Orbeon header authentication - orbeon

I'm currently using Orbeon 2019.2 CE version
I'm trying to configure header-driven method for access control without using Liferay or default Login/Logout form in Orbeon.
I have already set these properties in properties-dev.xml
I'm have 2 roles (form-builder, form-viewer) sending via My-Roles-Header.
<property as="xs:string" name="oxf.fr.authentication.method" value="header"/>
<property as="xs:boolean" name="oxf.fr.authentication.header.sticky" value="true"/>
<property as="xs:string" name="oxf.fr.authentication.header.username" value="My-Username-Header"/>
<property as="xs:string" name="oxf.fr.authentication.header.group" value="My-Group-Header"/>
<property as="xs:string" name="oxf.fr.authentication.header.roles.split" value="(\s*[,\|]\s*)+"/>
<property as="xs:string" name="oxf.fr.authentication.header.roles" value="My-Roles-Header"/>
<property as="xs:string" name="oxf.xforms.forward-submission-headers" value="My-Username-Header My-Group-Header My-Roles-Header"/>
<property as="xs:string" name="oxf.http.forward-headers" value="My-Username-Header My-Group-Header My-Roles-Header"/>
However, I'm still able to access form builder and form runner without sending My-Username-Header My-Group-Header My-Roles-Header headers. It should redirect me to 403 page

Form Runner: the default is that each individual form must have permissions enabled or the form will be public. Make sure that "Enable permission for this form" is selected in Form Builder (doc).
Form Builder: see Form Builder permissions.

Related

Orbeon - Email Properties Settings

I want to send an email to be sent from my Orbeon Form application to a host that is not gmail, following are the properties I added to my properties-local.xml
`<property as="xs:string" name="oxf.fr.email.smtp.host.MonashHealth.*" value="remote.elodigital.com.au"/>
<property as="xs:string" name="oxf.fr.email.from.MonashHealth.*" value="orbeon#elodigital.com.au"/>
<property as="xs:string" name="oxf.fr.email.to.MonashHealth.*" value="nilpath899#gmail.com,orbeon#elodigital.com.au"/>
<property as="xs:string" name="oxf.fr.email.smtp.username.MonashHealth.*" value="orbeon"/>
<property as="xs:string" name="oxf.fr.email.smtp.credentials.MonashHealth.*" value="******"/>
<property as="xs:string" name="oxf.fr.email.smtp.encryption.MonashHealth.*" value="ssl"/>
<property as="xs:string" name="oxf.fr.email.smtp.port.MonashHealth.*" value="25"/>`
but I get the following error
`javax.net.ssl.SSLException: Unrecognized SSL message, plaintext connection class com.sun.mail.smtp.SMTPAddressFailedException: 550 5.7.1 Unable to relay javax.net.ssl.SSLException: Unrecognized SSL message, plaintext connection`
Are there any addtional properties that I must set? Need help please.
It might be because you are requiring SSL but your server on port 25 might respond with plain text. See this other question for a similar error.

Customizing buttons in Orbeon 4.5

In proprties-local.xml I have defined persistence layer:
<property
as="xs:string"
name="oxf.fr.persistence.provider.*.*.*"
value="MsSqlPersistance"/>
<property
as="xs:anyURI"
name="oxf.fr.persistence.MsSqlPersistance.uri"
value="http://10.7.3.63:8080/MsSqlPersistenceLayerImpl"/>
So now, everytime I click on save or send button, there is HTTP PUT request sent to my MsSqlPersistenceLayerImpl REST service.
Also there is
<property as="xs:anyURI" name="oxf.fr.detail.send.success.uri.*.*"
value="http://10.7.3.63:8080/orb_submit/orbSubmit"/>
<!-- HTTP method to use to navigate to the success page -->
<property as="xs:string" name="oxf.fr.detail.send.success.method.*.*" value="post" replace="all"/>
As I understand, after clicking on Send button there is a HTTP PUT request send to my MsSqlPersistenceLayerImpl component and after success, there is another POST request send to orb_submit service.
Now, I would like after clicking Send button (workflow-send), not to send any HTTP PUT requests to my MsSqlPersistenceLayerImpl service, I want only to call (after form validation) orb_submit service. Is it possible?
UPDATE
Customizing buttons seems really hard for me. Normally, after clicking save my form is saved in database and the success message is shown - it's default behaviour. But when I put this code
<property as="xs:string" name="oxf.fr.detail.process.save-draft.*.*">
save
then success-message("save-draft-success")
recover error-message("database-error")
</property>
into properties-local.xml after clicking save nothing happens (no save, no message;I'd excepct still normal behaviour of course). Morover, trying to customize workflow-send in the same way, it has no affect at all. Am I missing something?
Inline properties were not supported in 4.5. Try instead:
<property
as="xs:string"
name="oxf.fr.detail.process.save-draft.*.*"
value='
save
then success-message("save-draft-success")
recover error-message("database-error")'
/>

Orbeon 4.5 - How to pass request parameters?

