WoodWing Help Center

Elvis 6 plug-ins introduction - Web access

Elvis 6 plug-ins introduction - Web access

Plug-in Web pages, script files, images and other resources can be hosted in Elvis or on an external server. Elvis Server acts as a Web server for the resources hosted in the <config>/plugins folder.

Elvis supports folder based security configuration through webaccess.config.xml files placed within the plug-in folders. This article describes how to configure and use these Web access files.

Webaccess file format

File name: webaccess.config.xml

Placed in: any subfolder of the active plug-ins folder.

<webaccess public="true or false">
    <requiredRoles>
        <role>...</role>
        <role>...</role>
    </requiredRoles>
</webaccess>

The Web access file format supports 2 main functions:

  1. public="true", opens up the contents of a folder for everyone, useful if you do not have any restrictions in accessing a Web page.
  2. requiredRoles, opens up the contents of a folder if the currently logged in user has the specified capabilities assigned, these can also be custom capabilities. Using requiredRoles is useful for Web pages that are not public, such as pages used by an action plug-in.

Basic rules

When applying Web access files, take note of the following:

  • The <config>/plugins/active folder and the <config>/plugins/plugin_base folder are the only folders hosted by the server.
  • Access is denied when a folder and its parent folders do not contain a Web access file.
  • Security is applied hierarchically to the folder the Web access file is in, including its sub folders, Web access files in sub folders are in this case ignored.

Management

Security changes are not directly applied when you add or modify a Web access file. The Web access files are loaded and re-loaded when plug-ins are loaded and re-loaded, meaning tht they are loaded at server start-up. They can be manually reloaded in the Management Console.

Examples

Web access file examples.

Public access

<webaccess public="true"/>

Typical configuration for an action plug-in

<webaccess>
    <requiredRoles>
        <role>ROLE_AIR_CLIENT</role>
    </requiredRoles>
</webaccess>

Custom capability

<webaccess>
    <requiredRoles>
        <role>ROLE_CUSTOM_MY_ACTION</role>
    </requiredRoles>
</webaccess>

Multiple capabilities

<webaccess>
    <requiredRoles>
        <role>ROLE_DOWNLOAD</role>
        <role>ROLE_CUSTOM_MY_WEB_INTERFACE</role>
    </requiredRoles>
</webaccess>
Was this article helpful?
0 out of 0 found this helpful / Created: / Updated:
Have more questions? Submit a request

0 Comments

Please sign in to leave a comment.