Orbeon Forms community mailing list

Orbeon and oauth

Classic

List

Threaded

5 messages Options

vivanno

Orbeon and oauth

Hi,

Do you know if it's possible to use oauth to access to orbeon (builder and runner) ?

Thanks

--
You received this message because you are subscribed to the Google Groups "Orbeon Forms" group.
To unsubscribe from this group and stop receiving emails from it, send an email to [hidden email].
To post to this group, send email to [hidden email].

Alessandro Vernet

Re: Orbeon and oauth

Administrator

Hi,

I imagine that you're thinking of using OAuth to access the Form Runner persistence API. If that is the case, access control is done by an authorization service you can provide, and I imagine that if you're familiar with OAuth, you could write such a service that checks that the provided OAuth token is valid. But no such service is provided out-of-the-box. You can find more about the authorization service on:

http://doc.orbeon.com/xml-platform/controller/authorization-of-pages-and-services.html

Alex

--
Follow Orbeon on Twitter: @orbeon
Follow me on Twitter: @avernet

vivanno

Re: Orbeon and oauth

Thanks Alex.

Le vendredi 8 avril 2016 00:57:50 UTC+2, Alessandro Vernet a écrit :

Hi,

I imagine that you're thinking of using OAuth to access the Form Runner
persistence API. If that is the case, access control is done by an
authorization service you can provide, and I imagine that if you're familiar
with OAuth, you could write such a service that checks that the provided
OAuth token is valid. But no such service is provided out-of-the-box. You
can find more about the authorization service on:

<a href="http://doc.orbeon.com/xml-platform/controller/authorization-of-pages-and-services.html" target="_blank" rel="nofollow" onmousedown="this.href='http://www.google.com/url?q\75http%3A%2F%2Fdoc.orbeon.com%2Fxml-platform%2Fcontroller%2Fauthorization-of-pages-and-services.html\46sa\75D\46sntz\0751\46usg\75AFQjCNHH--qR0FUO3wCsLRRqj2UwMUz98g';return true;" onclick="this.href='http://www.google.com/url?q\75http%3A%2F%2Fdoc.orbeon.com%2Fxml-platform%2Fcontroller%2Fauthorization-of-pages-and-services.html\46sa\75D\46sntz\0751\46usg\75AFQjCNHH--qR0FUO3wCsLRRqj2UwMUz98g';return true;">http://doc.orbeon.com/xml-platform/controller/authorization-of-pages-and-services.html

Alex

-----
--
Follow Orbeon on Twitter: @orbeon
Follow me on Twitter: @avernet
--
View this message in context: <a href="http://discuss.orbeon.com/Orbeon-and-oauth-tp4661371p4661378.html" target="_blank" rel="nofollow" onmousedown="this.href='http://www.google.com/url?q\75http%3A%2F%2Fdiscuss.orbeon.com%2FOrbeon-and-oauth-tp4661371p4661378.html\46sa\75D\46sntz\0751\46usg\75AFQjCNEbLal-_E3ZVX5pYsHn8OceEB8TEw';return true;" onclick="this.href='http://www.google.com/url?q\75http%3A%2F%2Fdiscuss.orbeon.com%2FOrbeon-and-oauth-tp4661371p4661378.html\46sa\75D\46sntz\0751\46usg\75AFQjCNEbLal-_E3ZVX5pYsHn8OceEB8TEw';return true;">http://discuss.orbeon.com/Orbeon-and-oauth-tp4661371p4661378.html
Sent from the Orbeon Forms community mailing list mailing list archive at Nabble.com.

vivanno

Re: Orbeon and oauth

In reply to this post by Alessandro Vernet

Hi,

I'm working on sécurity side. How to force to use my authorization service for all requests to orbeon (service, runner and builder) not just service ?

Regards

Vivien

Le vendredi 8 avril 2016 00:57:50 UTC+2, Alessandro Vernet a écrit :

Hi,

I imagine that you're thinking of using OAuth to access the Form Runner
persistence API. If that is the case, access control is done by an
authorization service you can provide, and I imagine that if you're familiar
with OAuth, you could write such a service that checks that the provided
OAuth token is valid. But no such service is provided out-of-the-box. You
can find more about the authorization service on:

<a href="http://doc.orbeon.com/xml-platform/controller/authorization-of-pages-and-services.html" target="_blank" rel="nofollow" onmousedown="this.href='http://www.google.com/url?q\75http%3A%2F%2Fdoc.orbeon.com%2Fxml-platform%2Fcontroller%2Fauthorization-of-pages-and-services.html\46sa\75D\46sntz\0751\46usg\75AFQjCNHH--qR0FUO3wCsLRRqj2UwMUz98g';return true;" onclick="this.href='http://www.google.com/url?q\75http%3A%2F%2Fdoc.orbeon.com%2Fxml-platform%2Fcontroller%2Fauthorization-of-pages-and-services.html\46sa\75D\46sntz\0751\46usg\75AFQjCNHH--qR0FUO3wCsLRRqj2UwMUz98g';return true;">http://doc.orbeon.com/xml-platform/controller/authorization-of-pages-and-services.html

Alex

-----
--
Follow Orbeon on Twitter: @orbeon
Follow me on Twitter: @avernet
--
View this message in context: <a href="http://discuss.orbeon.com/Orbeon-and-oauth-tp4661371p4661378.html" target="_blank" rel="nofollow" onmousedown="this.href='http://www.google.com/url?q\75http%3A%2F%2Fdiscuss.orbeon.com%2FOrbeon-and-oauth-tp4661371p4661378.html\46sa\75D\46sntz\0751\46usg\75AFQjCNEbLal-_E3ZVX5pYsHn8OceEB8TEw';return true;" onclick="this.href='http://www.google.com/url?q\75http%3A%2F%2Fdiscuss.orbeon.com%2FOrbeon-and-oauth-tp4661371p4661378.html\46sa\75D\46sntz\0751\46usg\75AFQjCNEbLal-_E3ZVX5pYsHn8OceEB8TEw';return true;">http://discuss.orbeon.com/Orbeon-and-oauth-tp4661371p4661378.html
Sent from the Orbeon Forms community mailing list mailing list archive at Nabble.com.

Alessandro Vernet

Re: Orbeon and oauth

Administrator

Hi Vivien,

You can't, because this isn't what the authorization service is for ;). If you'd like to plug your own code that checks all the requests, I'd recommend you do this in filter that you add to the web.xml. This will give you full control on whether to let a request go through or not.

Alex

--
Follow Orbeon on Twitter: @orbeon
Follow me on Twitter: @avernet