|
|
Could someone please advise me if I am using a sensible strategy for security/authentication with Orbeon Forms?
Our application uses the standard 'apps' directory structure used in the orbeon release. Therefore the application consists of several sub-apps defined in sub-folders of the resources/apps directory. A top-level page flow then delegates using wildcards to a page-flow contained in each sub-app folder. Again this is the pattern that the Orbeon wepapp uses. This all seems to work and enables us to add additional application resources into the deployed context without having to duplicate all of the infrastructure.
What I now need to do is to enable security/authentication on the sub-apps. I am using tomcat 6.x so I think it should be possible to define roles associated with each sub-app folder. Then in theory users of each sub-app will only be able to access that sub-app.
Is this a sensible approach and what was actually intended for use with the Orbeon apps folder structure, or is there a better approach for handling multiple applications in a single webapp context?
Thanks,
Neil.
|
Locked
