The OpenWGA Java CMS runtime system offers important features to run CMS projects and web applications. Among them are user authentication, caching, security, transparent database access and more.
The pluggable authentication architecture of OpenWGA Java CMS enables customers to reuse their existing user directory like LDAP or implement a custom authentication module that uses any data source accessible via Java.
Once configured by the OpenWGA administrator the application designer does not have to code the necessary user login and lookup by himself. He just uses the configured module. OpenWGA can assign individual authentication sources to each web application through its domain concept.
An authentication module may also use client side browser certificates for authenticating the user which provides a maximum of security.
Additionally OpenWGA CMS can use Single-Sing-On technologies to take over existing Logins of either the users Microsoft Windows operating system (using SPNEGO technology) or from other Websites hosted on SSO-enabled IBM Lotus Domino Servers.
Because web applications have to handle many parallel requests and thousands of page impressions each hour your application needs to use you servers resources with care.
The integrated OpenWGA CMS caching concepts ensure minimized access to the database backend and other resources without the need for the developer to handle this manually.
Caching takes place at different levels behind the scene (items, documents, pages, query results) or additionally may be controlled by the application developer (template fragments).
Each site visitor is automatically assigned a user profile document by the OpenWGA CMS runtime. The application designer can use this profile to store any data and present a personal view of the site to each visitor.
Some security concepts available "out of the box" in OpenWGA CMS:
SQL-Injection is an imminent threat to all web applications that should already be prevented on platform level. Therefor OpenWGA supports query parameters that prevent injections from hijacking queries. Additionally all queries done from OpenWGA templates are read-only so there is no way that a hijacked query may damage your data.
Each application contains its own Access Control List (ACL) by which OpenWGA CMS ensures that no unauthorized access may happen. The ACL is managed by the OpenWGA administrator.
When form data is posted to OpenWGA CMS it is ensured by the WebTML form framework that only those forms and data fields are processed that were initially created by the form definition on the server. This prevents automated form submits by form-spammers.
The WebTML action framework provides a way to define serverside operations callable by the browser user that are automatically protected from parameter modification, debounced and data-compressed to minimize network traffic.
The OpenWGA CMS Runtime ensures that only template modules that are explicitly allowed for direct access by the designer may be called directly by the browser user. This prevents data and functionality exposure out of application context.
Each web application may be restricted to a range of allowed IP adresses or ports.