How to restrict file upload in size and types.
Overview of system configuration options for the workplace.
Contents
- Two-factor authentication
How-to activate two-factor authentication.
Options to restrict the type and size of files when using the upload dialog and to make properties mandatory during upload.
When uploading images or documents, it may be desirable that metadata such as the title or the copyright of the image or document are given during the upload process already.
Such mandatory properties for the file upload dialog can be defined in the WEB-INF/config/opencms-workplace.xml server configuration file.
The configuration takes place per explorer type in the /opencms/workplace/explorertypes/explorertype elements.
Below is a configuration example where three properties are defined as “required on upload” for the image explorer type.
<explorertype name="image" [...]> [...] <editoptions> <defaultproperties enabled="true" shownavigation="false"> <defaultproperty name="Title" requiredOnUpload="true" /> <defaultproperty name="Description" requiredOnUpload="true" /> <defaultproperty name="Copyright" requiredOnUpload="true" /> </defaultproperties> </editoptions></explorertype>
Explanation:
- the
<defaultproperty name="Title">element definition causes that a input field for the Title property is shown in the upload dialog - this applies to images only in tha example, since the default property is defined inside the
<explorertype name="image">element definition - the additional
requiredOnUpload="true"attribute definition forces a non-empty property, which means, the upload cannot be completed as long as the property value is empty
The list of file extensions is configured using the sitemap attribute “upload.extensions”. If the sitemap attribute is set, only files with the specified extensions are allowed to be uploaded. Multiple permitted extensions can be specified by separating them with commas: “png,jpg,pdf”. Specifying “*” allows all extensions.
Since today's cameras can produce images in very high resolutions, it makes sense to reduce images to a maximum size suitable for the web when uploading them.
Downscaling images during upload can be configured in the WEB-INF/config/opencms-vfs.xml server configuration file.
Configuration takes place under the /opencms/vfs/resources/resourceloaders/loader[@class='org.opencms.loader.CmsImageLoader'] path.
In the below example configuration, the maximum size is set to 3000 pixels in width and height.
<loader class="org.opencms.loader.CmsImageLoader"> <param name="image.scaling.enabled">true</param> <param name="image.scaling.downscale">w:3000,h:3000</param></loader>
Two-factor authentication for the workplace login can be activated in the WEB-INF/config/opencms-system.xml server configuration file.
The configuration element is named <two-factor-authentication> and must be placed directly below the <loginmanager> element:
<loginmanager>...</loginmanager><two-factor-authentication>...</two-factor-authentication>
A minimal configuration looks like this:
<two-factor-authentication>
<enabled>true</enabled>
<secret>secretpassword123!</secret>
<issuer>My OpenCms installation</issuer>
</two-factor-authentication>
The <issuer> element contains the name of the OpenCms installation as it will appear in the authenticator app of the workplace user. Since the <secret> password is used for user data encryption, it should be changed with caution only. If the password is changed, all workplace users have to reinitialize their two-factor login.
Two-factor authentication can also be activated for selected users only. Whole organizational units, groups or users can be included or excluded as shown below:
<two-factor-authentication> <enabled>true</enabled> <secret>secretpassword123!</secret> <issuer>My OpenCms installation</issuer> <include-users> <group>ABC</group> <orgunit>DEF</orgunit> <pattern>.*ABCDE.*</pattern> </include-users> <exclude-users> <group>GHI</group> <orgunit>JKL</orgunit> <pattern>.*QRSTU.*</pattern> </exclude-users></two-factor-authentication>
The <group>, <orgunit>, and <pattern> elements may appear 0 to n times. The <pattern> element matches account names. If no <include-users> element is defined, two-factor authentication is activated for all users except the ones defined in <exclude-users>.