Orbeon and oauth

classic Classic list List threaded Threaded
5 messages Options
Reply | Threaded
Open this post in threaded view
|

Orbeon and oauth

vivanno
Hi,

Do you know if it's possible to use oauth to access to orbeon (builder and runner) ? 


Thanks

--
You received this message because you are subscribed to the Google Groups "Orbeon Forms" group.
To unsubscribe from this group and stop receiving emails from it, send an email to [hidden email].
To post to this group, send email to [hidden email].
Reply | Threaded
Open this post in threaded view
|

Re: Orbeon and oauth

Alessandro  Vernet
Administrator
Hi,

I imagine that you're thinking of using OAuth to access the Form Runner persistence API. If that is the case, access control is done by an authorization service you can provide, and I imagine that if you're familiar with OAuth, you could write such a service that checks that the provided OAuth token is valid. But no such service is provided out-of-the-box. You can find more about the authorization service on:

http://doc.orbeon.com/xml-platform/controller/authorization-of-pages-and-services.html

Alex
--
Follow Orbeon on Twitter: @orbeon
Follow me on Twitter: @avernet
Reply | Threaded
Open this post in threaded view
|

Re: Orbeon and oauth

vivanno
Thanks Alex. 

Le vendredi 8 avril 2016 00:57:50 UTC+2, Alessandro Vernet a écrit :
Hi,

I imagine that you're thinking of using OAuth to access the Form Runner
persistence API. If that is the case, access control is done by an
authorization service you can provide, and I imagine that if you're familiar
with OAuth, you could write such a service that checks that the provided
OAuth token is valid. But no such service is provided out-of-the-box. You
can find more about the authorization service on:

<a href="http://doc.orbeon.com/xml-platform/controller/authorization-of-pages-and-services.html" target="_blank" rel="nofollow" onmousedown="this.href=&#39;http://www.google.com/url?q\75http%3A%2F%2Fdoc.orbeon.com%2Fxml-platform%2Fcontroller%2Fauthorization-of-pages-and-services.html\46sa\75D\46sntz\0751\46usg\75AFQjCNHH--qR0FUO3wCsLRRqj2UwMUz98g&#39;;return true;" onclick="this.href=&#39;http://www.google.com/url?q\75http%3A%2F%2Fdoc.orbeon.com%2Fxml-platform%2Fcontroller%2Fauthorization-of-pages-and-services.html\46sa\75D\46sntz\0751\46usg\75AFQjCNHH--qR0FUO3wCsLRRqj2UwMUz98g&#39;;return true;">http://doc.orbeon.com/xml-platform/controller/authorization-of-pages-and-services.html

Alex

-----
--
Follow Orbeon on Twitter: @orbeon
Follow me on Twitter: @avernet
--
View this message in context: <a href="http://discuss.orbeon.com/Orbeon-and-oauth-tp4661371p4661378.html" target="_blank" rel="nofollow" onmousedown="this.href=&#39;http://www.google.com/url?q\75http%3A%2F%2Fdiscuss.orbeon.com%2FOrbeon-and-oauth-tp4661371p4661378.html\46sa\75D\46sntz\0751\46usg\75AFQjCNEbLal-_E3ZVX5pYsHn8OceEB8TEw&#39;;return true;" onclick="this.href=&#39;http://www.google.com/url?q\75http%3A%2F%2Fdiscuss.orbeon.com%2FOrbeon-and-oauth-tp4661371p4661378.html\46sa\75D\46sntz\0751\46usg\75AFQjCNEbLal-_E3ZVX5pYsHn8OceEB8TEw&#39;;return true;">http://discuss.orbeon.com/Orbeon-and-oauth-tp4661371p4661378.html
Sent from the Orbeon Forms community mailing list mailing list archive at Nabble.com.

--
You received this message because you are subscribed to the Google Groups "Orbeon Forms" group.
To unsubscribe from this group and stop receiving emails from it, send an email to [hidden email].
To post to this group, send email to [hidden email].
Reply | Threaded
Open this post in threaded view
|

Re: Orbeon and oauth

vivanno
In reply to this post by Alessandro Vernet
Hi,

I'm working on sécurity side. How to force to use my authorization service for all requests to orbeon (service, runner and builder)  not just service ? 

Regards
Vivien


Le vendredi 8 avril 2016 00:57:50 UTC+2, Alessandro Vernet a écrit :
Hi,

I imagine that you're thinking of using OAuth to access the Form Runner
persistence API. If that is the case, access control is done by an
authorization service you can provide, and I imagine that if you're familiar
with OAuth, you could write such a service that checks that the provided
OAuth token is valid. But no such service is provided out-of-the-box. You
can find more about the authorization service on:

<a href="http://doc.orbeon.com/xml-platform/controller/authorization-of-pages-and-services.html" target="_blank" rel="nofollow" onmousedown="this.href=&#39;http://www.google.com/url?q\75http%3A%2F%2Fdoc.orbeon.com%2Fxml-platform%2Fcontroller%2Fauthorization-of-pages-and-services.html\46sa\75D\46sntz\0751\46usg\75AFQjCNHH--qR0FUO3wCsLRRqj2UwMUz98g&#39;;return true;" onclick="this.href=&#39;http://www.google.com/url?q\75http%3A%2F%2Fdoc.orbeon.com%2Fxml-platform%2Fcontroller%2Fauthorization-of-pages-and-services.html\46sa\75D\46sntz\0751\46usg\75AFQjCNHH--qR0FUO3wCsLRRqj2UwMUz98g&#39;;return true;">http://doc.orbeon.com/xml-platform/controller/authorization-of-pages-and-services.html

Alex

-----
--
Follow Orbeon on Twitter: @orbeon
Follow me on Twitter: @avernet
--
View this message in context: <a href="http://discuss.orbeon.com/Orbeon-and-oauth-tp4661371p4661378.html" target="_blank" rel="nofollow" onmousedown="this.href=&#39;http://www.google.com/url?q\75http%3A%2F%2Fdiscuss.orbeon.com%2FOrbeon-and-oauth-tp4661371p4661378.html\46sa\75D\46sntz\0751\46usg\75AFQjCNEbLal-_E3ZVX5pYsHn8OceEB8TEw&#39;;return true;" onclick="this.href=&#39;http://www.google.com/url?q\75http%3A%2F%2Fdiscuss.orbeon.com%2FOrbeon-and-oauth-tp4661371p4661378.html\46sa\75D\46sntz\0751\46usg\75AFQjCNEbLal-_E3ZVX5pYsHn8OceEB8TEw&#39;;return true;">http://discuss.orbeon.com/Orbeon-and-oauth-tp4661371p4661378.html
Sent from the Orbeon Forms community mailing list mailing list archive at Nabble.com.

--
You received this message because you are subscribed to the Google Groups "Orbeon Forms" group.
To unsubscribe from this group and stop receiving emails from it, send an email to [hidden email].
To post to this group, send email to [hidden email].
Reply | Threaded
Open this post in threaded view
|

Re: Orbeon and oauth

Alessandro  Vernet
Administrator
Hi Vivien,

You can't, because this isn't what the authorization service is for ;). If you'd like to plug your own code that checks all the requests, I'd recommend you do this in filter that you add to the web.xml. This will give you full control on whether to let a request go through or not.

Alex
--
Follow Orbeon on Twitter: @orbeon
Follow me on Twitter: @avernet