Container Permission for Form Filling + Form Data Listing
瀏覽次數:42 次
跳到第一則未讀訊息
PITS HKE
2022年9月19日 清晨6:01:502022/9/19
收件者:Orbeon Forms
Dear All,
Have successfully setup Keycloak for OIDC login for accessing to /fr/*. May I know path restriction like /fr/* will that be too weak or to strict? I’m not sure about all the paths so difficult to make the decision.
It is recommended to separate form builder from another container. However, How should I assure only one container has access to the Form Builder? Any particular changes needed to made to web.xml in Tomcat 9?
Thank you so so much.
Regards,
Jonathan
Alessandro Vernet
2022年9月19日 晚上7:08:562022/9/19
收件者:orb...@googlegroups.com
Hi Jonathan,
If all your users are authenticated (i.e. you don't have any anonymous users), then requiring users to be logged in for all the `/fr/*` paths is good enough. You don't necessarily have to have Form Builder in a separate container. You'll want to assign a specific role to users who will be allowed to use Form Builder, and require that role in your `form-builder-permissions.xml` (see link below). Does this make sense?
If all your users are authenticated (i.e. you don't have any anonymous users), then requiring users to be logged in for all the `/fr/*` paths is good enough. You don't necessarily have to have Form Builder in a separate container. You'll want to assign a specific role to users who will be allowed to use Form Builder, and require that role in your `form-builder-permissions.xml` (see link below). Does this make sense?
PITS HKE
2022年9月20日 清晨5:56:392022/9/20
收件者:Orbeon Forms
Hi Alex,
Good to see your message again. Good day to u!
There is a log constantly posed up as follows while the form builder cannot switched back to /fr/orbeon/builder/summary page. I guess the path for /orbeon/xforms-server needed to be secured too. Appreciate for your kind advice. Million thanks.
192.168.187.20 - a078316b-72fa-4621-be55-228840af3599 [20/Sep/2022:17:46:21 +0800] "POST /orbeon/xforms-server HTTP/1.0" 403 627
portion from web.xml:
<security-constraint>
<web-resource-collection>
<web-resource-name>
Form Runner pages
</web-resource-name>
<url-pattern>
/fr/
</url-pattern>
<url-pattern>
/fr/orbeon/builder/*
</url-pattern>
</web-resource-collection>
<auth-constraint>
<role-name>
it_ci
</role-name>
</auth-constraint>
</security-constraint>
<security-constraint>
<web-resource-collection>
<web-resource-name>
Form Runner
</web-resource-name>
<url-pattern>
/fr/auth
</url-pattern>
</web-resource-collection>
<auth-constraint>
<role-name>
it_ci
</role-name>
</auth-constraint>
</security-constraint>
<!-- The following pages and services are allowed without constraints by default -->
<security-constraint>
<web-resource-collection>
<web-resource-name>
Form Runner services and public pages and resources
</web-resource-name>
<url-pattern>
/fr/service/*
</url-pattern>
<url-pattern>
/fr/style/*
</url-pattern>
<url-pattern>
/fr/not-found
</url-pattern>
<url-pattern>
/fr/error
</url-pattern>
<url-pattern>
/fr/login
</url-pattern>
<url-pattern>
/fr/login-error
</url-pattern>
</web-resource-collection>
</security-constraint>
Alessandro Vernet
2022年9月20日 下午5:53:282022/9/20
收件者:orb...@googlegroups.com
Hi Jonathan,
You shouldn't have to secure `/xforms-server` in your `web.xml`. Are you seeing an issue if you don't? And when you click on "close", you're taken to the Form Builder summary page; does the user maybe not have access to that page?
-Alex
You shouldn't have to secure `/xforms-server` in your `web.xml`. Are you seeing an issue if you don't? And when you click on "close", you're taken to the Form Builder summary page; does the user maybe not have access to that page?
-Alex
--
You received this message because you are subscribed to the Google Groups "Orbeon Forms" group.
To unsubscribe from this group and stop receiving emails from it, send an email to orbeon+un...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/orbeon/29b7bf47-845f-4b39-9576-1da1416d313dn%40googlegroups.com.
PITS HKE
2022年9月20日 下午6:33:252022/9/20
收件者:orb...@googlegroups.com
Hi Alex,
This this web error shown as attached.
Thank you so so much.
Regards,
Jonathan
To view this discussion on the web visit https://groups.google.com/d/msgid/orbeon/CANrzKk%3DMU8m%2BJsbN8ou5K-FykQPHVMm8WpP%3D7-O9vVk6Ka-jqw%40mail.gmail.com.
Alessandro Vernet
2022年9月21日 下午4:34:482022/9/21
收件者:orb...@googlegroups.com
Jonathan, could you also show me the `<security-constraint>` element or elements you have in your `web.xml` when you get the error shown in the screenshot attached to your previous message?
-Alex
To view this discussion on the web visit https://groups.google.com/d/msgid/orbeon/CAMpXccYpGmiABE_LQ08-r1zPQVZMq2wnZqeJQTKUr%2BpwJOU50A%40mail.gmail.com.
Alessandro Vernet
2022年9月22日 下午5:32:332022/9/22
收件者:orb...@googlegroups.com
You're saying that setting the "web origins" in the Keycloak config solved the problem? In any way, excellent :).
-Alex
To view this discussion on the web visit https://groups.google.com/d/msgid/orbeon/eb8d4852-b0b3-4e0a-a7cc-fff8e6c25df5n%40googlegroups.com.
回覆所有人
回覆作者
轉寄
0 則新訊息