Hi,
I resolved this issue by getting the user name as $request/remote-user
in crud.xpl
<include>/request/request-path</include>
<include>/request/content-type</include>
<include>/request/method</include>
<include>/request/remote-user</include>
<include>/request/body</include>
<xsl:copy-of
select="doc('input:instance')"/>
</document>
<timestamp><xsl:value-of
select="current-dateTime()"/></timestamp>
<username><xsl:value-of
select="$request/remote-user"/></username>
<roles><xsl:value-of
select="$request/headers/header[name =
'orbeon-roles']/value"/></roles>
<app><xsl:value-of select="$matcher-groups[1]"/></app>
<form><xsl:value-of
select="$matcher-groups[2]"/></form>
It will be help full form me if some one explains me /request/headers/header[name
= 'orbeon-username' or name = 'orbeon-roles'
From where its expecting input.
Smaran
From: [hidden email]
[mailto:[hidden email]] On Behalf Of Erik Bruchez
Sent: Tuesday, March 08, 2011 3:54 AM
To: [hidden email]
Subject: [ops-users] Re: RE: Authentication and Access Control in Orbeon
Builder
Smaran,
The best thing to do would be for us to try to reproduce the
issue with the username not stored into Oracle. I am adding this to my list of
items to check.
Note that the Tomcat tomcat-users.xml is usually there just
for demos or tests. Most deployment use other authentication realms, like
connecting to a SQL database of users or LDAP directory.
For sure WebLogic supports security realms, but I don't
know what the WebLogic equivalent of tomcat-users.xml is, or even if there is
one. A quick Google search did not return something very convincing right away.
-Erik
On Fri, Mar 4, 2011 at 7:11 AM, <[hidden email]>
wrote:
Hi All,
I too have similar problem from somany
days I am posting this no one is responding.Not sure why username is not at all
stored in database.
Also any idea where to enter username in
weblogic like tomcat-use.xml?
Regards,
Smaran
From:
paleandromus [mailto:[hidden email]]
Sent: Friday, March 04, 2011 8:23 PM
To: [hidden email]
Subject: [ops-users] Authentication and Access Control in Orbeon Builder
Hi
everyone,
I'm trying to control access to application 'Form Builder' (Access Control for
listing and editing forms).
For that I need first user authentication and then control what forms may be
modified or not, based on user roles.
To do this, I followed the instructions listed on pages
- http://www.orbeon.com/orbeon/doc/reference-authentication
- http://wiki.orbeon.com/forms/doc/developer-guide/form-runner/access-control
# TOC-Access-control-for-editing-forms
I use the sample application '/java-authentication/' for user authentication,
and authentication works properly.
But managing roles through the file 'form-runner-roles.xml' does not work as
expected.
The whole setup is as follows (first try, only users authentication):
tomcat-user.xml
(Users in Tomcat)
<tomcat-users>
<role rolename="orbeon-admin"/>
<user name="administrador" password="orbeon" roles="orbeon-admin"/>
</tomcat-users>
web.xml
...
<security-constraint>
<web-resource-collection>
<web-resource-name>Orbeon Builder</web-resource-name>
<url-pattern>/fr/orbeon/builder/*</url-pattern>
</web-resource-collection>
<auth-constraint>
<role-name>orbeon-admin</role-name>
</auth-constraint>
</security-constraint>
<login-config>
<auth-method>FORM</auth-method>
<form-login-config>
<form-login-page>/java-authentication/login</form-login-page>
<form-error-page>/java-authentication/login-error</form-error-page>
</form-login-config>
</login-config>
<security-role>
<role-name>orbeon-admin</role-name>
</security-role>
...
form-runner-roles.xml
<roles>
<!-- Default for distribution: give everybody access to every form -->
<role name="*" app="*" form="*"/>
</roles>
Trying to access the list of forms of 'Orbeon Builder' (which is shown by
'Orbeon Runner') http://[localhost]/orbeon/fr/orbeon/builder/summary,
jumps to the authentication form in the url '/java-authentication/', right, is
the expected behavior, once authenticated, is once again the summary page of
'Orbeon Builder ".
- Image: Login Form by the
app '/java-authentication/
- Image: User info displayed
by the app '/java-authentication/'
- Image: Session in Tomcat
for the user authenticated (administrador)
- Image: Details of the
session in Tomcat for the user
So far all right, but although there is an authenticated user in the context '/
orbeon' in Tomcat, 'Form Runner' or 'Form Builder' shows no reference to the
user, or when you create or modify forms, data is not saved user in the
'USERNAME' table 'ORBEON_FORM_DATA', which remains empty although there is an
authenticated user.
I tried this in the versions of Orbeon 'Orbeon Forms dev-3.7.1.201008230714'
and 'Orbeon Forms Orbeon Forms 3.8.0.201005141841 PE' with the same result.
First question:
Am I missing any configuration for 'Form Builder'or 'Form Runner' display or
use the authenticated user?
Trying to control access to editing the forms, by setting roles and access
permissions of the file-runner-roles.xml form, show one of the tests made with
the user already configured:
form-runner-roles.xml
<roles>
<role name="<b>orbeon-admin</b>" app="*" form="*"/>
</roles>
It is
assumed that the user 'administrator' which has the role 'orbeon-admin', should
have access to edit any form, is that correct?, well, no way, always appears
the message:
You do not have the privileges to access this page.
After doing multiple tests, with multiples users and configurations, if I
change the default settings, the result is that access to any form editing or
creation of new forms is blocked for all users (regardless of configuration,
the blockade is total), appearing always the message mentioned earlier.
I have a second question:
Am I missing some detail in Orbeon to set or extra deployment to the 'Access
control for editings forms' work as it should?
Thank you very much for your attention and help, greetings.
View
this message in context: Authentication and Access Control in Orbeon Builder
Sent from the Orbeon Forms (ops-users) mailing list archive at
Nabble.com.
Please do not print this email unless it is absolutely necessary.
The information contained in this electronic message and any attachments to
this message are intended for the exclusive use of the addressee(s) and may
contain proprietary, confidential or privileged information. If you are not the
intended recipient, you should not disseminate, distribute or copy this e-mail.
Please notify the sender immediately and destroy all copies of this message and
any attachments.
WARNING: Computer viruses can be transmitted via email. The recipient should
check this email and any attachments for the presence of viruses. The company
accepts no liability for any damage caused by any virus transmitted by this
email.
--
You receive this message as a subscriber of the [hidden email] mailing list.
To unsubscribe: mailto:[hidden email]
For general help: mailto:[hidden email]?subject=help
OW2 mailing lists service home page: http://www.ow2.org/wws
Please do not print this email unless it is absolutely necessary.
The information contained in this electronic message and any attachments to this message are intended for the exclusive use of the addressee(s) and may contain proprietary, confidential or privileged information. If you are not the intended recipient, you should not disseminate, distribute or copy this e-mail. Please notify the sender immediately and destroy all copies of this message and any attachments.
WARNING: Computer viruses can be transmitted via email. The recipient should check this email and any attachments for the presence of viruses. The company accepts no liability for any damage caused by any virus transmitted by this email.
www.wipro.com
| Free forum by Nabble | Edit this page |