Add roles or groups to anonymous or logged-in visitors based on HTTP headers
Table of contents
The AutoRoleFromHostHeader PAS plugin allows to assign roles to users looking at HTTP headers.
There is an extraction and authentication plugin included, to enable additional roles for anonymous users. They are required since PAS does not support roles (or properties or groups) for anonymous users. You can disable these interfaces if only logged-in users should get additional roles.
AutoRoleFromHostHeader furthermore provides a groups plugin interface, allowing you to assign groups instead of roles.
The plugin is configured by editing the Header name; regexp; roles/groups
property on the plugin's properties screen (through ZMI).
Each line represents a mapping from an header value (using a regexp match) to
one or more roles. The format is as follows:
http_header_name; regular expression; role[, role ...] ; TALES
The (optional) TALES allows arbitrary expressions to be added to role mappings, for example to check other HTTP headers:
...;python:request.getHeader('MY-SPECIAL-HEADER')=='somevalue'
This plugin can be used to assign groups instead of roles if used as a group plugin instead of a role plugin:
http_header_name; regular expression; group[, group ...] ; TALES
Groups plugin is not activated by default.
If you have AutoRoleFromHostHeader configured for anonymous users and come from a network matching one of its rules, you will not be able to log in with an account from a higher-up user folder. This is because AutoRole authenticates the Anonymous User which stops the lookup process.
Tested with all Plone versions from 4.0 to 4.3.
Developed with the support of:
All of them supports the PloneGov initiative.
This product was developed by RedTurtle Technology team.
AutoRoleFromHostHeader is not an original idea but is taken from the work made by Jarn company for the AutoRole plugin.
Special thanks to Mauro Amico (mamico) for giving us the main direction.
Matthew Wilkes (MatthewWilkes) contributed adding the conditional expression.
