Plug-in Web pages, script files, images and other resources can be hosted in Elvis or on an external server. Elvis Server acts as a Web server for the resources hosted in the <config>/plugins folder.
Elvis supports folder based security configuration through webaccess.config.xml files placed within the plug-in folders. This article describes how to configure and use these Web access files.
Webaccess file format
File name: webaccess.config.xml
Placed in: any subfolder of the active plug-ins folder.
<webaccess public="true or false"> <requiredRoles> <role>...</role> <role>...</role> </requiredRoles> </webaccess>
The Web access file format supports 2 main functions:
- public="true", opens up the contents of a folder for everyone, useful if you do not have any restrictions in accessing a Web page.
- requiredRoles, opens up the contents of a folder if the currently logged in user has the specified capabilities assigned, these can also be custom capabilities. Using requiredRoles is useful for Web pages that are not public, such as pages used by an action plug-in.
When applying Web access files, take note of the following:
- The <config>/plugins/active folder and the <config>/plugins/plugin_base folder are the only folders hosted by the server.
- Access is denied when a folder and its parent folders do not contain a Web access file.
- Security is applied hierarchically to the folder the Web access file is in, including its sub folders, Web access files in sub folders are in this case ignored.
Security changes are not directly applied when you add or modify a Web access file. The Web access files are loaded and re-loaded when plug-ins are loaded and re-loaded, meaning tht they are loaded at server start-up. They can be manually reloaded in the Management Console.
Web access file examples.
Typical configuration for an action plug-in
<webaccess> <requiredRoles> <role>ROLE_AIR_CLIENT</role> </requiredRoles> </webaccess>
<webaccess> <requiredRoles> <role>ROLE_CUSTOM_MY_ACTION</role> </requiredRoles> </webaccess>
<webaccess> <requiredRoles> <role>ROLE_DOWNLOAD</role> <role>ROLE_CUSTOM_MY_WEB_INTERFACE</role> </requiredRoles> </webaccess>