Any web page may be set to require user authentication by way of the OFBiz login process by setting the corresponding request-map
entry in the controller.xml
file. A user need only log in one time per session as OFBiz will check each request for a protected web page against a requesting visitor's login status. If the requestor is already logged in, they will not be asked to login again. If the visitor is not logged in, they will be presented with an HTML login form.
Identify the web application and the web page, OFBiz Service, or OFBiz Event that requires user authentication.
You can protect your web pages by following these steps:
1. Open the appropriate
controller.xml
file containing the request-map entry for the web page to protect.2. Edit the
request-map
entry for the URI to be protected by setting thesecurity
element'sauth
attribute totrue
. For example, the following request-map has both the authorization and encryption (https...