List and download attachments from API and Liferay auth

classic Classic list List threaded Threaded
4 messages Options
Reply | Threaded
Open this post in threaded view
|

List and download attachments from API and Liferay auth

n.richaud1
Hi,

I have set permission permission for a form and embeded it in Liferay trough proxy orbeon portlet.
So the authentification is handled by Liferay, the orbeon backend access is just restrained by ip, no auth.
When I want to list attachments of a document,  Orbeon send me 403 response.
When I remove permissions, it works.

Do I need to set up auth to backend ?
I want to call the API from a different server.

-----------
Version: Orbeon 2016.1

Properties added for API acess :

<property
  as="xs:string"
  processor-name="oxf:page-flow"
  name="service-public-methods"
  value="GET HEAD"/>

 
Reply | Threaded
Open this post in threaded view
|

Re: List and download attachments from API and Liferay auth

Alessandro  Vernet
Administrator
Just checking:

- Have you setup proxy portlet to send information about the current user to Orbeon Forms? See "Send Liferay user" on [1].
- And have you setup the properties on the Orbeon Forms side to get the information about the current user from the headers set by the proxy portlet? For more on this, see [2].

[1] https://doc.orbeon.com/form-runner/link-embed/liferay-proxy-portlet.html#configure-the-proxy-portlet
[2] https://doc.orbeon.com/form-runner/link-embed/liferay-proxy-portlet.html#configuring-form-runner-to-use-liferay-user-information

Alex
--
Follow Orbeon on Twitter: @orbeon
Follow me on Twitter: @avernet
Reply | Threaded
Open this post in threaded view
|

Re: List and download attachments from API and Liferay auth

n.richaud1
Yes "Send Liferay user" is checked and the properties are the same as in the documentation.

Reply | Threaded
Open this post in threaded view
|

Re: List and download attachments from API and Liferay auth

Erik Bruchez
Administrator
In reply to this post by n.richaud1
Hi,

Since you are calling the service from a different server, the settings in Liferay are not relevant. There are two things which are relevant:

1. Whether the service are open to the outside world.

I think you have done this properly already, assuming that you are not doing a POST or a DELETE. For reference, by default Form Runner services are protected, and here is the doc:

    https://doc.orbeon.com/xml-platform/controller/authorization-of-pages-and-services.html

2. Whether you are providing, when calling the service, authentication headers which are accepted by the service.

The same headers which you configured to map Liferay headers should be passed.

Does this help?

-Erik