We are upgrading from Orbeon 3.9 to 4.5.
In Orbeon 3.9, we were passing request parameters to the send success URI (oxf.fr.detail.send.success.uri) when the user clicks on a custom submit button. We have done this by modifying persistence-model.xml.
Following is the code part which we used in 3.9:
<xforms:model id="fr-persistence-model"
<xforms:instance id="x3params">
<data xmlns="">
<customerid/>
</data>
</xforms:instance>
<xforms:action ev:event="xforms-model-construct-done" if="$app != '*' and $form != '*'">
<xforms:setvalue ref="instance('g3params')/customerid" value="xxforms:get-request-parameter('customerid')" />
<xxforms:variable name="g3customerId" as="xs:string" select="instance('g3params')/customerid"/>
<xforms:submission id="fr-workflow-send-submission"
resource="{$workflow-success-uri}?fr-app={$app}&form={$form}&docid={$document}&customerid={$g3customerId}"
relevant="{xxforms:property(string-join(('oxf.fr.detail.send.success.prune', $app, $form), '.'))}"
validate="false" method="{$workflow-success-method}"
serialization="{if ($workflow-success-method = 'get') then 'none' else 'application/xml'}"
ref="if (instance('fr-workflow-send-instance') != '') then instance('fr-workflow-send-instance') else xxforms:instance('fr-form-instance')"
replace="all"/>
In Orbeon 4.5, I used the save-final process for a custom submit.
Since fr-workflow-send-submission is removed in 4.5, how can I pass the request parameters to the send success URI?
Following is my properties-local.xml:
<property as="xs:boolean" name="oxf.fr.detail.send.pdf" value="false"/>
<property as="xs:boolean" name="oxf.fr.email.attach-pdf" value="false"/>
<property as="xs:anyURI" name="oxf.fr.detail.send.success.uri.Preconstruction.*" value="http://localhost:8080/webapp/new"/>
<property as="xs:string" name="oxf.fr.detail.send.success.method.*.*" value="post"/>
<property as="xs:boolean" name="oxf.fr.detail.send.success.prune.*.*" value="false"/>
You can use XPath value templates in the service URL:
<property
as="xs:string"
name="oxf.fr.detail.send.success.uri.Preconstruction.*"
value="http://localhost:8080/webapp/new?customerid={xxf:get-request-parameter('customerid')}"/>
Orbeon Forms passes app, form and document by default now. The only thing is that I notice that in your code you use fr-app, form, and docid. It is probably better to switch to using the standard names used by Orbeon Forms now (so app, form and document).

Orbeon localisation

I translated the necessary files for Dutch but apparently the runner still shows the error section in English.
I looked at both the runner and fb resource.xml but couldn't find the string 'Your form contains the following errors'.
I also have this entries in the properties-local.xml
<property as="xs:string" name="oxf.fr.available-languages.orbeon.builder" value="nl en"/>
<property as="xs:string" name="oxf.fr.default-language.orbeon.builder" value="nl"/>
<property as="xs:string" name="oxf.fr.default-language.orbeon.*" value="nl"/>
<property as="xs:string" name="oxf.fr.default-language.*.*" value="nl"/>
It depends which version you are using:
up to Orbeon Forms 4.2, resources.xml does contain that message
starting Orbeon Forms 4.3, resources.xml contains a more complex formatted string

Unable to retrieve liferay user name in Orbeon proxy portlet

Currently, I'm trying to integrate in Liferay one Orbeon form which retrieves the user name.
(I described the problem here: http://discuss.orbeon.com/Unable-to-retrieve-liferay-roles-in-Orbeon-proxy-portlet-td4656273.html - Post 2 )
To do this, I created a simple form with one input field and I want to get the Liferay user name in this field. I tested with all configurations in lower case (Unable to retrieve Header information on Orbeon 4.0.1 but works on 3.9) and nothing is returned.
First: I completed properties-local.xml using http://wiki.orbeon.com/forms/doc/developer-guide/admin/deployment-portlet and I put all properties in lower case.
properties-local.xml :
<!-- this is the property for orbeon forms 4.0 -->
<property as="xs:anyuri" name="oxf.fr.persistence.exist.exist-uri"
value="http://orbeonserver:8080/orbeon/exist/rest/db/orbeon/fr"/>
<!-- configure authentication properties through headers -->
<property as="xs:string" name="oxf.fr.authentication.method"
value="header"/>
<!-- if you want the liferay user email used for form runner authentication -->
<property as="xs:string" name="oxf.fr.authentication.header.username"
value="orbeon-liferay-user-email"/>
<!-- if you want liferay roles used -->
<property as="xs:string" name="oxf.fr.authentication.header.roles"
value="orbeon-liferay-user-roles"/>
<!-- to propagate username/roles to the persistence layer, if using authentication -->
<property as="xs:string" name="oxf.xforms.forward-submission-headers"
value="orbeon-username orbeon-roles"/>
After in my form, I used xxf:get-request-header() to get the Liferay user name :
<xf:bind id="userName-bind" name="userName" ref="userName"
xxf:default="xxf:get-request-header('orbeon-liferay-user-email')"/>
Finally to insert the form in Liferay, I used the orbeon proxy-portlet.war (no configuration in this side).
I see the form but field is still empty. Nothing is returned. I missed a step ?
FYI, I used: liferay-portal-6.1.1-ce-ga2 and orbeon-4.0.1.201303152357-PE (free trial license). Orbeon and Liferay are on 2 different server.
You might want to try a very recent version of Orbeon proxy portlet (4.1-ce from github), since the following issue got closed only a month ago:
https://github.com/orbeon/orbeon-forms/issues/886 "Proxy portlet: ability to configure forwarding of headers and parameters". Accordingly, the 4.01 version of Orbeon proxy portlet lacks this ability.

Resources