Authenticated and non-authenticated forms in the same environment
I am trialling Orbeon Forms for an upcoming project.
The original requirements were to implement authentication for Form access.
I have configured tomcat to read from SQL Server "users" and "user_roles" tables, to authenticate a user's acces to a particular Form (or FormBuilder, or FormRunner).
I have now been asked to provide an environment with both authenticated forms and also the option to allow access to particular forms without entering a username/password.
Alternatively, I could implement two instances of Orbeon on the server. One with user authentication enabled, and the other without authentication. The Orbeon licencing appears to support multiple instances of the software on a server.
Are there any other alterantives to offering authenticated and non-authenticated form access?
You can certainly have both forms that require the user to be authenticated, and others that don't on the same server. If you're in that situation, as mentioned by Eusebio, you'll need to specify what forms require authentication in the web.xml. So your container (e.g. Tomcat), knows if a non-authenticated user should be allowed to access a page, or should instead be redirected to the login page first.
You can also define who can access the form in Form Builder. However, even when doing this, you'll still need to list those forms that require authentication in the web.xml, otherwise non-authenticated users trying to access a form they're not allowed to see will get a 403 ("forbidden"), instead of being redirected to the login page.
Finally, if you think it is simpler to have 2 instances of Orbeon Forms, one for authenticated users and one for non-authenticated users, you can indeed do so with just 1 PE subscription, as long as both instances run on the same server.
Follow Orbeon on Twitter: @orbeon
Follow me on Twitter: @avernet