do this? Thousands of new database users just for deleting them on logout, every day. Is not efficient.

My point is to have a new kind of user who could expose his credentials (the common sample is with digital certificate, liferay could get personal email or an id from it) and keep them in session. How do you validate these credentials? Each portlet, how the developer considers. Maybe using a WS, maybe against another database, or anything is required.

Like you said, this kind of users (just logged but not registered) will not be able to have layout customization and user private pages. Is not a big deal. Many portals made using Liferay don`t want to enable user customization.

This kind of user is a extra way to use liferay authentication. I think it aplies in many scenarios.

However, there are some questions here. How many ways could the user expose the credentials? Just in case of the digital certificate? Maybe we can think about another cases. How liferay could keep this credentials in session and expose them to the portlets?

Regards!
Jorge Ferrer
RE: New user type: Logged but not registered user
June 24, 2011 6:36 AM
Answer

Jorge Ferrer

LIFERAY STAFF

Rank: Liferay Legend

Posts: 2756

Join Date: August 31, 2006

Recent Posts

Hi Adrián,

The upcoming 6.1 version will have something similar to that. The goal is to allow users to participate without forcing them to go through a registration process. The first application will be to allow users to add comments to blog entries (and elsewhere) just by providing a name and email. The way we've implemented it, the system creates an entry for the user in the User_ table, but only to make it easier for him/her to create an account later if that's desired, and associate all of his/her contributions done before the registration.
Hitoshi Ozawa
RE: New user type: Logged but not registered user
June 26, 2011 5:06 PM
Answer

Hitoshi Ozawa

Rank: Liferay Legend

Posts: 7990

Join Date: March 23, 2010

Recent Posts

Like you said, this kind of users (just logged but not registered) will not be able to have layout customization and user private pages. Is not a big deal. Many portals made using Liferay don`t want to enable user customization.


Agree with you on this. But I think this is mainly because of the quality issued which is making "regular" users require too many support calls when trying to create pages.

I'm not sure why you want to keep user information in a session. Allowing unauthenticated users from posting seems just like a way to allow span messages. Even here, where users are required to register, there's still some span messages and many people posting questions without first reading the forum guidelines.

Finally, as Jorge replied, there is no planned activities to not save user information in the liferay database. I think the easiest way is to write a filter to write temporary user information into a temporary table.
Enric Bousoño
RE: New user type: Logged but not registered user
June 28, 2011 6:16 AM
Answer

Enric Bousoño

Rank: New Member

Posts: 8

Join Date: August 10, 2010

Recent Posts

Hi all!

I think the idea of Adrián is very interesting and can be applied in many scenarios.

Here I tell you an example to illustrate why I understand that this feature is interesting: In Spain we have many government websites to which you can access a private web of every citizen with their personal digital certificate. In this case it is common to access a portal with e-ID of the citizen (government electronic identification). These sites provide information to the user of your medical history or traffic fines, and generally this information is not in a database accessible through the portal, but it is published in WSS that are consumed using the personal digital certificate.

Thus, creating thousands of fictitious users on the site is unnecessary when maintaining the session with the credentials obtained through the digital certificate is sufficient, as many citizens have access to consult their doctor visits and do not want become part of the portal.

This is a useful example for how to make portals for citizens in Spain, and I guess can be extrapolated to other countries and needs.

Hope it help!
Regards!

Jorge Ferrer:
The upcoming 6.1 version will have something similar to that. The goal is to allow users to participate without forcing them to go through a registration process. The first application will be to allow users to add comments to blog entries (and elsewhere) just by providing a name and email. The way we've implemented it, the system creates an entry for the user in the User_ table, but only to make it easier for him/her to create an account later if that's desired, and associate all of his/her contributions done before the registration.

Hi Jorge, I understand this, but I think that this is not the goal of Adrián. But whith this new feature, I could use your email to insult another user in a blog entry and when you sign first time these comments are yours? This post is not for discuss this, but is interesting to clarify this.
Andrey Urvancev
RE: New user type: Logged but not registered user
November 15, 2011 6:27 AM
Answer

Andrey Urvancev

Rank: Junior Member

Posts: 88

Join Date: June 10, 2009

Recent Posts

Hi all! Have you found appropriate solution for that task? I also have necessity to authenticate user by custom attributes and won't save it in database.