Advanced Secure Site Configuration

Advanced Secure Site Configuration

The Secure Site Sections feature leverages Spring Security services for authenticating with LDAP or other providers.  When the Secure Site feature is enabled using the Navigation Editor, a SiteConfig directory for the site is generated under the <InstallDir>/rxconfig/SiteConfigs folder.  A site's Site Config folder will be published to the WEB-INF directory of the published website and contains the template for security information.  

As groups are applied to sections in the Navigation Editor, those groups will automatically be added to the perc-access-group.xml under the SiteConfig/<Site Name>/config folder.

Site Configuration File Reference - CMS Side

This file is generated when the "Use site security" checkbox is enabled for a Site's root Navigation node in the Navigation editor. Unchecking this box in the editor will remove these files and any customizations will be lost, and security will need to be re-applied to all configured site Sections.  It is recommended to backup this directory prior to to changing the "Use site security" setting.

<InstallDir>/rxconfig/SiteConfigs/web.xml

This is the master deployment descriptor for the published web site. 

<InstallDir>/rxconfig/SiteConfigs/config/perc-access-group.xml

This file contains the list of Groups that have been defined on all secure sections in the Navigation editor.  The file is generated when a full publish is performed of the site.  Any customizations to this file will be overwritten when publishing is run.  After publishing is completed it will exist in the <InstallDir>/Deployment/Server/<sitename>apps/ROOT/WEB-INF/config folder on the target DTS server. 

<InstallDir>/rxconfig/SiteConfigs/config/security-url-pattern.xml

This file contains the paths on the published site that should be secured by a login screen.  The file is generated when a full publish is performed of the site.  Any customizations to this file will be overwritten when publishing is run. 

After publishing is completed it will exist in the <InstallDir>/Deployment/Server/<sitename>apps/ROOT/WEB-INF/config folder on the target DTS server. 

<InstallDir>/rxconfig/SiteConfigs/config/security-auth-manager.xml

This file contains the definition of the available Authentication providers,  the Percussion Membership authentication provider or the LDAP authentication provider to authenticate against a remote LDAP server.

After publishing is completed it will exist in the <InstallDir>/Deployment/Server/<sitename>apps/ROOT/WEB-INF/config folder on the target DTS server. 

There are several LDAP configuration properties that are defined in this file:

  • user-search-filter="${ldap.manager.user.search.filter}"
  • group-role-attribute="${ldap.manager.group.role.attribute}"
  • group-search-filter="${ldap.manager.group.search.filter}"
  • group-search-base="${ldap.manager.group.search.base}" 

These properties are set in the <installDir>/Deployment/Server/conf/perc/perc-secured-sections.properties file on the DTS server.

<InstallDir>/rxconfig/SiteConfigs/config/security-auth-context.xml

This file defines the files that are used for url patterns and authorization / authentication.

After publishing is completed it will exist in the <InstallDir>/Deployment/Server/<sitename>apps/ROOT/WEB-INF/config folder on the target DTS server. 

<InstallDir>/rxconfig/SiteConfigs/config/beans.xml

This is the primary file that configures the secure site sections feature with Spring Security.  The file exposes several properties to configure secure sections.

percMembershipConfig

<property name="membershipServiceHost">
<value>${membership.service.host}</value>
</property>
<property name="membershipServiceProtocol">
<value>${membership.service.protocol}</value>
</property>
<property name="membershipServicePort">
<value>${membership.service.port}</value>
</property>
<property name="membershipSessionCookieName">
<value>perc_membership_session_id</value>
</property>
<property name="useLdap">
<value>${perc.use.ldap}</value>
</property>

percLdapMembershipAuthProvider

<constructor-arg value="${ldap.domain.name}" />
<constructor-arg value="${ldap.url}" />

WEB-INF/lib Folder

The rxconfig/SiteConfigs/<site>/WEB-INF/lib folder contains the libraries that are required to handle security on the published website.  This directory is copied to the web server when the site is full published and will reside in the Deployment/Server/<site>apps/ROOT/WEB-INF/lib folder on the DTS web server.

Configuration File Reference - DTS Side

<installDir>/Deployment/Server/conf/perc/perc-secured-sections.properties

This file is the primary configuration file for the Secure Site Sections feature on the DTS server. The file will not be overwritten on publish or upgrade. 

Property File Reference

PropertyValueDescription
ldap.manager.password
ldap.manager.url
ldap.manager.dn
ldap.manager.user.search.filter
ldap.manager.group.role.attribute
ldap.manager.group.search.filter=member
ldap.manager.group.search.base
perc.login.login.page
perc.login.login.success.page
membership.service.host
membership.service.protocol
membership.service.port
perc.webserver.http.port
perc.webserver.https.port
perc.use.ldap
ldap.domain.name
ldap.url