Plug-in Web pages, script files, images and other resources can be hosted in Elvis or on an external server. Elvis Server acts as a Web server for the resources hosted in the <config>/plugins folder.
Elvis supports folder based security configuration through webaccess.config.xml files placed within the plug-in folders. This article describes how to configure and use these Web access files.
Webaccess file format
File name: webaccess.config.xml
Placed in: any subfolder of the active plug-ins folder.
<webaccess public="true or false">
<requiredRoles>
<role>...</role>
<role>...</role>
</requiredRoles>
</webaccess>
- public. Set to 'true' to open up the contents of a folder for everyone Use this when there are no restrictions for accessing a Web page.
- requiredRoles. Grants users access to the contents of a folder if they have the specified Capabilities assigned, including custom capabilities. Use this for Web pages that are not public, such as pages used by an action plug-in.
Basic rules
When applying Web access files, take note of the following:
- The only folders hosted by the server are:
- <config>/plugins/active
- <config>/plugins/plugin_base
- Access is denied when a folder and its parent folders do not contain a Web access file.
- Security is applied hierarchically to the folder that contains the Web access file, including its sub folders. Web access files in sub folders are in this case ignored.
Management
Security changes are not directly applied when you add or modify a Web access file. The Web access files are loaded and re-loaded when plug-ins are loaded and re-loaded, meaning that they are loaded when the server is started. They can be manually reloaded in the Management Console.
Examples
Web access file examples.
Public access
<webaccess public="true"/>
Typical configuration for an action plug-in
<webaccess>
<requiredRoles>
<role>ROLE_WEB_CLIENT</role>
</requiredRoles>
</webaccess>
Custom capability
<webaccess>
<requiredRoles>
<role>ROLE_CUSTOM_MY_ACTION</role>
</requiredRoles>
</webaccess>
Multiple capabilities
<webaccess>
<requiredRoles>
<role>ROLE_DOWNLOAD</role>
<role>ROLE_CUSTOM_MY_WEB_INTERFACE</role>
</requiredRoles>
</webaccess>
Document history
- 31 July 2018: Updated section 'Typical configuration for an action plug-in' by changing ROLE_AIR_CLIENT to ROLE_WEB_CLIENT.
- 31 July 2018: Minor general changes and corrections to the text.
Comment
Do you have corrections or additional information about this article? Leave a comment! Do you have a question about what is described in this article? Please contact Support.
0 comments
Please sign in to leave a comment.