[Neos] Create protected area in Neos Website

Brainshack brainshack at gmail.com
Tue Feb 18 09:17:22 CET 2014

Hello everyone,

I wonder if there are any best practices or features regarding securing
sites in the frontend.

I basically want a part of the page tree to be only reachable with a valid
frontend login.

For the little I know about Neos, I would probably try something like this:

1. Create a new Document Node Type for protected sites.

2. For Login / Registration, I would use flows Account Management with
special frontend roles, so the user cant login to the backend.

The biggest question in that approach would be, how to handle the ACL for
the page ressources. If I add a node type for pages in neos, can i simply
use my Package's Policy.yaml to protect those sites from being visited ?

Or am I maybe totally wrong and there is a much better approach?

More information about the Neos mailing list