|
|
We need to restrict access to the summary and data from the forms of one specific app.
In our installation of orbeon, we have established that each department has its application with N forms.
For example only persons from human resources department should be able to view or edit submitted data from N forms of HR department.
We need to configure this in the web.xml, taking into account that we don´t want to modify the web.xml with the creation of each new form.
If we set one pattern for each form, the authentication mechanism works OK
<web-resource-collection>
<web-resource-name> example</web-resource-name>
<url-pattern>/fr/hr/demo4/edit</url-pattern>
<url-pattern>/fr/hr/demo4/summary</url-pattern>
</web-resource-collection>
We have tried to set a wildcard setting (all the forms from hr application), but it doesn´t work
<web-resource-collection>
<web-resource-name> example</web-resource-name>
<url-pattern>/fr/hr/*/edit</url-pattern>
<url-pattern>/fr/hr/*/summary</url-pattern>
</web-resource-collection>
I suppose this is a basic requirement for most of organizations, how can this be solved?
|
Locked
