cannot get security working

classic Classic list List threaded Threaded
2 messages Options
Reply | Threaded
Open this post in threaded view
|

cannot get security working

koenvdk
Hi,

I'm really stuck with security... (using 3.9.1)
I've used various kinds of logins using the container, they all result in the /java-authentication/ showing me I have several roles, all of which I declared as follows in properties-local:

<property as="xs:string"        name="oxf.fr.authentication.method"        value="container"/>
<property as="xs:string"        name="oxf.fr.authentication.container.roles"        value="orbeon-admin cbpl-admin cbpl-builder form-builder"/>

I also added the roles to model.xpl in the java-authentication.
In web.xml, I made sure only the form-builder role can access /fr/orbeon/builder/*


The big problem:
Whatever I put in form-builder-permissions.xml, I always get the same thing in the form-builder:
I can see all existing apps/forms, but I can't make any new ones (the app becomes an empty drop-down box)

I even tried removing the file or putting
<role name="*"        app="*"         form="*"/>
in it. Nothing!

Only with security off (no constraints in web.xml), can I make forms.




What am I forgetting or doing wrong?


Thanks,



Koen Vanderkimpen

Connect: Twitter








Overeenkomstig de bepalingen inzake de vertegenwoordiging van de vzw in haar statuten, kan enkel de gedelegeerde bestuurder, de algemeen directeur of zijn uitdrukkelijke lasthebber verbintenissen aangaan namens Smals.
Indien dit bericht niet voor u bestemd is, verzoeken wij u dit onmiddellijk aan ons te melden en het bericht te vernietigen.

Conformément aux dispositions relatives à la représentation de l'asbl dans ses statuts, seul l'administrateur délégué, le directeur général ou son mandataire exprès est habilité à souscrire des engagements au nom de Smals.
Si ce message ne vous est pas destiné, nous vous prions de nous le signaler immédiatement et de détruire le message.

According to the provisions regarding representation of the non profit association in its bylaws, only the chief executive officer, the general manager or his explicit agent can enter into engagements on behalf of Smals.
If you are not the addressee of this message, we kindly ask you to signal this to us immediately and to delete the message.





--
You receive this message as a subscriber of the [hidden email] mailing list.
To unsubscribe: mailto:[hidden email]
For general help: mailto:[hidden email]?subject=help
OW2 mailing lists service home page: http://www.ow2.org/wws
Reply | Threaded
Open this post in threaded view
|

Re: cannot get security working

Erik Bruchez
Administrator
Koen,

It looks like we'll have to try this again with 3.9.1 to see if there isn't something broken there.

-Erik

On Fri, Jun 15, 2012 at 8:32 AM, <[hidden email]> wrote:
Hi,

I'm really stuck with security... (using 3.9.1)
I've used various kinds of logins using the container, they all result in the /java-authentication/ showing me I have several roles, all of which I declared as follows in properties-local:

<property as="xs:string"        name="oxf.fr.authentication.method"        value="container"/>
<property as="xs:string"        name="oxf.fr.authentication.container.roles"        value="orbeon-admin cbpl-admin cbpl-builder form-builder"/>

I also added the roles to model.xpl in the java-authentication.
In web.xml, I made sure only the form-builder role can access /fr/orbeon/builder/*


The big problem:
Whatever I put in form-builder-permissions.xml, I always get the same thing in the form-builder:
I can see all existing apps/forms, but I can't make any new ones (the app becomes an empty drop-down box)

I even tried removing the file or putting
<role name="*"        app="*"         form="*"/>
in it. Nothing!

Only with security off (no constraints in web.xml), can I make forms.




What am I forgetting or doing wrong?


Thanks,



Koen Vanderkimpen

Connect: Twitter








Overeenkomstig de bepalingen inzake de vertegenwoordiging van de vzw in haar statuten, kan enkel de gedelegeerde bestuurder, de algemeen directeur of zijn uitdrukkelijke lasthebber verbintenissen aangaan namens Smals.
Indien dit bericht niet voor u bestemd is, verzoeken wij u dit onmiddellijk aan ons te melden en het bericht te vernietigen.

Conformément aux dispositions relatives à la représentation de l'asbl dans ses statuts, seul l'administrateur délégué, le directeur général ou son mandataire exprès est habilité à souscrire des engagements au nom de Smals.
Si ce message ne vous est pas destiné, nous vous prions de nous le signaler immédiatement et de détruire le message.

According to the provisions regarding representation of the non profit association in its bylaws, only the chief executive officer, the general manager or his explicit agent can enter into engagements on behalf of Smals.
If you are not the addressee of this message, we kindly ask you to signal this to us immediately and to delete the message.






--
You receive this message as a subscriber of the [hidden email] mailing list.
To unsubscribe: mailto:[hidden email]
For general help: mailto:[hidden email]?subject=help
OW2 mailing lists service home page: http://www.ow2.org/wws